Solved Virus disables mcafee, malwarebites, and avira

Status
Not open for further replies.
M

mgetlik

Posts: 68   +0
This one has me stumped. all tools are shut down after 10 seconds by this one. please help. attached are the logs
 

Attachments

  • Attach.zip
    11.9 KB · Views: 3
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
logs pasted..

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-30 22:32:03
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3160828AS rev.8.03
Running: pfnse0jh.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdapow.sys


---- Threads - GMER 1.0.15 ----

Thread System [4:116] F773A9B0
Thread System [4:120] F7752D68
Thread System [4:140] F769CCEA

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] vbma841d <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/29/2011 9:48:44 AM
System Uptime: 1/30/2011 10:23:40 PM (0 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 76.9 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP12: 1/29/2011 11:42:34 AM - Software Distribution Service 3.0
RP13: 1/29/2011 1:36:00 PM - Software Distribution Service 3.0
RP14: 1/29/2011 1:41:31 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT-PRT22
Bonjour
Business Contact Manager for Microsoft Outlook 2010
CameraHelperMsi
Cars - Radiator Springs Adventures
CCleaner
CCScore
CharlottesWeb (remove only)
Compatibility Pack for the 2007 Office system
Cooking Academy
CouponBar
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Content Portal
Direct Show Ogg Vorbis Filter (remove only)
DocumentViewerQFolder
Doggie Dash (remove only)
Dream Day Honeymoon (remove only)
Dream Day Wedding (remove only)
Dress Shop Hop (remove only)
e-Sword
EarthLink setup files
EducateU
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
eSupportQFolder
Fairy Godmother Tycoon (remove only)
Fast Browser Search (My Face LOL)
FullDPAppQFolder
Google Toolbar for Internet Explorer
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
HP Update
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 6 Update 23
JS World 2nd Grade
JSWorld2GMain
JSWPFCom
JSWPFGrade2
Junk Mail filter update
Kids Cam Show and Share Creativity Center
Kitty Luv v1.8
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Choice Guard
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Middle School Reading
Modem Event Monitor
Monopoly Here & Now Edition (remove only)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NHRA Drag Racing
OfotoXMI
Perfect Optimizer 5.2
PowerDVD 5.5
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Puppy Luv
QuickTime
QuickTime 3.0
RealPlayer
Rocky & Bullwinkle's Know-It-All Quiz Game
Safari
Samsung Master
SanDisk TransferMate
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
SFR
SHASTA
skin0001
SKINXSDK
SMV transcoder 3.4
Sonic Encoders
SpaceStationSim
Sql Server Customer Experience Improvement Program
staticcr
Subtextual for Microsoft Office Outlook
SureThing Decal Maker
Teacher's Toolbox 4.0
Teddy Factory
The Game Of Life
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual Studio Tools for the Office system 3.0 Runtime
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
WIRELESS
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

1/26/2011 7:10:25 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/26/2011 7:07:39 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/26/2011 7:00:57 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/26/2011 6:23:37 AM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/26/2011 6:11:51 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: Access is denied.
1/26/2011 6:11:51 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/26/2011 6:11:26 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/26/2011 6:03:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi
1/26/2011 6:02:17 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: Access is denied.
1/26/2011 6:02:17 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
1/26/2011 6:02:16 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
1/26/2011 6:02:09 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '000000c0.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
1/25/2011 9:01:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/25/2011 9:01:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/25/2011 8:49:39 AM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 8:42:51 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f070: Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904).
1/25/2011 8:42:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB973686).
1/25/2011 8:38:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
1/25/2011 8:38:38 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 8:29:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
1/25/2011 8:29:37 PM, error: NtServicePack [4373] - Windows XP KB942288-v3 installation failed.
An internal error occurred.
1/25/2011 8:29:09 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f070: Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295).
1/25/2011 8:28:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:40 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:28:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/25/2011 8:17:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Microsoft Windows Installer 3.1.
1/25/2011 8:17:46 PM, error: NtServicePack [4373] - Windows XP KB942288-v3 installation failed.
An internal error occurred.
1/25/2011 8:17:32 PM, error: NtServicePack [4373] - Windows XP KB942288-v3 installation failed.
An internal error occurred.
1/25/2011 8:07:12 PM, error: NtServicePack [4373] - Windows XP KB942288-v3 installation failed.
An internal error occurred.
1/25/2011 7:56:53 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '00000001.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
1/25/2011 7:45:52 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
1/25/2011 7:37:36 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Microsoft Windows Installer 3.1.
1/25/2011 7:37:31 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 7:37:03 PM, error: Service Control Manager [7034] - The McAfee Security Scan Component Host Service service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 7:03:15 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 7:00:36 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 6:49:43 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 6:45:11 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 6:35:54 PM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 6:13:48 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 6:13:48 AM, error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 6:13:48 AM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 6:13:48 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/25/2011 11:00:31 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
1/25/2011 10:59:25 AM, error: Windows Installer 3.1 [4373] - Windows Installer KB893803v2 installation failed.
An internal error occurred.
1/25/2011 10:57:04 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/24/2011 1:12:37 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +165393940 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.97:123->207.46.197.32:123) is working properly.

