Inactive IE and Firefox crashes/Google redirect?

[Silver78]

Having a problem with Internet explorer 7 and 8 as well as Firefox 4 - automatically shutting down when typing in search engines.

Ran couple of programs to scan and clean (most of which are now uninstalled). Now also having other issues such as general display properties switching from the usual XP appearance to older 'classic' looking start bars/buttons and windows, etc. Firewall is also being disabled and when restarting Firewall/Internet Connection Sharing (ICS) it's only temporary. More recently now also is being unable to connect to Wireless router (although other devices are able to).

Any help much appreciated.

Here are the logs:

_______________________________________________

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6697

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/06/2011 19:19:45
mbam-log-2011-06-07 (19-19-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 237860
Time elapsed: 38 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

___________________________________________

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-07 19:25:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST96812AS rev.8.04
Running: 16fl30y9.exe; Driver: C:\DOCUME~1\Manager\LOCALS~1\Temp\kwdyakow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86D3853B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86D3853B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86D3853B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 86D3853B

---- EOF - GMER 1.0.15 ----
_______________________________________

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Manager at 21:44:15 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.464 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E3215F20-3212-11D6-9F8B-00D0B743919D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\manager\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\manager\application data\leadertech\powerregister\Seagate 2GE2924M Product Registration.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175004690421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7BCF4583-D434-42A5-A6ED-DF941F0B1EB5} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\manager\application data\mozilla\firefox\profiles\mdvh54bh.default\
FF - plugin: c:\program files\adobe\reader 8.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-5 61960]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-14 689464]
.
=============== Created Last 30 ================
.
2011-06-05 21:40:54 -------- d-----w- c:\documents and settings\manager\application data\Avira
2011-06-05 21:30:54 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:30:53 -------- d-----w- c:\program files\Avira
2011-06-05 21:30:53 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-06-05 19:35:22 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-05 19:32:00 -------- d-----w- c:\windows\system32\appmgmt
2011-06-05 18:26:50 -------- d-sh--w- c:\documents and settings\manager\IECompatCache
2011-06-05 18:23:39 -------- d-sh--w- c:\documents and settings\manager\PrivacIE
2011-06-05 18:22:09 -------- d-sh--w- c:\documents and settings\manager\IETldCache
2011-06-05 18:17:06 -------- dc-h--w- c:\windows\ie8
2011-05-29 22:14:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-29 22:14:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-26 11:03:12 -------- d-----w- c:\windows\system32\NtmsData
2011-05-21 14:56:06 -------- d-sh--w- C:\found.000
2011-05-21 14:32:24 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-05-21 03:59:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-21 03:59:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 02:35:04 -------- d-----w- c:\documents and settings\manager\application data\Malwarebytes
2011-05-21 02:34:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 02:34:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-21 02:34:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 02:34:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 02:11:06 -------- d-----w- c:\documents and settings\manager\application data\6A0213806059A36A68CD3E05CD71C89F
2011-05-14 18:55:16 -------- d-----w- c:\program files\Virgin Media
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST96812AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D386F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86d3ea10]; MOV EAX, [0x86d3ea8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86DA7528]
3 CLASSPNP[0xF767DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x86DCDF18]
5 ACPI[0xF7514620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86CF9940]
\Driver\atapi[0x86D0C270] -> IRP_MJ_CREATE -> 0x86D386F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D3853B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:45:36.60 ===============

___________________________________________________



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 27/03/2007 14:59:24
System Uptime: 07/06/2011 14:47:26 (7 hours ago)
.
Motherboard: Dell Inc. | | 0NF743
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 28.874 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 21/05/2011 04:31:36 - System Checkpoint
RP2: 21/05/2011 04:58:10 - Restore Operation
RP3: 21/05/2011 15:32:16 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP4: 22/05/2011 18:27:09 - System Checkpoint
RP5: 23/05/2011 18:56:52 - System Checkpoint
RP6: 05/06/2011 19:18:36 - Installed Windows Internet Explorer 8.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.4
ALPS Touch Pad Driver
Avira AntiVir Personal - Free Antivirus
Broadcom Management Programs
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
D-i-v-X AVI Codec Pack Pro 2.4.0
Dell Support 3.2.1
Digital Line Detect
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei Modems
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 4.0.0 (Full)
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 4.0.1 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
PowerDVD 5.7
QuickSet
Reason 4.0
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Seagate Manager Installer
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Unlocker 1.8.8
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Virgin Media Service Manager 3.7.47
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Winmail Opener 1.4
WinRAR archiver
ZipCentral 4.01
.
==== Event Viewer Messages From Past Week ========
.
05/06/2011 13:48:37, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
05/06/2011 13:12:35, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
01/06/2011 05:48:34, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
01/06/2011 05:46:04, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

____________________________________________________________

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware, but you may have system problems also.

You do have a rootkit so let's work on that first:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

==========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==========================================
Please be sure and note this:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

You're running quite a few unnecessary processes in the background, including some Dell preloads. We'll work on that after the system is clean.

