Solved Redirecting websites to ads in firefox, IE, google chrome, random pop up

Status
Not open for further replies.
S

sunbeam08

Posts: 78   +0
random ads pop up in new tabs and random times without clicking on anything. links for google searches redirected to a different website with ads.

i have ran malwarebyte, sophos, norton anti-virus, AVG. none have cleared the problem. i'm not very computer literate. detailed instructions would be much appreciated. thank you.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here's the Malwarebyte log. It says no malicious items were detected.



Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 5:46:53 PM
mbam-log-2010-12-17 (17-46-53).txt

Scan type: Quick scan
Objects scanned: 185667
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I'm on to the next step. However, I don't understand this instruction:

"Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver."

I know this is a dumb question, but what does 'real-time active protection' referring to? Where do you disable the firewall? Is there just one of them?

Thanks.
 
You don't want to disable your firewall.
Your AV program being disabled should do.
 
Spybot, but already disabled that. Is it recommened to use Spybot? I'm not even sure what it does, since I cannot really differentiate which ones to allow and which ones not to allow. I must be the most comp-illiterate blogger you have on this site. Thanks for the tip, will go on to the next step now.
 
I must be the most comp-illiterate blogger you have on this site
Click to expand...
No worries. We're here to help :)

Spybot is rather a tool of the past, so you won't miss anything, if you uninstall it.
 
The GMER seem not to have posted. Here's the log:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-17 18:33:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9500420AS rev.0002SDM1
Running: d4ox7wnw.exe; Driver: C:\DOCUME~1\camron\LOCALS~1\Temp\kwroyfoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 976772912 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A4A7292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A4A7292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A4A7292

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9500420AS_____________________________0002SDM1#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS.txt



DDS (Ver_10-12-12.02) - NTFSx86
Run by camron at 18:36:07.39 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.625 [GMT -8:00]

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\camron\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: AutorunsDisabled - No File
BHO: URLRedirectionBHO - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://sunbeam08.multiply.com/photos/uploader.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli csspwntfy

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-8-30 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-8-30 38912]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-6-28 46142]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-11-18 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]
R3 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-5-27 172032]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-8-5 57728]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-29 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2010-11-1 99248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-8-30 14976]

=============== Created Last 30 ================

2010-12-18 01:38:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 01:38:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 01:38:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 19:53:19 -------- d-----w- c:\docume~1\camron\applic~1\Avira
2010-12-15 04:54:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG
2010-12-13 01:55:54 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
2010-12-13 01:31:00 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
2010-12-13 01:25:34 -------- d-sh--w- c:\documents and settings\camron\IETldCache
2010-12-13 01:13:09 -------- dc-h--w- c:\windows\ie8
2010-12-10 04:27:54 -------- d-----w- c:\docume~1\camron\applic~1\AVG10
2010-12-10 04:26:46 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-10 04:25:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-10 04:25:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-10 04:24:42 -------- d-----w- c:\program files\AVG
2010-12-10 04:09:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-02 03:26:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 03:26:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-02 03:26:03 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-12-02 03:21:59 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-12-02 03:18:36 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
2010-12-01 07:30:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-01 07:30:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-24 23:22:53 6153352 ----a-w- c:\program files\malware-setup-1.46.exe