==== End Of File ===========================




DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Administrator at 22:43:43.28 on Sun 01/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1740 [GMT -5:00]

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\0download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [trioService] "c:\progra~1\freeze.com\3d falling leaves\\trioService.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_23.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://www.facefun.com/FaceFun_webinstall/FaceFun_product.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295959555953
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://centerforwritingexcellence.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 214664]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-18 54752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-26 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-7-13 93320]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-13 359952]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-13 144704]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-7-13 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-13 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-13 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-01-31 03:22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 03:22:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 03:22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 13:01:27 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira
2011-01-30 02:52:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-30 02:43:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-01-29 23:56:25 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-01-29 23:55:39 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-01-29 19:49:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-29 16:41:45 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2011-01-29 16:22:55 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-29 16:22:17 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-29 16:13:16 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-29 16:13:16 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-29 16:13:16 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-29 16:13:15 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-29 16:12:47 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-01-29 16:12:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-29 16:12:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-29 16:12:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-29 16:12:23 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-29 16:12:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-29 16:12:23 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-29 16:12:23 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-29 16:12:00 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-01-29 16:12:00 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-01-29 15:30:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-29 15:09:25 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-01-29 14:47:59 30208 -c--a-w- c:\windows\system32\dllcache\sm81w.dll
2011-01-29 14:46:58 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2011-01-29 14:41:14 16384 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-29 14:41:12 131072 ----a-w- c:\windows\system32\mscoree.dll
2011-01-29 14:20:49 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-29 14:20:49 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-29 14:20:49 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-29 14:20:49 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-29 14:20:42 22339 ----a-r- c:\windows\SET116.tmp
2011-01-29 14:20:42 10559 ----a-r- c:\windows\SET117.tmp
2011-01-29 14:20:30 13753 ----a-r- c:\windows\SETD2.tmp
2011-01-29 14:20:26 1086058 ----a-r- c:\windows\SETC6.tmp
2011-01-29 14:20:26 106147 ----a-r- c:\windows\SETC3.tmp
2011-01-29 12:06:49 2855 ----a-w- c:\windows\system32\msiexec.PIF
2011-01-28 00:51:06 -------- d-----w- c:\program files\FixCleaner
2011-01-28 00:14:46 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2011-01-28 00:12:38 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-01-27 00:55:17 297808 ----a-w- c:\windows\mscoree.dll
2011-01-26 00:08:38 -------- d-----w- c:\program files\Perfect Optimizer
2011-01-25 23:50:33 -------- d-----w- C:\0download
2011-01-25 23:48:04 -------- d-----w- C:\wuagent
2011-01-25 23:37:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-25 13:21:44 -------- d-----w- c:\program files\CCleaner
2011-01-25 04:52:19 -------- d-s---w- c:\windows\Downloaded Program Files
2011-01-25 04:51:50 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-25 04:51:50 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-01-25 01:58:30 22339 ----a-w- c:\windows\SET114.tmp
2011-01-25 01:58:30 10559 ----a-w- c:\windows\SET115.tmp
2011-01-25 01:58:19 13753 ----a-w- c:\windows\SETD1.tmp
2011-01-25 01:58:17 1086058 ----a-w- c:\windows\SETC5.tmp
2011-01-25 01:58:16 106147 ----a-w- c:\windows\SETC2.tmp
2011-01-25 00:22:12 -------- d-----w- c:\windows\system32\CatRoot_bak

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-17 23:44:36 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160828AS rev.8.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A56C9C0]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4CB3F0]
\Driver\Disk[0x8A0CC310] -> IRP_MJ_CREATE -> 0xF769C134
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
user & kernel MBR OK

============= FINISH: 22:44:00.60 ===============
 
Malwarebytes log is missing, but before you go there, we're dealing with a rootkit here.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
tdss log