 

[Silver78]

Thanks for the response, here is the log from Combofix...
_____________________________________________

ComboFix 11-06-07.03 - Manager 09/06/2011 2:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.647 [GMT 1:00]
Running from: c:\documents and settings\Manager\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Manager\Application Data\Adobe\plugs
c:\documents and settings\Manager\Application Data\Adobe\shed
c:\documents and settings\Manager\Application Data\alot
c:\documents and settings\Manager\Application Data\alot\TimerManager\TimerManager.xml
c:\windows\system32\1302026650.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 01:08 . 2011-06-09 01:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-05 21:40 . 2011-06-05 21:40 -------- d-----w- c:\documents and settings\Manager\Application Data\Avira
2011-06-05 21:30 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:30 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:30 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:30 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\program files\Avira
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 19:35 . 2011-06-05 19:35 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-sh--w- c:\documents and settings\Manager\IECompatCache
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\Manager\PrivacIE
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-05 18:22 . 2011-06-05 18:22 -------- d-sh--w- c:\documents and settings\Manager\IETldCache
2011-06-05 18:17 . 2011-06-05 18:19 -------- dc-h--w- c:\windows\ie8
2011-06-05 18:12 . 2011-06-09 01:00 -------- d-----w- c:\documents and settings\Manager\Application Data\U3
2011-05-30 00:56 . 2011-05-30 00:56 -------- d-----w- c:\documents and settings\Manager\Local Settings\Application Data\Mozilla
2011-05-29 22:14 . 2011-05-30 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-29 22:14 . 2011-05-29 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-26 11:03 . 2011-06-05 22:36 -------- d-----w- c:\windows\system32\NtmsData
2011-05-21 14:56 . 2011-05-21 14:56 -------- d-----w- C:\found.000
2011-05-21 14:32 . 2011-06-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-05-21 04:47 . 2011-05-21 04:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-21 03:59 . 2011-05-21 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 02:35 . 2011-05-21 02:35 -------- d-----w- c:\documents and settings\Manager\Application Data\Malwarebytes
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-21 02:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 02:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 02:11 . 2011-05-21 03:13 -------- d-----w- c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F
2011-05-14 18:55 . 2011-05-14 18:55 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:41 . 2011-05-30 00:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Manager\Start Menu\Programs\Startup\
Seagate 2GE2924M Product Registration.lnk - c:\documents and settings\Manager\Application Data\Leadertech\PowerRegister\Seagate 2GE2924M Product Registration.exe [2009-8-21 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-12 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2011 22:30 136360]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [14/05/2011 19:55 689464]
.
.
------- Supplementary Scan -------
.

 

[Bobbye]

It is important that you do the scans in the order I give them:

Number 1:

You do have a rootkit so let's work on that first:

It appears that you ran this: C:\TDSSKiller_Quarantine but you did not leave the log.

Number 2: The Combofix log is not complete. Please run the TDSSKiller first, then update and rescan with Combofix. This log does not end here: ------- Supplementary Scan -------

Please be sure to include both full logs.

 

[Silver78]

Sorry, here are the two logs in full....

please also note (not sure if its relevant) but when I was running the scans and even since then, I regularly get a window popping up stating that; 'Generic Host Process for Win32 Services encountered a problem and needed to close.'

TDSSKiller log (the first and only one I ran - have not run another one since).