==================== Find3M ====================

2010-12-12 23:47:08 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2007-02-12 17:17:30 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
2006-12-03 20:28:42 6083152 ------w- c:\program files\SightSpeedInstall.exe
2006-11-29 22:53:06 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
2006-10-30 18:16:16 482288 ------w- c:\program files\YorkPhotoShow.exe
2006-09-05 10:30:45 3800811 ------w- c:\program files\wace265i.exe
2003-04-22 15:46:52 2719744 ------w- c:\program files\aiodrv.msi
2003-04-22 15:42:04 2588672 ------w- c:\program files\aiosw.msi
2003-03-10 02:30:44 184320 ----a-w- c:\program files\hpzscr07.dll
2003-03-10 02:30:42 274432 ----a-w- c:\program files\hpzglu07.exe
2003-03-10 02:30:42 237568 ----a-w- c:\program files\hpzc3212.dll
2002-09-09 23:48:20 22608 ----a-w- c:\program files\usbprint.sys
2002-09-09 23:48:12 12288 ----a-w- c:\program files\usbmon.dll
2002-09-09 23:47:52 254005 ----a-w- c:\program files\msvcrt.dll
2002-09-09 23:47:44 70656 ----a-w- c:\program files\msvcirt.dll
2002-09-09 23:47:00 212992 ----a-w- c:\program files\hpzpnp07.dll
2002-09-09 23:46:50 49212 ----a-w- c:\program files\hpzjvp01.dll
2002-09-09 23:46:42 249913 ----a-w- c:\program files\hpzjut01.dll
2002-09-09 23:46:32 417849 ----a-w- c:\program files\hpzjpp01.dll
2002-09-09 23:46:24 28722 ----a-w- c:\program files\hpzjlog.dll
2002-09-06 15:54:56 995383 ----a-w- c:\program files\MFC42.DLL

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9500420AS rev.0002SDM1 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4A7446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4ad504]; MOV EAX, [0x8a4ad580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A50BAB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000008c[0x8A5859E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A4C3D98]
\Driver\atapi[0x8A4EE2C0] -> IRP_MJ_CREATE -> 0x8A4A7446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9500420AS_____________________________0002SDM1#5&2c06044&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4A7292
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 18:37:39.75 ===============
 
Attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2006 10:49:37 PM
System Uptime: 12/17/2010 5:28:28 PM (1 hours ago)

Motherboard: IBM | | 25137BU
Processor: Intel(R) Pentium(R) M processor 1.86GHz | None | 1862/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 100 GiB total, 27.016 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 294 GiB total, 231.461 GiB free.
G: is FIXED (NTFS) - 51 GiB total, 12.681 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 11a/b/g Wireless LAN Mini PCI Express Adapter
Device ID: PCI\VEN_168C&DEV_1014&SUBSYS_058A1014&REV_01\4&275FD39B&0&00E3
Manufacturer: Atheros Communications Inc
Name: 11a/b/g Wireless LAN Mini PCI Express Adapter
PNP Device ID: PCI\VEN_168C&DEV_1014&SUBSYS_058A1014&REV_01\4&275FD39B&0&00E3
Service: AR5211

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Sierra Wireless 1xEV-DO Network Adapter
Device ID: SWMUXBUS\SW_NETEVDO01\6&12C83729&0&0&2
Manufacturer: Sierra Wireless
Name: Sierra Wireless 1xEV-DO Network Adapter
PNP Device ID: SWMUXBUS\SW_NETEVDO01\6&12C83729&0&0&2
Service: SWNC5E01