2011/01/31 18:32:26.0750 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 18:32:26.0750 ================================================================================
2011/01/31 18:32:26.0750 SystemInfo:
2011/01/31 18:32:26.0750
2011/01/31 18:32:26.0750 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/31 18:32:26.0750 Product type: Workstation
2011/01/31 18:32:26.0750 ComputerName: 9R9TY81
2011/01/31 18:32:26.0750 UserName: R. Victor Trense II
2011/01/31 18:32:26.0750 Windows directory: C:\WINDOWS
2011/01/31 18:32:26.0750 System windows directory: C:\WINDOWS
2011/01/31 18:32:26.0750 Processor architecture: Intel x86
2011/01/31 18:32:26.0750 Number of processors: 1
2011/01/31 18:32:26.0765 Page size: 0x1000
2011/01/31 18:32:26.0765 Boot type: Normal boot
2011/01/31 18:32:26.0765 ================================================================================
2011/01/31 18:32:27.0109 Initialize success
2011/01/31 18:32:41.0656 ================================================================================
2011/01/31 18:32:41.0656 Scan started
2011/01/31 18:32:41.0656 Mode: Manual;
2011/01/31 18:32:41.0656 ================================================================================
2011/01/31 18:32:42.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/31 18:32:42.0265 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/31 18:32:42.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/31 18:32:42.0359 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/31 18:32:42.0437 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/31 18:32:42.0500 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/31 18:32:42.0562 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/31 18:32:42.0593 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/31 18:32:42.0640 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/31 18:32:42.0687 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/31 18:32:42.0734 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/31 18:32:42.0765 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/31 18:32:42.0828 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/31 18:32:42.0859 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/31 18:32:42.0890 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/31 18:32:42.0937 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/31 18:32:42.0968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/31 18:32:43.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/31 18:32:43.0078 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/31 18:32:43.0125 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/31 18:32:43.0203 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/31 18:32:43.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/31 18:32:43.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/31 18:32:43.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/31 18:32:43.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/31 18:32:43.0468 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/31 18:32:43.0500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/31 18:32:43.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/31 18:32:43.0609 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/31 18:32:43.0671 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/31 18:32:43.0734 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/31 18:32:43.0828 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/31 18:32:43.0906 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/31 18:32:43.0953 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/31 18:32:44.0015 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/31 18:32:44.0125 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/31 18:32:44.0156 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/01/31 18:32:44.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/31 18:32:44.0250 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/31 18:32:44.0312 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/31 18:32:44.0359 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/31 18:32:44.0546 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/01/31 18:32:44.0609 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/01/31 18:32:44.0625 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/31 18:32:44.0703 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/31 18:32:44.0765 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/31 18:32:44.0812 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/01/31 18:32:44.0843 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/31 18:32:44.0875 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/31 18:32:44.0937 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/31 18:32:45.0000 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/31 18:32:45.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/31 18:32:45.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/31 18:32:45.0140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 18:32:45.0187 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/31 18:32:45.0265 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/31 18:32:45.0312 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/31 18:32:45.0359 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/31 18:32:45.0406 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/31 18:32:45.0468 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/31 18:32:45.0515 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/31 18:32:45.0578 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/31 18:32:45.0640 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/31 18:32:45.0703 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/31 18:32:45.0781 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/31 18:32:45.0859 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/31 18:32:45.0968 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/31 18:32:46.0187 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/31 18:32:46.0343 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/01/31 18:32:46.0421 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/01/31 18:32:46.0484 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/01/31 18:32:46.0531 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/31 18:32:46.0593 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/31 18:32:46.0656 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/31 18:32:46.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/31 18:32:46.0750 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/31 18:32:46.0796 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/31 18:32:46.0875 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/31 18:32:46.0937 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/31 18:32:46.0984 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/31 18:32:47.0046 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/31 18:32:47.0078 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/31 18:32:47.0156 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/31 18:32:47.0234 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/31 18:32:47.0328 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/01/31 18:32:47.0406 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/01/31 18:32:47.0453 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/01/31 18:32:47.0718 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/01/31 18:32:48.0031 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/01/31 18:32:48.0078 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/01/31 18:32:48.0140 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/01/31 18:32:48.0203 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/01/31 18:32:48.0250 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/01/31 18:32:48.0296 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/31 18:32:48.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/31 18:32:48.0468 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/31 18:32:48.0500 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/31 18:32:48.0515 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/01/31 18:32:48.0546 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/31 18:32:48.