2011/06/09 02:05:25.0343 2996 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 02:05:25.0359 2996 ================================================================================
2011/06/09 02:05:25.0359 2996 SystemInfo:
2011/06/09 02:05:25.0359 2996
2011/06/09 02:05:25.0359 2996 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/09 02:05:25.0359 2996 Product type: Workstation
2011/06/09 02:05:25.0359 2996 ComputerName: EYL0012LAP005
2011/06/09 02:05:25.0359 2996 UserName: Manager
2011/06/09 02:05:25.0359 2996 Windows directory: C:\WINDOWS
2011/06/09 02:05:25.0359 2996 System windows directory: C:\WINDOWS
2011/06/09 02:05:25.0359 2996 Processor architecture: Intel x86
2011/06/09 02:05:25.0359 2996 Number of processors: 2
2011/06/09 02:05:25.0359 2996 Page size: 0x1000
2011/06/09 02:05:25.0359 2996 Boot type: Normal boot
2011/06/09 02:05:25.0359 2996 ================================================================================
2011/06/09 02:05:25.0781 2996 Initialize success
2011/06/09 02:05:45.0625 3760 ================================================================================
2011/06/09 02:05:45.0625 3760 Scan started
2011/06/09 02:05:45.0625 3760 Mode: Manual;
2011/06/09 02:05:45.0625 3760 ================================================================================
2011/06/09 02:05:46.0671 3760 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/09 02:05:46.0765 3760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/09 02:05:46.0812 3760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/09 02:05:46.0890 3760 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/09 02:05:46.0921 3760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/09 02:05:47.0000 3760 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/09 02:05:47.0062 3760 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/09 02:05:47.0140 3760 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/09 02:05:47.0156 3760 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/09 02:05:47.0187 3760 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/09 02:05:47.0203 3760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/09 02:05:47.0234 3760 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/09 02:05:47.0265 3760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/09 02:05:47.0296 3760 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/09 02:05:47.0312 3760 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/09 02:05:47.0343 3760 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/09 02:05:47.0390 3760 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/09 02:05:47.0453 3760 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/09 02:05:47.0500 3760 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/09 02:05:47.0531 3760 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/09 02:05:47.0546 3760 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/09 02:05:47.0578 3760 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/09 02:05:47.0625 3760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/09 02:05:47.0671 3760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/09 02:05:47.0734 3760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/09 02:05:47.0796 3760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/09 02:05:47.0984 3760 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/09 02:05:48.0125 3760 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/09 02:05:48.0203 3760 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/09 02:05:48.0312 3760 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/09 02:05:48.0375 3760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/09 02:05:48.0421 3760 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/09 02:05:48.0437 3760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/09 02:05:48.0500 3760 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/09 02:05:48.0531 3760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/09 02:05:48.0593 3760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/09 02:05:48.0656 3760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/09 02:05:48.0734 3760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/09 02:05:48.0781 3760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/09 02:05:48.0812 3760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/09 02:05:48.0843 3760 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/09 02:05:48.0906 3760 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/09 02:05:48.0921 3760 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/09 02:05:49.0000 3760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/09 02:05:49.0062 3760 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/09 02:05:49.0078 3760 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/09 02:05:49.0109 3760 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/09 02:05:49.0140 3760 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/09 02:05:49.0156 3760 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/09 02:05:49.0171 3760 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/09 02:05:49.0203 3760 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/09 02:05:49.0218 3760 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/09 02:05:49.0234 3760 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/09 02:05:49.0312 3760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/09 02:05:49.0375 3760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/09 02:05:49.0406 3760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/09 02:05:49.0421 3760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/09 02:05:49.0453 3760 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/09 02:05:49.0484 3760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/09 02:05:49.0546 3760 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/09 02:05:49.0562 3760 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/09 02:05:49.0750 3760 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/06/09 02:05:49.0906 3760 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/09 02:05:50.0062 3760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/09 02:05:50.0156 3760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/09 02:05:50.0203 3760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/09 02:05:50.0250 3760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/09 02:05:50.0312 3760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/09 02:05:50.0343 3760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/09 02:05:50.0375 3760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/09 02:05:50.0406 3760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/09 02:05:50.0437 3760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/09 02:05:50.0500 3760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/09 02:05:50.0531 3760 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/09 02:05:50.0671 3760 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/06/09 02:05:50.0781 3760 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/06/09 02:05:50.0843 3760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/09 02:05:50.0906 3760 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/09 02:05:50.0953 3760 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/09 02:05:50.0984 3760 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/09 02:05:51.0031 3760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/09 02:05:51.0109 3760 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/09 02:05:51.0203 3760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/09 02:05:51.0250 3760 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/09 02:05:51.0281 3760 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/09 02:05:51.0328 3760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/09 02:05:51.0375 3760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/09 02:05:51.0421 3760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/09 02:05:51.0453 3760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/09 02:05:51.0500 3760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/09 02:05:51.0531 3760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/09 02:05:51.0562 3760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/09 02:05:51.0640 3760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/09 02:05:51.0687 3760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/09 02:05:51.0718 3760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/09 02:05:51.0781 3760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/09 02:05:51.0890 3760 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/09 02:05:51.0921 3760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/09 02:05:51.0984 3760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/09 02:05:52.0031 3760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/09 02:05:52.0078 3760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/09 02:05:52.0125 3760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/09 02:05:52.0171 3760 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/09 02:05:52.0187 3760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/09 02:05:52.0265 3760 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/09 02:05:52.0312 3760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/09 02:05:52.0375 3760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/09 02:05:52.0390 3760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/09 02:05:52.0421 3760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/09 02:05:52.0453 3760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/09 02:05:52.0484 3760 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/09 02:05:52.0531 3760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/09 02:05:52.0562 3760 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/09 02:05:52.0593 3760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/09 02:05:52.0625 3760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/09 02:05:52.0687 3760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/09 02:05:52.0703 3760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/09 02:05:52.0750 3760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/09 02:05:52.0875 3760 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/06/09 02:05:53.0015 3760 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/09 02:05:53.0062 3760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/09 02:05:53.0109 3760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/09 02:05:53.0187 3760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/09 02:05:53.0281 3760 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/09 02:05:53.0375 3760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/09 02:05:53.0406 3760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/09 02:05:53.0453 3760 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/09 02:05:53.0500 3760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/09 02:05:53.0531 3760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/09 02:05:53.0562 3760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/09 02:05:53.0578 3760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/09 02:05:53.0734 3760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/09 02:05:53.0750 3760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/09 02:05:53.0875 3760 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/09 02:05:53.0906 3760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/09 02:05:53.0968 3760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/09 02:05:54.0000 3760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/09 02:05:54.0031 3760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/09 02:05:54.0078 3760 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/09 02:05:54.0125 3760 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/09 02:05:54.0140 3760 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/09 02:05:54.0156 3760 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/09 02:05:54.0187 3760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/09 02:05:54.0218 3760 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/09 02:05:54.0250 3760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/09 02:05:54.0296 3760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/09 02:05:54.0328 3760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/09 02:05:54.0343 3760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/09 02:05:54.0375 3760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/09 02:05:54.0390 3760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/09 02:05:54.0421 3760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/09 02:05:54.0468 3760 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/09 02:05:54.0515 3760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/09 02:05:54.0640 3760 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/09 02:05:54.0718 3760 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2011/06/09 02:05:54.0750 3760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/09 02:05:54.0812 3760 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/09 02:05:54.0828 3760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/09 02:05:54.0890 3760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/09 02:05:54.0984 3760 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/09 02:05:55.0031 3760 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/09 02:05:55.0078 3760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/09 02:05:55.0125 3760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/09 02:05:55.0171 3760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/09 02:05:55.0218 3760 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/09 02:05:55.0328 3760 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/09 02:05:55.0437 3760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/09 02:05:55.0468 3760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/09 02:05:55.0531 3760 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/09 02:05:55.0546 3760 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/09 02:05:55.0609 3760 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/09 02:05:55.0640 3760 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/09 02:05:55.0687 3760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/09 02:05:55.0765 3760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/09 02:05:55.0812 3760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/09 02:05:55.0859 3760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/09 02:05:55.0890 3760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/09 02:05:55.0968 3760 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/09 02:05:56.0015 3760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/09 02:05:56.0062 3760 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/09 02:05:56.0171 3760 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/09 02:05:56.0265 3760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/09 02:05:56.0343 3760 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/09 02:05:56.0390 3760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/09 02:05:56.0421 3760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/09 02:05:56.0453 3760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/09 02:05:56.0484 3760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/09 02:05:56.0531 3760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/09 02:05:56.0562 3760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/09 02:05:56.0656 3760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/09 02:05:56.0718 3760 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/09 02:05:56.0750 3760 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/09 02:05:56.0781 3760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 02:05:56.0843 3760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/09 02:05:56.0890 3760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/09 02:05:56.0984 3760 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/06/09 02:05:57.0046 3760 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/09 02:05:57.0125 3760 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/09 02:05:57.0125 3760 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/09 02:05:57.0125 3760 ================================================================================
2011/06/09 02:05:57.0125 3760 Scan finished
2011/06/09 02:05:57.0125 3760 ================================================================================
2011/06/09 02:05:57.0140 3420 Detected object count: 1
2011/06/09 02:05:57.0140 3420 Actual detected object count: 1
2011/06/09 02:08:02.0500 3420 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/09 02:08:02.0500 3420 \Device\Harddisk0\DR0 - copied to quarantine
2011/06/09 02:08:02.0500 3420 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/09 02:08:02.0546 3420 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
2011/06/09 02:08:02.0578 3420 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
2011/06/09 02:08:02.0578 3420 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
2011/06/09 02:08:02.0593 3420 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
2011/06/09 02:08:02.0593 3420 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
2011/06/09 02:08:02.0593 3420 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
2011/06/09 02:08:02.0609 3420 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
2011/06/09 02:08:02.0609 3420 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
2011/06/09 02:08:02.0625 3420 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
2011/06/09 02:08:02.0640 3420 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
2011/06/09 02:08:02.0671 3420 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
2011/06/09 02:08:02.0671 3420 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Quarantine
2011/06/09 02:12:19.0578 1640 Deinitialize success