==== System Restore Points ===================

RP647: 9/20/2010 4:15:18 PM - System Checkpoint
RP648: 9/21/2010 7:14:20 PM - System Checkpoint
RP649: 9/22/2010 9:25:17 PM - System Checkpoint
RP650: 9/23/2010 9:46:39 PM - System Checkpoint
RP651: 9/25/2010 7:49:50 PM - System Checkpoint
RP652: 9/26/2010 8:32:40 PM - System Checkpoint
RP653: 9/28/2010 4:02:49 PM - System Checkpoint
RP654: 9/29/2010 8:56:33 PM - System Checkpoint
RP655: 9/30/2010 8:20:55 AM - Software Distribution Service 3.0
RP656: 10/1/2010 10:38:14 AM - System Checkpoint
RP657: 10/3/2010 7:38:03 AM - System Checkpoint
RP658: 10/4/2010 4:47:51 PM - System Checkpoint
RP659: 10/5/2010 5:16:43 PM - System Checkpoint
RP660: 10/7/2010 8:28:54 AM - Software Distribution Service 3.0
RP661: 10/8/2010 8:35:43 PM - System Checkpoint
RP662: 10/10/2010 4:06:27 PM - System Checkpoint
RP663: 10/12/2010 5:11:02 PM - System Checkpoint
RP664: 10/13/2010 7:37:01 AM - Software Distribution Service 3.0
RP665: 10/14/2010 9:45:06 AM - System Checkpoint
RP666: 10/15/2010 10:32:11 AM - System Checkpoint
RP667: 10/16/2010 8:15:01 PM - System Checkpoint
RP668: 10/17/2010 9:50:24 PM - System Checkpoint
RP669: 10/19/2010 8:31:09 AM - System Checkpoint
RP670: 10/20/2010 11:56:19 AM - System Checkpoint
RP671: 10/21/2010 2:16:25 PM - System Checkpoint
RP672: 10/23/2010 11:45:44 PM - System Checkpoint
RP673: 10/27/2010 4:49:40 PM - System Checkpoint
RP674: 10/31/2010 5:05:39 PM - System Checkpoint
RP675: 11/1/2010 6:03:28 PM - System Checkpoint
RP676: 11/2/2010 7:33:17 PM - System Checkpoint
RP677: 11/4/2010 8:31:10 AM - System Checkpoint
RP678: 11/8/2010 9:56:27 PM - System Checkpoint
RP679: 11/11/2010 6:33:50 AM - Software Distribution Service 3.0
RP680: 11/12/2010 4:18:55 PM - System Checkpoint
RP681: 11/14/2010 7:36:06 PM - System Checkpoint
RP682: 11/16/2010 5:05:23 AM - System Checkpoint
RP683: 11/17/2010 7:57:13 PM - System Checkpoint
RP684: 11/18/2010 8:02:19 PM - System Checkpoint
RP685: 11/20/2010 2:56:29 PM - System Checkpoint
RP686: 11/21/2010 3:16:10 PM - System Checkpoint
RP687: 11/22/2010 6:43:47 PM - System Checkpoint
RP688: 11/23/2010 7:23:39 PM - System Checkpoint
RP689: 11/24/2010 8:54:54 PM - System Checkpoint
RP690: 11/27/2010 5:09:39 PM - System Checkpoint
RP691: 11/28/2010 10:12:07 PM - System Checkpoint
RP692: 11/30/2010 6:24:02 PM - System Checkpoint
RP693: 12/2/2010 5:45:13 PM - System Checkpoint
RP694: 12/7/2010 7:21:03 PM - System Checkpoint
RP695: 12/9/2010 6:22:48 PM - System Checkpoint
RP696: 12/12/2010 7:11:44 PM - System Checkpoint
RP697: 12/17/2010 10:12:36 AM - Avira AntiVir Personal - 12/17/2010 10:11
RP698: 12/17/2010 2:27:57 PM - Removed AVG 2011
RP699: 12/17/2010 2:28:36 PM - Removed AVG 2011

==== Installed Programs ======================

32 Bit HP CIO Components Installer
AAC Decoder
Access Help
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Before You Know It 3.6
Bonjour
Byki
Byki Express for camron
Canon MP160
Coupon Printer for Windows
Diskeeper Lite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DLA
Facebook Plug-In
Fingerprint Tutorial
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Lenovo Battery Program
Lexmark 2500 Series
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Software Update for Web Folders (English) 14 (Beta)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
Monopoly by Parker Brothers
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
palmOne
Photosynth 2.0.1519.16
Productivity Center Supplement for ThinkPad
QuickTime
RealPlayer
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery - Client Security Solution
Rosetta Stone Ltd Services
Seagate*DiscWizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Sierra Wireless MC5720 Package for Access Connections
Skype™ 4.2
Software Installer
Sonic Express Labeler
Sonic Update Manager
Sophos Anti-Virus
Sophos AutoUpdate
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
System Migration Assistant 5.0
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Fingerprint Software 4.6.0
ThinkVantage Productivity Center
ThinkVantage System Update
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager for Lenovo
Wallpapers
WebFldrs XP
WinAce Archiver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Codec Pack
XP Themes
YouTube Downloader 2.6.1