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/31 18:32:48.0671 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/31 18:32:48.0750 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/01/31 18:32:48.0812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/31 18:32:48.0937 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/01/31 18:32:48.0984 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/01/31 18:32:49.0156 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/31 18:32:49.0281 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/31 18:32:49.0359 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/31 18:32:49.0421 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/31 18:32:49.0437 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/31 18:32:49.0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/31 18:32:49.0531 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/31 18:32:49.0609 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/31 18:32:49.0671 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/31 18:32:49.0734 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/31 18:32:49.0828 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/31 18:32:49.0890 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/31 18:32:49.0953 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/31 18:32:50.0000 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/31 18:32:50.0046 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/31 18:32:50.0109 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/31 18:32:50.0171 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/31 18:32:50.0234 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/31 18:32:50.0296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/31 18:32:50.0343 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/31 18:32:50.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/31 18:32:50.0515 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/31 18:32:50.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/31 18:32:50.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/31 18:32:50.0718 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/31 18:32:50.0765 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/31 18:32:50.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/31 18:32:50.0859 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/31 18:32:50.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/31 18:32:50.0984 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/31 18:32:51.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/31 18:32:51.0156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/31 18:32:51.0234 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/31 18:32:51.0265 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/31 18:32:51.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/31 18:32:51.0375 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/31 18:32:51.0453 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/31 18:32:51.0500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/31 18:32:51.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/31 18:32:51.0593 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/31 18:32:51.0625 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/31 18:32:51.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/31 18:32:51.0750 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/31 18:32:51.0781 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/31 18:32:51.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/31 18:32:51.0859 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/31 18:32:51.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/31 18:32:51.0984 rdpdr (8d7c3fba57d633c96ea0c7f473edfcd3) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/31 18:32:51.0984 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: 8d7c3fba57d633c96ea0c7f473edfcd3, Fake md5: a2cae2c60bc37e0751ef9dda7ceaf4ad
2011/01/31 18:32:52.0000 rdpdr - detected Forged file (1)
2011/01/31 18:32:52.0078 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/31 18:32:52.0125 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/31 18:32:52.0218 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
2011/01/31 18:32:52.0296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/31 18:32:52.0359 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/31 18:32:52.0406 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/31 18:32:52.0484 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/31 18:32:52.0609 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/31 18:32:52.0656 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/31 18:32:52.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/31 18:32:52.0765 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/31 18:32:52.0843 SQTECH905C (5d7195f1c7c3e9aa7c2e5b37ba71096a) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/01/31 18:32:52.0921 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/31 18:32:52.0968 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/31 18:32:53.0078 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/31 18:32:53.0125 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/31 18:32:53.0187 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/31 18:32:53.0250 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/31 18:32:53.0312 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/31 18:32:53.0359 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/31 18:32:53.0406 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/31 18:32:53.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/31 18:32:53.0500 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/31 18:32:53.0578 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/31 18:32:53.0625 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/31 18:32:53.0656 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/31 18:32:53.0718 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/31 18:32:53.0796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/31 18:32:53.0859 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/31 18:32:53.0906 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/31 18:32:53.0984 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/31 18:32:54.0046 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/31 18:32:54.0109 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/31 18:32:54.0156 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/31 18:32:54.0218 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/31 18:32:54.0281 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/31 18:32:54.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/31 18:32:54.0375 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/31 18:32:54.0437 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/31 18:32:54.0484 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/31 18:32:54.0546 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/31 18:32:54.0593 Suspicious service (NoAccess): vbma841d
2011/01/31 18:32:54.0625 vbma841d (68eec1992b4628c29341e73009e31eb5) C:\WINDOWS\system32\drivers\vbma841d.sys
2011/01/31 18:32:54.0625 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma841d.sys. md5: 68eec1992b4628c29341e73009e31eb5
2011/01/31 18:32:54.0640 vbma841d - detected Locked service (1)
2011/01/31 18:32:54.0687 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/31 18:32:54.0734 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/31 18:32:54.0781 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/31 18:32:54.0843 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/31 18:32:54.0906 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/31 18:32:55.0000 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/31 18:32:55.0078 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/01/31 18:32:55.0187 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/31 18:32:55.0265 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/31 18:32:55.0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/31 18:32:55.0390 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/31 18:32:55.0453 ================================================================================
2011/01/31 18:32:55.0453 Scan finished
2011/01/31 18:32:55.0453 ================================================================================
2011/01/31 18:32:55.0468 Detected object count: 2
2011/01/31 18:33:25.0609 Forged file(rdpdr) - User select action: Skip
2011/01/31 18:33:25.0609 Locked service(vbma841d) - User select action: Skip
 