 

[Silver78]

Combofix log:



ComboFix 11-06-07.03 - Manager 09/06/2011 2:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.647 [GMT 1:00]
Running from: c:\documents and settings\Manager\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Manager\Application Data\Adobe\plugs
c:\documents and settings\Manager\Application Data\Adobe\shed
c:\documents and settings\Manager\Application Data\alot
c:\documents and settings\Manager\Application Data\alot\TimerManager\TimerManager.xml
c:\windows\system32\1302026650.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 01:08 . 2011-06-09 01:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-05 21:40 . 2011-06-05 21:40 -------- d-----w- c:\documents and settings\Manager\Application Data\Avira
2011-06-05 21:30 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:30 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:30 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:30 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\program files\Avira
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 19:35 . 2011-06-05 19:35 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-sh--w- c:\documents and settings\Manager\IECompatCache
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\Manager\PrivacIE
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-05 18:22 . 2011-06-05 18:22 -------- d-sh--w- c:\documents and settings\Manager\IETldCache
2011-06-05 18:17 . 2011-06-05 18:19 -------- dc-h--w- c:\windows\ie8
2011-06-05 18:12 . 2011-06-09 01:00 -------- d-----w- c:\documents and settings\Manager\Application Data\U3
2011-05-30 00:56 . 2011-05-30 00:56 -------- d-----w- c:\documents and settings\Manager\Local Settings\Application Data\Mozilla
2011-05-29 22:14 . 2011-05-30 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-29 22:14 . 2011-05-29 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-26 11:03 . 2011-06-05 22:36 -------- d-----w- c:\windows\system32\NtmsData
2011-05-21 14:56 . 2011-05-21 14:56 -------- d-----w- C:\found.000
2011-05-21 14:32 . 2011-06-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-05-21 04:47 . 2011-05-21 04:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-21 03:59 . 2011-05-21 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 02:35 . 2011-05-21 02:35 -------- d-----w- c:\documents and settings\Manager\Application Data\Malwarebytes
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-21 02:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 02:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 02:11 . 2011-05-21 03:13 -------- d-----w- c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F
2011-05-14 18:55 . 2011-05-14 18:55 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:41 . 2011-05-30 00:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Manager\Start Menu\Programs\Startup\
Seagate 2GE2924M Product Registration.lnk - c:\documents and settings\Manager\Application Data\Leadertech\PowerRegister\Seagate 2GE2924M Product Registration.exe [2009-8-21 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-12 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2011 22:30 136360]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [14/05/2011 19:55 689464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Manager\Application Data\Mozilla\Firefox\Profiles\mdvh54bh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-mekomdo - (no file)
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 02:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST96812AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D2E53B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-604322290-1607540692-1261844187-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-06-09 02:46:46
ComboFix-quarantined-files.txt 2011-06-09 01:46
.
Pre-Run: 31,405,879,296 bytes free
Post-Run: 31,617,503,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 06D58962F8573EFD25F3CE5ED608B333

 

[Silver78]

Also, Sound/audio has stopped working, saying that there is no audio device, as well as being unable to play video and requiring an adobe update.

 

[Bobbye]

IE and Firefox crashes/Google redirect?/Internet explorer 7 and 8 as well as Firefox 4 - automatically shutting down when typing in search engines.

You are questioning a redirect. A browser crash is not a redirect. A redirect is when you choose a site from a search and get a different site instead- usually 'search', adware or spyware related.

"I regularly get a window popping up stating that; 'Generic Host Process for Win32 Services encountered a problem and needed to close.

These 'generic host services' are part of the operating system. For an unknown reason, one or more of them isn't working at all or is having some problem.

This always makes my hair stand up straight:

Ran couple of programs to scan and clean (most of which are now uninstalled).

No telling what you ran, what was found, what was removed or even if what was done was correct!