==== Event Viewer Messages From Past Week ========

12/17/2010 2:58:22 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The ThinkVantage System Update service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Protector Suite Virtual Token service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The lxdd_device service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The ACU Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7034] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 2:58:21 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/17/2010 11:54:02 AM, error: SAVOnAccessFilter [63] - Failed to obtain volume information from mount manager.
12/17/2010 11:53:52 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SD Memory Card.
12/17/2010 10:39:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
12/16/2010 5:26:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/15/2010 7:18:20 PM, error: Service Control Manager [7001] - The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/14/2010 9:59:41 PM, information: Windows File Protection [64004] - The protected system file zclientm.exe could not be restored to its original, valid version. The file version of the bad file is 1.2.626.1 The specific error code is 0x00000426 [The service has not been started. ].
12/14/2010 8:34:46 PM, error: Service Control Manager [7022] - The Sophos AutoUpdate Service service hung on starting.
12/14/2010 8:32:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.
12/14/2010 8:32:54 PM, error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/14/2010 8:30:34 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/14/2010 10:15:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/13/2010 9:34:27 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
12/12/2010 3:46:33 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-832' (IDE\CdRomMATSHITA_DVD-RAM_UJ-832_________________1.00____\5&2ba179a6&0&0.0.0) disappeared from the system without first being prepared for removal.