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
mrbcheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltmgr.sys
0xB9EDA000 sr.sys
0xBA338000 PxHelp20.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E09000 NDIS.sys
0xB9DEE000 Mup.sys
0xB8B8C000 \SystemRoot\System32\Drivers\vbma841d.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8A18000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB8A04000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB89DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB89BB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B6C000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xB8998000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8871000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xB87DC000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xBA468000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xB87B6000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8B5C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8B4C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA7E8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9465000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB879F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB878E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB875D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA616000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8729000 \SystemRoot\system32\DRIVERS\update.sys
0xBA578000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5A0000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xA854F000 \SystemRoot\system32\drivers\sthda.sys
0xA852B000 \SystemRoot\system32\drivers\portcls.sys
0xBA308000 \SystemRoot\system32\drivers\drmk.sys
0xBA318000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA61A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA61C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA61E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6E8000 \SystemRoot\System32\Drivers\Null.SYS
0xBA620000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA622000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA624000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB947D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA84D0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8478000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8451000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA118000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xA8429000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9471000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA8407000 \SystemRoot\System32\drivers\afd.sys
0xBA128000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA83DB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA836C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8339000 \SystemRoot\system32\drivers\mfehidk.sys
0xA8318000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA564000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA178000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8725000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8721000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA82DF000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA82C7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA632000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8701000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7EE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA2A8000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA81A3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7F1A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA825F000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7996000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5C4000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA7815000 \SystemRoot\System32\Drivers\HTTP.sys
0xA76CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA6D32000 \SystemRoot\system32\drivers\klmd.sys
0xBA3D0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xA6998000 \SystemRoot\system32\drivers\kmixer.sys
0xBA3C0000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
664 csrss.exe
688 C:\WINDOWS\system32\winlogon.exe
732 C:\WINDOWS\system32\services.exe
744 C:\WINDOWS\system32\lsass.exe
816 \Device\svchost.exe
932 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1240 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1848 C:\WINDOWS\explorer.exe
1956 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
1968 C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
1976 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2004 C:\Program Files\McAfee.com\Agent\mcagent.exe
132 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
168 C:\Program Files\iTunes\iTunesHelper.exe
240 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
252 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
248 C:\WINDOWS\ehome\ehtray.exe
284 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
476 C:\WINDOWS\system32\hkcmd.exe
532 C:\WINDOWS\system32\igfxpers.exe
612 C:\WINDOWS\system32\ctfmon.exe
656 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1064 svchost.exe
1100 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1148 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1200 C:\Program Files\Bonjour\mDNSResponder.exe
1736 C:\Program Files\Java\jre6\bin\jqs.exe
1796 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1744 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1400 C:\Program Files\Common Files\Motive\McciCMService.exe
2128 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2184 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
2272 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
2296 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2376 C:\Program Files\McAfee\MPF\MpfSrv.exe
2448 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
2480 C:\WINDOWS\system32\HPZipm12.exe
2536 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2704 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2796 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2960 C:\WINDOWS\system32\svchost.exe
3000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3440 C:\WINDOWS\system32\searchindexer.exe
3728 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3780 C:\WINDOWS\system32\fxssvc.exe
3844 mcrdsvc.exe
3976 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
564 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
456 C:\0download\TDSSKiller.exe
1284 C:\WINDOWS\system32\wscntfy.exe
2596 C:\Program Files\iPod\bin\iPodService.exe
3392 alg.exe
1888 C:\WINDOWS\system32\svchost.exe
2492 C:\Program Files\Internet Explorer\iexplore.exe
3464 C:\Program Files\Internet Explorer\iexplore.exe
504 C:\WINDOWS\system32\searchprotocolhost.exe
2208 searchfilterhost.exe
3592 C:\Program Files\Internet Explorer\iexplore.exe
3788 C:\0download\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST3160828AS, Rev: 8.03