1. Browser crashes
2. Display properties changing
3. Firewall disabled
4. Problem connecting to wireless router
5. Sound/Audio no working.
You did have a rootkit infection. It is possible that some of the files were corrupted. A basic Error Check may fix this or indicate further action.

Right click on the Taskbar> Explore> My Computer> Right click on the Local Drive(C)> Properties> Tools> Error Check> Check both boxes on the screen that comes up> Click on Apply> OK the message that comes up> Reboot the Computer.

The Error Checking will begin in a few seconds. Note: If this is not part of your usual maintenance, it is going to take a while. It's important that you let it finish. The system will reboot when done.

It's important that you do not run any other scanning or cleaning programs while I'm helping you.

See if that makes any difference in how the system works. If there are any new messages or anything different happens, please let me know what it is.

 

[Silver78]

Had previously tried Stopzilla (uninstalled), Spybot search & destroy (still installed, and have reports), Malwarebytes Anti-malware, Avira Antivirus, but reinstalled the last two from the links in the guide. Stopzilla kept picking up a 'Downloader.C' file which it couldn't remove and the other programs weren't even picking up. Number of other viruses removed and some items/registry keys quarantined.

Sorry, wish I had found the guide earlier, but i do appreciate the help.
Tried the error checking. Ran ok. No new messages or noticing anything different. Still experiencing the same symptoms as listed before:

1. Browser crashes
2. Display properties changing
3. Firewall disabled
4. Problem connecting to wireless router*
5. Sound/Audio no working.

*Connection to wireless router works when restarting the laptop, but once it goes into standby/power saving mode, it no longer works/connects regardless of what I try.

Any idea what I may be able to try next?

 

[Bobbye]

Check these Service settings:

Click on Start> Run> type in services.msc> enter> find each of the following and double click to open> set Startup Type as given:
Computer Browser> Set startup type to Manual
Server> Set Startup type to Automatic>>> Note: If Server is already set to Automatic, change it to Manual.

Reboot the computer. See if this solved the 'access denied'.
====================================
Please also go ahead and run the following:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================
I'll be going over the Combofix log.

 

[Bobbye]

When finished with previous instructions:

You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
===========================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\documents and settings\Manager\Application Data\Leadertech\PowerRegister\Seagate 2GE2924M Product Registration.exe 
Folder::
C:\found.000
DirLook::
c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F
c:\documents and settings\Manager\Application Data\U3
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: {E3215F20-3212-11D6-9F8B-00D0B743919D} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
StartupFolder: c:\docume~1\manager\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\manager\application data\leadertech\powerregister\Seagate 2GE2924M Product Registration.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.

 

[Silver78]

completed 'services.msc' step. Audio appeared to be functioning ok after I did this.

Ran ESETScan, here is the log:
______________________________


C:\Documents and Settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0003.dta Win32/Olmarik.ADZ trojan
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0007.dta Win64/Olmarik.R trojan
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan
C:\TDSSKiller_Quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0009.dta Win32/Olmarik.ACQ trojan


_________________________________________


Then completed java step (removing old and installing new), and Combofix step...

Here is the combofix log:


_____________________________________

ComboFix 11-06-16.01 - Manager 16/06/2011 22:37:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.654 [GMT 1:00]
Running from: c:\documents and settings\Manager\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Manager\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
FILE ::
"c:\documents and settings\Manager\Application Data\Leadertech\PowerRegister\Seagate 2GE2924M Product Registration.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\manager\startm~1\programs\startup\seagat~1.lnk
c:\documents and settings\manager\application data\leadertech\powerregister\Seagate 2GE2924M Product Registration.exe
C:\found.000
c:\found.000\file0000.chk
c:\program files\bae\BAE.dll
c:\windows\system32\dla\DLASHX_W.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 15:47 . 2011-06-16 15:47 -------- d-----w- c:\program files\ESET
2011-06-13 19:15 . 2011-06-13 19:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 01:08 . 2011-06-09 01:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-05 21:40 . 2011-06-05 21:40 -------- d-----w- c:\documents and settings\Manager\Application Data\Avira
2011-06-05 21:30 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:30 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:30 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:30 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\program files\Avira
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 19:35 . 2011-06-05 19:35 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-sh--w- c:\documents and settings\Manager\IECompatCache
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\Manager\PrivacIE
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-05 18:22 . 2011-06-05 18:22 -------- d-sh--w- c:\documents and settings\Manager\IETldCache
2011-06-05 18:17 . 2011-06-05 18:19 -------- dc-h--w- c:\windows\ie8
2011-06-05 18:12 . 2011-06-09 01:00 -------- d-----w- c:\documents and settings\Manager\Application Data\U3
2011-05-30 00:56 . 2011-05-30 00:56 -------- d-----w- c:\documents and settings\Manager\Local Settings\Application Data\Mozilla
2011-05-29 22:14 . 2011-05-30 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-29 22:14 . 2011-05-29 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-26 11:03 . 2011-06-05 22:36 -------- d-----w- c:\windows\system32\NtmsData
2011-05-21 14:32 . 2011-06-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-05-21 04:47 . 2011-05-21 04:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-21 03:59 . 2011-05-21 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 02:35 . 2011-05-21 02:35 -------- d-----w- c:\documents and settings\Manager\Application Data\Malwarebytes
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-21 02:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 02:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 02:11 . 2011-05-21 03:13 -------- d-----w- c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 21:13 . 2010-08-23 02:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 21:13 . 2010-08-23 02:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:41 . 2011-05-30 00:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F ----
.
2011-05-21 02:11 . 2011-05-21 02:11 26602 ----a-w- c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F\local.ini
.
---- Directory of c:\documents and settings\Manager\Application Data\U3 ----
.
2011-06-07 20:42 . 2005-06-06 09:29 110592 ----a-w- c:\documents and settings\Manager\Application Data\U3\temp\cleanup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-09_01.43.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-06-09 01:28 . 2011-06-09 01:28 16384 c:\windows\Temp\Perflib_Perfdata_110.dat
+ 2011-06-16 21:33 . 2011-06-16 21:33 16384 c:\windows\Temp\Perflib_Perfdata_110.dat
+ 2011-06-13 19:15 . 2011-06-13 19:15 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 157472 c:\windows\system32\javaws.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 145184 c:\windows\system32\javaw.exe
- 2010-08-23 02:14 . 2010-08-23 02:14 145184 c:\windows\system32\javaw.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 145184 c:\windows\system32\java.exe
- 2010-08-23 02:14 . 2010-08-23 02:14 145184 c:\windows\system32\java.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 203776 c:\windows\Installer\1d49ab.msi
+ 2011-06-16 21:13 . 2011-06-16 21:13 675840 c:\windows\Installer\1d499d.msi
+ 2011-06-13 19:15 . 2011-06-13 19:15 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-12 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mekomdo]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2011 22:30 136360]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [14/05/2011 19:55 689464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Manager\Application Data\Mozilla\Firefox\Profiles\mdvh54bh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 22:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Manager\LOCALS~1\Temp\RGI1.tmp 7075 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST96812AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CB853B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-604322290-1607540692-1261844187-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-06-16 22:52:52
ComboFix-quarantined-files.txt 2011-06-16 21:52
.
Pre-Run: 31,352,930,304 bytes free
Post-Run: 31,369,125,888 bytes free
.
- - End Of File - - DC0D72E7F9015871E11C16CF5DDD357D