==== End Of File ===========================
 
We have a rootkit here....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2010/12/17 18:46:30.0859 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/17 18:46:30.0859 ================================================================================
2010/12/17 18:46:30.0859 SystemInfo:
2010/12/17 18:46:30.0859
2010/12/17 18:46:30.0859 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/17 18:46:30.0859 Product type: Workstation
2010/12/17 18:46:30.0859 ComputerName: LENOVO-190B3298
2010/12/17 18:46:30.0859 UserName: camron
2010/12/17 18:46:30.0859 Windows directory: C:\WINDOWS
2010/12/17 18:46:30.0859 System windows directory: C:\WINDOWS
2010/12/17 18:46:30.0859 Processor architecture: Intel x86
2010/12/17 18:46:30.0859 Number of processors: 1
2010/12/17 18:46:30.0859 Page size: 0x1000
2010/12/17 18:46:30.0859 Boot type: Normal boot
2010/12/17 18:46:30.0859 ================================================================================
2010/12/17 18:46:31.0234 Initialize success
2010/12/17 18:46:46.0875 ================================================================================
2010/12/17 18:46:46.0875 Scan started
2010/12/17 18:46:46.0875 Mode: Manual;
2010/12/17 18:46:46.0875 ================================================================================
2010/12/17 18:46:48.0281 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/17 18:46:48.0359 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/17 18:46:48.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/17 18:46:48.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/17 18:46:48.0859 ADIHdAudAddService (f966521dee86995393a470e95ecaa9fa) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/12/17 18:46:48.0921 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/17 18:46:49.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/17 18:46:49.0062 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/17 18:46:49.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/17 18:46:49.0250 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/17 18:46:49.0343 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/17 18:46:49.0421 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/17 18:46:49.0484 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/17 18:46:49.0562 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/17 18:46:49.0625 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/17 18:46:49.0687 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/17 18:46:49.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/17 18:46:49.0828 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/17 18:46:49.0921 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/12/17 18:46:49.0984 AR5211 (732957c5d10c8960422bbdb4e74e7b1d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/12/17 18:46:50.0078 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/17 18:46:50.0140 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/17 18:46:50.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/17 18:46:50.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/17 18:46:50.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/17 18:46:50.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/17 18:46:50.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/17 18:46:50.0609 atmeltpm (78a6db2682cd5ca28395423ccf0ccfae) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2010/12/17 18:46:50.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/17 18:46:50.0718 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/17 18:46:50.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/17 18:46:50.0875 btaudio (d696dabc8cea46fb734471dfb7097e08) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/17 18:46:50.0953 BTDriver (8afe2f912542dabf638c1dcc5885f685) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/17 18:46:51.0046 BTKRNL (0026eff717c70bba7bcea6891e5878d5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/12/17 18:46:51.0140 BTWDNDIS (14a72d813bea2c400e941a928a7cca9f) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/12/17 18:46:51.0171 BTWUSB (5a12020259495bbad1b5e13e5c98671f) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/17 18:46:51.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/17 18:46:51.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/17 18:46:51.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/17 18:46:51.0359 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/17 18:46:51.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/17 18:46:51.0453 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/17 18:46:51.0546 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/17 18:46:51.0656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/17 18:46:51.0703 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/17 18:46:51.0734 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/17 18:46:51.0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/17 18:46:51.0843 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/17 18:46:51.0906 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/17 18:46:51.0968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/17 18:46:52.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/17 18:46:52.0140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/17 18:46:52.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/17 18:46:52.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/17 18:46:52.0312 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/12/17 18:46:52.0359 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/12/17 18:46:52.0390 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/12/17 18:46:52.0421 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/17 18:46:52.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/17 18:46:52.0500 drvmcdb (0196321f41476fc1fe6b0b7c37a6051e) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/12/17 18:46:52.0546 drvnddm (273061d90d4af7c1539e8102c7f458b5) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/12/17 18:46:52.0593 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/17 18:46:52.0640 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2010/12/17 18:46:52.0703 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/17 18:46:52.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/17 18:46:52.0828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/17 18:46:52.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/17 18:46:52.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/17 18:46:52.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/17 18:46:53.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/17 18:46:53.0109 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/17 18:46:53.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/17 18:46:53.0218 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/17 18:46:53.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/17 18:46:53.0312 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/17 18:46:53.0359 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/17 18:46:53.0406 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/17 18:46:53.0453 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/17 18:46:53.0500 HSFHWAZL (b9f870fd21dcab419ca6d7bf879adcc0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/12/17 18:46:53.0593 HSF_DPV (68115bb0fa4cba6e2eaf16d652f559d5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/17 18:46:53.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/17 18:46:53.0765 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/17 18:46:53.0812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/17 18:46:53.0859 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/17 18:46:53.0968 ialm (56cc37c0eaa5255d90f989e84e5e7663) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/17 18:46:54.0046 ibmfilter (d4193760493da47d4d4580589e27f0ca) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/12/17 18:46:54.0109 IBMPMDRV (ca94a78eaf5cce1066fcc3df11e706dc) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/12/17 18:46:54.0171 IBMTPCHK (e11c235daf96e4ce5a60e2aa09a902e2) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2010/12/17 18:46:54.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/17 18:46:54.0281 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/17 18:46:54.0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/17 18:46:54.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/17 18:46:54.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/17 18:46:54.0453 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/17 18:46:54.0484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/17 18:46:54.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/17 18:46:54.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/17 18:46:54.0625 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/17 18:46:54.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/17 18:46:54.0718 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/17 18:46:54.0750 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/12/17 18:46:54.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/17 18:46:54.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/17 18:46:54.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/17 18:46:55.0125 LVUSBSta (09bb09ed89f38998267647a1ad4da9ed) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/12/17 18:46:55.0218 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/17 18:46:55.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/17 18:46:55.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/17 18:46:55.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/17 18:46:55.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/17 18:46:55.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/17 18:46:55.0531 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/17 18:46:55.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/17 18:46:55.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/17 18:46:55.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/17 18:46:55.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/17 18:46:55.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/17 18:46:55.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/17 18:46:55.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/17 18:46:55.0921 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/17 18:46:55.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/17 18:46:56.0000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/17 18:46:56.