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!
 
combofix could not complete

ran safe mode using admin logon, ran rkill.exe, ran combofix, combofix did not complete or write a log.

rkil log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/31/2011 at 20:40:39.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe


Rkill completed on 01/31/2011 at 20:40:45.
 
vbma841d

I think C:\WINDOWS\system32\drivers\vbma841d.sys is the culprit. I used to not be able to install anything. MSIexec.exe came back as access denied. I got around that I think by using superspyware.exe. Once msiexec.exe started working I was able to install microsoft updates and virusware and malware. but all malware and virusware dies after it starts.
 
Very possible.
vbma841d.sys doesn't bring any hits on Google.

Re-run TDSSKiller and select "Cure", or "Delete" (whichever is available) in case of vbma841d.sys file and vbma841d service.
 
ran tdsskiller

went to safe mode, ran rkill, ran tdsskiller, went to normal mode, ran malwarebites, it stopped after 10 seconds. where is \\.\globalroot\Device\svchost.exe\svchost.exe

that directory structure looks wierd. That could be it also.

tdsskiler log:



2011/01/31 23:04:56.0343 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 23:04:56.0343 ================================================================================
2011/01/31 23:04:56.0343 SystemInfo:
2011/01/31 23:04:56.0343
2011/01/31 23:04:56.0343 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/31 23:04:56.0343 Product type: Workstation
2011/01/31 23:04:56.0343 ComputerName: 9R9TY81
2011/01/31 23:04:56.0343 UserName: Administrator
2011/01/31 23:04:56.0343 Windows directory: C:\WINDOWS
2011/01/31 23:04:56.0343 System windows directory: C:\WINDOWS
2011/01/31 23:04:56.0343 Processor architecture: Intel x86
2011/01/31 23:04:56.0343 Number of processors: 1
2011/01/31 23:04:56.0343 Page size: 0x1000
2011/01/31 23:04:56.0343 Boot type: Safe boot
2011/01/31 23:04:56.0343 ================================================================================
2011/01/31 23:04:56.0859 Initialize success
2011/01/31 23:04:58.0265 ================================================================================
2011/01/31 23:04:58.0265 Scan started
2011/01/31 23:04:58.0265 Mode: Manual;
2011/01/31 23:04:58.0265 ================================================================================
2011/01/31 23:05:00.0781 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/31 23:05:01.0140 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/31 23:05:01.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/31 23:05:01.0843 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/31 23:05:02.0281 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/31 23:05:02.0687 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/31 23:05:03.0031 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/31 23:05:03.0359 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/31 23:05:03.0656 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/31 23:05:03.0984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/31 23:05:04.0312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/31 23:05:04.0625 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/31 23:05:04.0921 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/31 23:05:05.0218 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/31 23:05:05.0515 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/31 23:05:05.0859 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/31 23:05:06.0156 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/31 23:05:06.0437 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/31 23:05:06.0796 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/31 23:05:07.0125 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/31 23:05:07.0671 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/31 23:05:08.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/31 23:05:08.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/31 23:05:08.0640 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/31 23:05:08.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/31 23:05:09.0203 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/31 23:05:09.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/31 23:05:09.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/31 23:05:10.0062 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/31 23:05:10.0406 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/31 23:05:10.0984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/31 23:05:11.0328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/31 23:05:11.0687 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/31 23:05:12.0015 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/31 23:05:12.0359 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/31 23:05:12.0921 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/31 23:05:13.0578 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/01/31 23:05:13.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/31 23:05:14.0265 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/31 23:05:14.0609 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/31 23:05:14.0937 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/31 23:05:15.0156 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/01/31 23:05:15.0484 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/01/31 23:05:15.0828 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/31 23:05:16.0250 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/31 23:05:16.0593 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/31 23:05:16.0906 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/01/31 23:05:17.0218 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/31 23:05:17.0515 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/31 23:05:17.0875 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/31 23:05:18.0250 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/31 23:05:18.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/31 23:05:18.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/31 23:05:19.0265 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 23:05:19.0546 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/31 23:05:19.0921 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/31 23:05:20.0234 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/31 23:05:20.0531 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/31 23:05:20.0828 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/31 23:05:21.0140 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/31 23:05:21.0437 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/31 23:05:21.0843 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/31 23:05:22.0218 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/31 23:05:22.0546 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/31 23:05:22.0859 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/31 23:05:23.0468 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/31 23:05:24.0156 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/31 23:05:24.0468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/31 23:05:25.0093 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/01/31 23:05:25.0921 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/01/31 23:05:26.0406 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/01/31 23:05:26.0703 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/31 23:05:27.0015 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/31 23:05:27.0343 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/31 23:05:27.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/31 23:05:27.0921 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/31 23:05:28.0250 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/31 23:05:28.0625 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/31 23:05:28.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/31 23:05:29.0250 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/31 23:05:29.0578 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/31 23:05:29.0859 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/31 23:05:30.0218 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/31 23:05:30.0593 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/31 23:05:31.0234 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/01/31 23:05:31.0593 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/01/31 23:05:31.0984 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/01/31 23:05:34.0265 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/01/31 23:05:36.0687 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/01/31 23:05:37.0015 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/01/31 23:05:37.0375 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/01/31 23:05:37.0734 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/01/31 23:05:38.0046 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/01/31 23:05:38.0359 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/31 23:05:38.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/31 23:05:39.0031 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/31 23:05:39.0328 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/31 23:05:39.0593 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/01/31 23:05:39.0890 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/31 23:05:40.