_______________________________________________________________


Appreciating the help on the matter....

 

[Bobbye]

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Documents and Settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F\local.ini 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\documents and settings\Manager\Application Data\U3\temp\cleanup.exe
c:\docume~1\Manager\LOCALS~1\Temp\RGI1.tmp
c:\windows\Temp\Perflib_Perfdata_110.dat
c:\windows\Temp\Perflib_Perfdata_110.dat

Folder::
C:\TDSSKiller_Quarantine
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mekomdo]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please give me an upate on the problems. Have they been resolved?

 

[Silver78]

OTM log:
____________________________

All processes killed
========== FILES ==========
C:\Documents and Settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F\local.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Manager
->Temp folder emptied: 4737321 bytes
->Temporary Internet Files folder emptied: 35872105 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83592641 bytes
->Flash cache emptied: 172444 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 15 bytes
->Flash cache emptied: 6893 bytes

User: PAYP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: RRansley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06192011_002106

Files moved on Reboot...

Registry entries deleted on Reboot...

_______________________________________

 

[Silver78]

New combofix log:

_________________________________

ComboFix 11-06-17.04 - Manager 19/06/2011 0:54.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.648 [GMT 1:00]
Running from: c:\documents and settings\Manager\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Manager\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
FILE ::
"c:\docume~1\Manager\LOCALS~1\Temp\RGI1.tmp"
"c:\documents and settings\Manager\Application Data\U3\temp\cleanup.exe"
"c:\windows\Temp\Perflib_Perfdata_110.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Manager\Application Data\U3\temp\cleanup.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\mbr0000\object.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\object.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\09.06.2011_02.05.25\boot0000\tdlfs0000\tsk0010.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-18 23:21 . 2011-06-18 23:21 -------- d-----w- C:\_OTM
2011-06-16 15:47 . 2011-06-16 15:47 -------- d-----w- c:\program files\ESET
2011-06-13 19:15 . 2011-06-13 19:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-05 21:40 . 2011-06-05 21:40 -------- d-----w- c:\documents and settings\Manager\Application Data\Avira
2011-06-05 21:30 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:30 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:30 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:30 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\program files\Avira
2011-06-05 21:30 . 2011-06-05 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 19:35 . 2011-06-05 19:35 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-sh--w- c:\documents and settings\Manager\IECompatCache
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\Manager\PrivacIE
2011-06-05 18:23 . 2011-06-05 18:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-05 18:22 . 2011-06-05 18:22 -------- d-sh--w- c:\documents and settings\Manager\IETldCache
2011-06-05 18:17 . 2011-06-05 18:19 -------- dc-h--w- c:\windows\ie8
2011-06-05 18:12 . 2011-06-09 01:00 -------- d-----w- c:\documents and settings\Manager\Application Data\U3
2011-05-30 00:56 . 2011-05-30 00:56 -------- d-----w- c:\documents and settings\Manager\Local Settings\Application Data\Mozilla
2011-05-29 22:14 . 2011-05-30 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-29 22:14 . 2011-05-29 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-26 11:03 . 2011-06-18 12:30 -------- d-----w- c:\windows\system32\NtmsData
2011-05-21 14:32 . 2011-06-05 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-05-21 04:47 . 2011-05-21 04:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-21 03:59 . 2011-05-21 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 02:35 . 2011-05-21 02:35 -------- d-----w- c:\documents and settings\Manager\Application Data\Malwarebytes
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-21 02:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 02:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 02:34 . 2011-05-21 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 02:11 . 2011-06-18 23:21 -------- d-----w- c:\documents and settings\Manager\Application Data\6A0213806059A36A68CD3E05CD71C89F
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 21:13 . 2010-08-23 02:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 21:13 . 2010-08-23 02:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:41 . 2011-05-30 00:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-09_01.43.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-18 23:51 . 2011-06-18 23:51 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2011-06-13 19:15 . 2011-06-13 19:15 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 157472 c:\windows\system32\javaws.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 145184 c:\windows\system32\javaw.exe
- 2010-08-23 02:14 . 2010-08-23 02:14 145184 c:\windows\system32\javaw.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 145184 c:\windows\system32\java.exe
- 2010-08-23 02:14 . 2010-08-23 02:14 145184 c:\windows\system32\java.exe
+ 2011-06-16 21:13 . 2011-06-16 21:13 203776 c:\windows\Installer\1d49ab.msi
+ 2011-06-16 21:13 . 2011-06-16 21:13 675840 c:\windows\Installer\1d499d.msi
+ 2011-06-13 19:15 . 2011-06-13 19:15 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-12 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mekomdo]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2011 22:30 136360]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [14/05/2011 19:55 689464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Manager\Application Data\Mozilla\Firefox\Profiles\mdvh54bh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 01:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST96812AS rev.8.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CB653B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-604322290-1607540692-1261844187-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-06-19 01:10:11
ComboFix-quarantined-files.txt 2011-06-19 00:10
.
Pre-Run: 31,255,449,600 bytes free
Post-Run: 31,249,297,408 bytes free
.
- - End Of File - - 717577FDD7BE3A5DFA6BEF20D74D015F