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/17 18:46:56.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/17 18:46:56.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/17 18:46:56.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/17 18:46:56.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/17 18:46:56.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/17 18:46:56.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/17 18:46:56.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/17 18:46:56.0531 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/17 18:46:56.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/17 18:46:56.0609 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/12/17 18:46:56.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/17 18:46:56.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/17 18:46:56.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/17 18:46:56.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/17 18:46:57.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/17 18:46:57.0140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/17 18:46:57.0218 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/12/17 18:46:57.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/17 18:46:57.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/17 18:46:57.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/17 18:46:57.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/17 18:46:57.0453 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/17 18:46:57.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/17 18:46:57.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/17 18:46:57.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/17 18:46:57.0828 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/12/17 18:46:57.0890 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/17 18:46:57.0968 PrivateDisk (c120b205614de6bd2a85c51cc77d69f0) C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
2010/12/17 18:46:58.0062 PROCDD (884228979a63a63799b48a2926481ea1) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/12/17 18:46:58.0093 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/17 18:46:58.0140 psadd (045f099f312492f8c0a2dfe10df69d52) C:\WINDOWS\system32\Drivers\psadd.sys
2010/12/17 18:46:58.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/17 18:46:58.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/17 18:46:58.0265 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/17 18:46:58.0328 QCMerced (d8ec7e2fbf3b8d66ff8f435338be41fe) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/12/17 18:46:58.0390 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/17 18:46:58.0421 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/17 18:46:58.0468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/17 18:46:58.0515 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/17 18:46:58.0546 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/17 18:46:58.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/17 18:46:58.0640 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/17 18:46:58.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/17 18:46:58.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/17 18:46:58.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/17 18:46:58.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/17 18:46:58.0890 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/17 18:46:58.0953 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/17 18:46:59.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/17 18:46:59.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/17 18:46:59.0218 SAVOnAccessControl (4041f1ab46a96a45ae4ac52cdc8c7a6c) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2010/12/17 18:46:59.0265 SAVOnAccessFilter (6ccde94e1a04fcd919ad7d6d0746f9bc) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2010/12/17 18:46:59.0312 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/17 18:46:59.0359 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/17 18:46:59.0406 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/17 18:46:59.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/17 18:46:59.0515 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/17 18:46:59.0546 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/17 18:46:59.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/17 18:46:59.0656 ShockMgr (a50f0e56ec9cd5fefcfa328a56e0e059) C:\WINDOWS\system32\drivers\ShockMgr.sys
2010/12/17 18:46:59.0703 Shockprf (621ff0dc997978a1289c55fa9058e18d) C:\WINDOWS\system32\drivers\Shockprf.sys
2010/12/17 18:46:59.0781 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/17 18:46:59.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/17 18:46:59.0859 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/12/17 18:46:59.0921 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2010/12/17 18:46:59.0953 SmiHlp (1d47b56f3da50248f167d15cc1d03a03) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2010/12/17 18:47:00.0015 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/17 18:47:00.0093 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/12/17 18:47:00.0171 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2010/12/17 18:47:00.0218 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/17 18:47:00.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/17 18:47:00.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/17 18:47:00.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/17 18:47:00.0421 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/12/17 18:47:00.0453 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/12/17 18:47:00.0515 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/17 18:47:00.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/17 18:47:00.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/17 18:47:00.0625 swmx01 (4e8e19f3fba3a1e5de6de9782b1dd683) C:\WINDOWS\system32\DRIVERS\swmx01.sys
2010/12/17 18:47:00.0671 SWNC5E01 (6afe9a256c21fb32f9047cde1f6f426a) C:\WINDOWS\system32\DRIVERS\SWNC5E01.sys
2010/12/17 18:47:00.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/17 18:47:00.0750 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/17 18:47:00.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/17 18:47:00.0828 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/17 18:47:00.0875 SynTP (b7bf027587e0c1b905cfd2330ec1fadd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/17 18:47:00.0906 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/17 18:47:00.0968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/17 18:47:01.0078 TcUsb (63e7729e6ebc6f136f648d293b2ffaac) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/12/17 18:47:01.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/17 18:47:01.0203 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/17 18:47:01.0281 TDSMAPI (e9512ac82fff83808549267078b38fe5) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/12/17 18:47:01.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/17 18:47:01.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/17 18:47:01.0500 tfsnboio (9acc8b321ac40d09f8ede8c86e125da3) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/12/17 18:47:01.0531 tfsncofs (de9189d99ebcbbab2b31b6b09c9c3009) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/12/17 18:47:01.0578 tfsndrct (61ad01c2e8365608831f46a7bf85a4c8) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/12/17 18:47:01.0609 tfsndres (0d3463ada11b5cd081e49f74a79d7458) C:\WINDOWS\system32\dla\tfsndres.sys
2010/12/17 18:47:01.0656 tfsnifs (760d69f3bd16de68b235ba9cafab5dd1) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/12/17 18:47:01.0703 tfsnopio (1e2ad02f3557e18d4b77ccc20d370318) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/12/17 18:47:01.0734 tfsnpool (3e43969d4d7f9140483d150fa35d4c72) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/12/17 18:47:01.0765 tfsnudf (07b9263a4f470c75bd4c54871e6072e7) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/12/17 18:47:01.0796 tfsnudfa (f2c9d20d32d782b3f311a5b256d83803) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/12/17 18:47:01.0843 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/17 18:47:01.0875 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/17 18:47:01.0937 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/17 18:47:02.0031 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2010/12/17 18:47:02.0109 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/12/17 18:47:02.0171 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/12/17 18:47:02.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/17 18:47:02.0296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/17 18:47:02.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/17 18:47:02.0453 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/17 18:47:02.0500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/17 18:47:02.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/17 18:47:02.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/17 18:47:02.0671 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/17 18:47:02.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/17 18:47:02.0750 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/17 18:47:02.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/17 18:47:02.0843 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/17 18:47:02.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/17 18:47:02.0937 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/17 18:47:02.0984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/17 18:47:03.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/17 18:47:03.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/17 18:47:03.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/17 18:47:03.0296 winachsf (47b8b41687dd9e9fff4be7827751cfa1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/17 18:47:03.0453 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/17 18:47:03.0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/17 18:47:03.0625 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/17 18:47:03.0625 ================================================================================
2010/12/17 18:47:03.0625 Scan finished
2010/12/17 18:47:03.0625 ================================================================================
2010/12/17 18:47:03.0656 Detected object count: 1
2010/12/17 18:47:18.0781 \HardDisk0 - will be cured after reboot
2010/12/17 18:47:18.0781 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/17 18:47:45.0000 Deinitialize success
 