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/31 23:05:40.0515 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/31 23:05:40.0828 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/01/31 23:05:41.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/31 23:05:41.0312 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/01/31 23:05:41.0468 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/01/31 23:05:41.0921 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/31 23:05:42.0375 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/31 23:05:42.0859 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/31 23:05:43.0156 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/31 23:05:43.0421 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/31 23:05:43.0718 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/31 23:05:44.0015 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/31 23:05:44.0375 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/31 23:05:44.0703 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/31 23:05:45.0015 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/31 23:05:45.0437 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/31 23:05:45.0781 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/31 23:05:46.0078 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/31 23:05:46.0390 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/31 23:05:46.0718 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/31 23:05:47.0031 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/31 23:05:47.0312 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/31 23:05:47.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/31 23:05:48.0031 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/31 23:05:48.0468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/31 23:05:48.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/31 23:05:49.0765 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/31 23:05:50.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/31 23:05:50.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/31 23:05:51.0328 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/31 23:05:51.0656 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/31 23:05:51.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/31 23:05:52.0250 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/31 23:05:52.0781 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/31 23:05:53.0109 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/31 23:05:54.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/31 23:05:54.0765 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/31 23:05:55.0187 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/31 23:05:55.0484 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/31 23:05:55.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/31 23:05:56.0062 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/31 23:05:56.0375 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/31 23:05:56.0687 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/31 23:05:56.0984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/31 23:05:57.0281 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/31 23:05:57.0609 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/31 23:05:57.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/31 23:05:58.0218 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/31 23:05:58.0515 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/31 23:05:58.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/31 23:05:59.0140 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/31 23:05:59.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/31 23:05:59.0843 rdpdr (8d7c3fba57d633c96ea0c7f473edfcd3) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/31 23:05:59.0843 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: 8d7c3fba57d633c96ea0c7f473edfcd3, Fake md5: a2cae2c60bc37e0751ef9dda7ceaf4ad
2011/01/31 23:05:59.0859 rdpdr - detected Forged file (1)
2011/01/31 23:06:00.0218 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/31 23:06:00.0562 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/31 23:06:00.0968 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
2011/01/31 23:06:01.0406 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/31 23:06:01.0750 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/31 23:06:02.0062 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/31 23:06:02.0406 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/31 23:06:03.0000 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/31 23:06:03.0296 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/31 23:06:03.0593 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/31 23:06:03.0890 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/31 23:06:04.0281 SQTECH905C (5d7195f1c7c3e9aa7c2e5b37ba71096a) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/01/31 23:06:04.0625 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/31 23:06:05.0015 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/31 23:06:05.0671 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/31 23:06:06.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/31 23:06:06.0546 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/31 23:06:06.0875 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/31 23:06:07.0203 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/31 23:06:07.0484 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/31 23:06:07.0765 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/31 23:06:08.0046 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/31 23:06:08.0359 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/31 23:06:08.0796 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/31 23:06:09.0171 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/31 23:06:09.0453 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/31 23:06:09.0765 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/31 23:06:10.0109 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/31 23:06:10.0437 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/31 23:06:10.0781 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/31 23:06:11.0156 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/31 23:06:11.0562 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/31 23:06:11.0875 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/31 23:06:12.0203 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/31 23:06:12.0515 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/31 23:06:12.0828 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/31 23:06:13.0156 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/31 23:06:13.0421 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/31 23:06:13.0718 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/31 23:06:14.0015 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/31 23:06:14.0359 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/31 23:06:14.0421 Suspicious service (NoAccess): vbma841d
2011/01/31 23:06:14.0718 vbma841d (68eec1992b4628c29341e73009e31eb5) C:\WINDOWS\system32\drivers\vbma841d.sys
2011/01/31 23:06:14.0718 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma841d.sys. md5: 68eec1992b4628c29341e73009e31eb5
2011/01/31 23:06:14.0734 vbma841d - detected Locked service (1)
2011/01/31 23:06:15.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/31 23:06:15.0359 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/31 23:06:15.0703 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/31 23:06:16.0031 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/31 23:06:16.0406 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/31 23:06:17.0234 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/31 23:06:17.0609 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/01/31 23:06:18.0093 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/31 23:06:18.0437 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/31 23:06:18.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/31 23:06:19.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/31 23:06:19.0375 ================================================================================
2011/01/31 23:06:19.0375 Scan finished
2011/01/31 23:06:19.0375 ================================================================================
2011/01/31 23:06:19.0406 Detected object count: 2
2011/01/31 23:06:27.0140 HKLM\SYSTEM\ControlSet004\services\rdpdr - will be deleted after reboot
2011/01/31 23:06:27.0171 HKLM\SYSTEM\ControlSet006\services\rdpdr - will be deleted after reboot
2011/01/31 23:06:27.0187 C:\WINDOWS\system32\DRIVERS\rdpdr.sys - will be deleted after reboot
2011/01/31 23:06:27.0203 Forged file(rdpdr) - User select action: Delete
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet001\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet002\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet003\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet004\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet005\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0203 HKLM\SYSTEM\ControlSet006\services\vbma841d - will be deleted after reboot
2011/01/31 23:06:27.0218 C:\WINDOWS\system32\drivers\vbma841d.sys - will be deleted after reboot
2011/01/31 23:06:27.0218 Locked service(vbma841d) - User select action: Delete
2011/01/31 23:06:40.0718 Deinitialize success
 