_______________________________________________________







Update on what has been fixed/not:

1. Browser crashes - this is still happening.

2. Display properties changing - seems OK so far, although this did happen again after the last combofix step, but have not noticed it again yet after the last restart I performed.

3. Firewall disabled - now fixed and up and running.

4. Problem connecting to wireless router - seems to be connecting fine at the moment.

5. Sound/Audio no working - seems to be working ok at the moment.

Also still getting the 'Generic Host Process for Win32 Services' encountering a problem and needing to close.


Will let you know if anything changes as to what has been reported above.

 

[Silver78]

1. Browser crashes - this is still happening.
2. Display properties changing - seems OK so far, although this did happen again after the last combofix step, but have not noticed it again yet after the last restart I performed.
3. Firewall disabled - now fixed and up and running.
4. Problem connecting to wireless router - seems to be connecting fine at the moment.
5. Sound/Audio no working - seems to be working ok at the moment.

Also still getting the 'Generic Host Process for Win32 Services' encountering a problem and needing to close.

Will let you know if anything changes as to what has been reported above.

Still encountering the same problems with 1, 2, 4 and 5.

Appearance changes, internet browser crashes after when going to certain sites or carrying out searches, and once stepping away from the machine for a short while, the internet connection is in use by another program and I cannot connect to my wireless router. This only gets resolved when I restart the machine. Also having the same problem with sound device/audio again.

 

[Bobbye]

Run this please:
Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

Run this in Normal Mode.
(Courtesy rev-Olie)
=========================================

nternet browser crashes after when going to certain sites

The same sites? When browser crashes, what actully happens?

Do you know what this device is?

Read A device attached to the system is not functioning.

=========================================
I'd also like you to check the Device Manager.
Using Safe Mode and Device Manager to troubleshoot.

1) Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

2) Access the Device Manager: Control Panel> System> Hardware tab> Device Manager

• Double-click (or highlight a device> Properties> This will show Device Status and Device Usage
• Disable the drivers for the following devices (if present) using theDevice Usage for each
  [o] Display Adapters
  [o] Floppy Disk Controllers
  [o] Hard Disk Controllers
  [o] Keyboard
  [o] Mouse
  [o] Network Adapters
  [o] PCMCIA Socket
  [o] Ports
  [o] SCSI Controllers
  [o] Sound, Video, and Game Controllers
  
  This icon
  
  appears on devices that aren't responding or whose drivers aren't installed properly.
  This icon
  
  appears on devices that have been disabled.

3) Reboot the computer into normal mode.

• If the computer successfully boots into normal mode, reenable half of the device drivers that were disabled and reboot.
• Continue rebooting and reenabling successively more devices until Windows no longer boots normally.
• One of the device drivers in the most recently reenabled group of drivers is causing the problem.

 

[Silver78]

Hi Bobbye,

In answer to your questions,

1. Internet browser closes whenever I type into a search engine (typically google, but have also tried others) and press enter/submit. Ocassionally when I am on another site and I search something, it will also close. When I restart the browser or even laptop, and try to resume the previous page I was on, it will also close. A couple of times (but not always) when I have clicked on a recent link in the address bar (such as techspot mainpage) it will make my browser just exit/disappear. This has also happened when I tried to go back to the techspot forum page (and this thread). This did appear with one or two sites prior to starting this thread, but cannot recall exactly which websites they were (sorry). I now tend to just type the webpage into the address bar or navigate by clicking on links.

2. No idea what 'Read A device' is that was meant to be attached to the system, nor why it is not functioning. Did not have anything in the drives, did not have my external hard drive plugged in. Don't think I would have left a USB stick in there either, but if you want I can always carry out the scan again to see if it comes up again.

I ran VEW (and have pasted the log below). Am about to carry out the Device Manager instructions. But just had a quick question. If I am meant to be disabling/reenabling device drivers until the laptop can no longer successfully boot up, how am I meant to work with it/get passed that?


First time I ran VEW, I got the following error message/warning pop up:

VEWv01c

Run-time error '429':

ActiveX component can't create object

[OK]

then restarted and ran again (this time disabling Firewall/Antivirus just in case it was intefering). This time it ran successfully.