http://en.wikipedia.org/wiki/Rootkit

Is your computer feeling better now?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Just searched for the same thing that the searched for on Google about 20 minutes ago (redirected at the time of course), and it's not redirecting the site :). Definitely feeling better. I noticed this on the log:

12/14/2010 8:34:46 PM, error: Service Control Manager [7022] - The Sophos AutoUpdate Service service hung on starting.

Can you help me fix that problem also? It has become an annoyance.
 
ComboFix 10-12-16.05 - camron 12/17/2010 19:33:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.897 [GMT -8:00]
Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 01:38 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 01:38 . 2010-12-18 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 01:38 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 19:53 . 2010-12-17 19:53 -------- d-----w- c:\documents and settings\camron\Application Data\Avira
2010-12-15 04:54 . 2010-12-15 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2010-12-14 06:49 . 2010-12-14 06:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-12-13 01:55 . 2010-12-13 01:55 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
2010-12-13 01:34 . 2010-12-13 01:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-13 01:31 . 2010-12-13 01:31 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
2010-12-13 01:25 . 2010-12-13 01:25 -------- d-sh--w- c:\documents and settings\camron\IETldCache
2010-12-13 01:24 . 2010-12-13 01:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-13 01:13 . 2010-12-13 01:18 -------- dc-h--w- c:\windows\ie8
2010-12-10 04:27 . 2010-12-10 04:27 -------- d-----w- c:\documents and settings\camron\Application Data\AVG10
2010-12-10 04:26 . 2010-12-10 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-10 04:25 . 2010-12-17 22:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-10 04:24 . 2010-12-16 06:04 -------- d-----w- c:\program files\AVG
2010-12-10 04:09 . 2010-12-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-02 03:30 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-12-02 03:21 . 2010-12-02 03:22 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-12-02 03:18 . 2010-12-14 06:57 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-01 07:30 . 2010-12-01 07:30 -------- d-----w- c:\program files\Windows Sidebar
2010-12-01 07:30 . 2010-12-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-01 01:29 . 2010-12-01 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-24 23:22 . 2010-11-24 23:24 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
2010-11-24 22:21 . 2010-11-24 22:21 -------- d-----w- c:\documents and settings\mom\Application Data\Malwarebytes
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 23:47 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Google Chrome now targets ads based on your browser history, here's how to turn that off
Replies
10
Views
635
trieste1s
T
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
628
Feng Lengshun
F
D
Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, c/windows/syswows64/dllhost.exe
2
Replies
25
Views
5K
allant
A

Latest posts

Back