vbma841d.sys file and vbma841d service came right back

ran in safe mode, ran rkill. raan tdsskiller, tried running combofix - that dies, ranm tdsskiller again and vbma841d.sys file and vbma841d service are back.
 
Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL did not return anything.

When I ran it again itreturned:

Windoiws cannot access the specified device, path , or file
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    vbma841d.sys
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
OTL ran buit did not return anything (dies?)

ran ity agai and it said Windows cannot access the specified device, path, or file
 
OTLPE log using REATOGO

OTL logfile created on: 2/1/2011 12:50:47 AM - Run
OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 74.92 Gb Free Space | 51.91% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (userinit)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [Auto] -- -- (helpsvc)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] () [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] () [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/05/04 14:45:36 | 000,078,848 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (.usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.Npfs)
DRV - [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 03:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2010/07/27 03:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/09 07:10:48 | 000,037,888 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\vbma841d.sys -- (vbma841d)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/01 10:29:34 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/24 17:21:22 | 000,038,937 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 06:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 06:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 06:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 06:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 06:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 06:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 06:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 06:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 06:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 06:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 06:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 06:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 06:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 06:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 06:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:01:16 | 000,196,864 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\R._Victor_Trense_II_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\R._Victor_Trense_II_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.billygraham.org/
IE - HKU\R._Victor_Trense_II_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\R._Victor_Trense_II_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\R._Victor_Trense_II_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\R._Victor_Trense_II_ON_C\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\R._Victor_Trense_II_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\R._Victor_Trense_II_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\R._Victor_Trense_II_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/26 06:18:22 | 000,000,000 | ---D | M]

[2010/10/22 17:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/03 15:02:20 | 000,000,000 | ---D | M] (Weemi) -- C:\Program Files\Mozilla Firefox\extensions\{30488549-5379-4FBE-9492-1CFA0593F1CD}
[2010/10/22 17:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/01 17:50:22 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[2009/10/03 15:02:20 | 000,002,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\weemi121.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\R._Victor_Trense_II_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\R._Victor_Trense_II_ON_C\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\R._Victor_Trense_II_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\R._Victor_Trense_II_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\R._Victor_Trense_II_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\R._Victor_Trense_II_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\R._Victor_Trense_II_ON_C..\Run: [SUPERAntiSpyware] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\R._Victor_Trense_II_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 23:40:29 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/31 20:16:09 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/01/31 20:10:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/01/30 22:22:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/30 22:22:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/30 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/30 22:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Start Menu
[2011/01/30 22:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Application Data\Avira
[2011/01/30 08:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/01/29 21:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/29 18:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/01/29 18:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/29 18:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Desktop\BLINKY
[2011/01/29 15:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Desktop\Mama
[2011/01/29 15:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Desktop\Anne Marie Trense
[2011/01/29 14:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Application Data\SUPERAntiSpyware.com
[2011/01/29 14:47:52 | 010,325,408 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\R. Victor Trense II\My Documents\SUPERAntiSpyware.exe
[2011/01/29 11:42:18 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/01/29 11:22:55 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/01/29 11:22:17 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/01/29 11:13:16 | 002,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/01/29 11:13:16 | 002,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/01/29 11:13:16 | 002,021,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/01/29 11:13:15 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/01/29 11:12:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2011/01/29 11:12:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/01/29 11:12:23 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/01/29 11:12:23 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/01/29 11:12:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/01/29 11:12:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/01/29 11:12:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2011/01/29 11:12:00 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2011/01/29 10:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R. Victor Trense II\Application Data\Malwarebytes
[2011/01/29 10:09:25 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/01/29 10:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/29 09:48:40 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2011/01/29 09:48:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2011/01/29 09:48:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2011/01/29 09:48:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2011/01/29 09:48:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2011/01/29 09:48:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/01/29 09:48:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/01/29 09:48:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/01/29 09:48:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/01/29 09:48:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/01/29 09:48:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/01/29 09:48:18 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/01/29 09:48:17 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/01/29 09:48:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/01/29 09:48:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/01/29 09:48:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/01/29 09:48:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/01/29 09:48:15 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/01/29 09:48:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/01/29 09:48:15 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/01/29 09:48:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/01/29 09:48:15 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/01/29 09:48:14 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/01/29 09:48:14 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/01/29 09:48:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/01/29 09:48:11 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/01/29 09:48:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/01/29 09:48:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/01/29 09:48:09 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/01/29 09:48:09 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/01/29 09:48:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/01/29 09:48:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/01/29 09:48:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/01/29 09:48:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/01/29 09:48:08 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/01/29 09:48:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/01/29 09:48:08 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/01/29 09:48:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/01/29 09:48:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/01/29 09:48:05 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/01/29 09:48:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/01/29 09:48:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/01/29 09:48:03 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/01/29 09:48:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/01/29 09:48:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/01/29 09:48:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/01/29 09:48:02 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/01/29 09:48:02 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/01/29 09:48:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/01/29 09:48:02 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[
 
Status
Not open for further replies.

Similar threads

A
ExpressVPN disables security feature that was leaking DNS requests to third-party servers
Replies
2
Views
151
return
return
D
Avira update is causing Windows PCs to freeze up, no fix in sight
Replies
0
Views
207
DragonSlayer101
D
losdavos
Malware removal help, please and thank you!
Replies
1
Views
834
losdavos
losdavos

Latest posts

Back