 

[Silver78]

VEW log created:


Vino's Event Viewer v01c run on Windows XP in English
Report run at 20/06/2011 22:13:17

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/06/2011 13:43:03
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 19/06/2011 01:29:46
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 19/06/2011 01:01:46
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 19/06/2011 00:34:10
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 18/06/2011 20:00:34
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 18/06/2011 11:58:44
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 16/06/2011 21:51:32
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

 

[Silver78]

Log: 'Application' Date/Time: 17/06/2011 14:37:35
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 17/06/2011 08:27:58
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 16/06/2011 23:12:32
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 16/06/2011 22:43:56
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

 

[Silver78]

Am trying to post the rest of the log - initially thought it would not post as it made the post too long (hence why I have split it). But there is something in the next part of the log that will not allow me to submit the post. Have managed to get it posted but have removed the address as listed in the log. Have replaced it with the section in bold:




Log: 'Application' Date/Time: 16/06/2011 16:47:23
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <then there is an address> with error: This network connection does not exist.

Log: 'Application' Date/Time: 16/06/2011 16:47:23
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <then there is an address> with error: The connection with the server was terminated abnormally

Log: 'Application' Date/Time: 16/06/2011 16:11:01
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 16/06/2011 15:53:56
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 16/06/2011 14:21:45
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 15/06/2011 23:09:26
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 15/06/2011 22:10:22
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 15/06/2011 21:47:49
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.

Log: 'Application' Date/Time: 14/06/2011 16:36:45
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x001a6f95.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/06/2011 21:42:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 21:30:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 21:20:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 21:10:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 21:08:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:58:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:48:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:46:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:42:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:38:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:36:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:32:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:28:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:26:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:20:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:18:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:12:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:06:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 20:04:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/06/2011 19:58:15
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

 

[Silver78]

The missing address is:


<http://www.download.something.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 

[Silver78]

the something is made up of two separate words (no spaces between them):

windows

and

update



Took a while to figure out that those two words cannot be submitted in a reply - as it keeps on coming up with an error message. Why is that?

 

[Silver78]

Carried out Device Manager instructions. After reenabling the first set of devices (although did not reenable any network adapters), I restarted in normal mode and in Device Manager it shows an extra network adapter that has just appeared and is not disabled like the rest. It was labelled '1394 Net Adapter'.

Only changes noticed was that the issue with appearance (from xp theme to classic appearance) was still present. Was unable to test internet browser crashes as had disabled those ones. Also still getting Win32 error message.

Disabled the newly appeared Network Adapter, reenabled a number of other devices and then restarted again. All items on screen flashed a couple of times and appearance changed to classic theme (this is how it usually switches when I have previously encountered this problem). But it then returned to XP theme a couple of minutes later. Sound problem is also present despite reenabling the sound, video and game controllers on this most recent restart.

Reenabled more devices (mainly network adapters). When doing so, a number of them were disappearing from the list of network adapters. (Was originally 8 network adapters - then went to 9 after rebooting, and now reduced to only 3 after reenabling them).

After another reboot, still having problems connecting to wireless router.

Lastly disabled secondary IDE channel (did not have the option to disable any others from IDE ATA/ATAPI controllers; serial ATA storage controller or the primary IDE channel). Audio was working ok, connected to wireless router fine, haven't yet noticed a change in appearance. However, internet browser still crashing/exiting. Upon restart, tried to click on the link for Techspot website in recent addresses and browser instantly shut down.

Lastly I reenabled the secondary IDE channel. And restarted into normal mode. Seems to be connecting OK to wireless router, audio is working, not noticed changes in appearance (yet). Still having problem with internet browser exiting/crashing. Happened again just now when trying to navigate to this thread. When I clicked on the link for this thread, the browser just shut down. After reopening internet browser a couple of times I have managed to get back to this thread.

Also still getting Win32 error message.

 

[Bobbye]

I am not a hardware person. But I have assembled some information for you, based on logs entries and error events:

The DCOM errors that are timing out are due to server performance:
Most of the components which are failing or performing slowly are the basic system components only. For instance:These multiple errors>>
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
The GUID {8BC3F05E-D86B-11D0-A075-00C04FB68820} is the CLSID for WMI.(Windows Management Instrumentation.
The GUID {BA126AD1-2166-11D1-B1D0-00805FC1270E} is the CLISID (class id) for Network Connection Manager

Both have DCOM in common:>>

Check the permissions on the HKCR\CLSID registry key. By default this is how the permission on that key should look like:
http://blogs.msdn.com/blogfiles/distributedservices/WindowsLiveWriter/DCOMError10010intheEventlogsandSLUGGISHs_91E1/image_thumb.png[/b]
If it does not, you will see that the USERS group is not listed in the ACL list for this registry key. You might see an account with the name RESTRICTED listed out there. To fix the problem, you can configure the ACLS on the HKCR\CLSID key in the default way. For Windows 2003, [B]this is how the default permissions on the HKCR\CLSID should look[/B]:
[QUOTE]1. Administrators – FULL CONTROL
2. Power Users – READ
3. SYSTEM – FULL CONTROL
4. Users – READ [/QUOTE]

After making the registry change, you have to reboot the machine so that the programs can access the registry during the startup and hence function properly.
Credit to msdn.com

If this does not resolve the errors, see this section: [URL="http://blogs.msdn.com/b/distributedservices/archive/2009/01/21/dcom-error-10010-in-the-event-logs-and-sluggish-server-performance.aspx"][B][COLOR="RoyalBlue"]Please Note.[/COLOR][/B][/URL]
========================================
I will leave you this also- although you may be ahead of me on it:
[URL="http://www.pcguide.com/ref/hdd/if/ide/confChannels-c.html"][B][COLOR="RoyalBlue"]IDE/ATA Channels and Resource Usage[/COLOR][/B][/URL]