Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected - noticed admarketplace as one of the redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 robjulo

robjulo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 03 January 2010 - 08:39 AM

Starting this morning, I'm getting redirected to ad sites. I noticed admarketplace as one of the redirects. Below is my DDS log and root log. I also noticed that {E2883E8F-472F-4FB0-9522-AC9BF37916A7} was listed as "damaged" in "view objects" under IE tools. I deleted that file (maybe I shouldn't have).

Thanks for any help!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Rob and Julie at 8:31:51.75 on Sun 01/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1202 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\CTHELPER.EXE
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Steam\Steam.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\OpenOffice.org 3\program\soffice.exe
F:\Program Files\OpenOffice.org 3\program\soffice.bin
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Java\jre6\bin\jucheck.exe
F:\Program Files\Microsoft Office\Office\WINWORD.EXE
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\msagent\AgentSvr.exe
F:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
F:\Program Files\uTorrent\uTorrent.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\AVG\AVG8\avgscanx.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\AVG\AVG8\avgui.exe
F:\Documents and Settings\Rob and Julie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - f:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - f:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - f:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - f:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] f:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DAEMON Tools Lite] "f:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "f:\program files\steam\Steam.exe" -silent
uRun: [uTorrent] "f:\program files\utorrent\uTorrent.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [AVG8_TRAY] f:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "f:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "f:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: f:\docume~1\roband~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - f:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - f:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225626491812
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 192.168.1.102 HP000D9D23EE1E

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;f:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2008-10-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;f:\windows\system32\drivers\avgmfx86.sys [2008-10-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2008-10-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\avg\avg8\avgemc.exe [2009-6-25 908056]
R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 297752]
R3 COMMONFX.SYS;COMMONFX.SYS;f:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;f:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;f:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;f:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;f:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;f:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;f:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;f:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 USBAV191;Instant VideoXpress;f:\windows\system32\drivers\USBAV191.SYS [2005-4-27 120128]

=============== Created Last 30 ================

2010-01-03 13:17:30 0 d-----w- f:\program files\Trend Micro
2009-12-06 21:44:38 0 d-----w- f:\docume~1\roband~1\applic~1\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-12-06 21:44:30 0 d-----w- f:\program files\DIRECTV

==================== Find3M ====================

2009-11-28 18:24:54 348160 ----a-w- f:\windows\system32\msvcr71.dll
2009-11-26 14:09:47 215104 ----a-w- f:\windows\system32\PnkBstrB.exe
2009-11-26 13:41:24 138576 ----a-w- f:\windows\system32\drivers\PnkBstrK.sys
2009-11-26 00:37:13 75064 ----a-w- f:\windows\system32\PnkBstrA.exe
2009-10-29 07:46:59 832512 ----a-w- f:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- f:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- f:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- f:\windows\system32\raschap.dll

============= FINISH: 8:32:48.20 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/03 08:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8B8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA661000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: F:\WINDOWS\System32\drivers\afd.sys
Address: 0xAEB15000 Size: 138496 File Visible: - Signed: -
Status: -

Name: aku6308k.SYS
Image Path: F:\WINDOWS\System32\Drivers\aku6308k.SYS
Address: 0xB811B000 Size: 221184 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: F:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xB4001000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA619000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: F:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAEF5000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: F:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xAC41C000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: F:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xB1D14000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: F:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xAEBAD000 Size: 101888 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: F:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBAE4A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: F:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: F:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBAAC8000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: F:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBAA58000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA908000 Size: 53248 File Visible: - Signed: -
Status: -

Name: COMMONFX.SYS
Image Path: F:\WINDOWS\System32\drivers\COMMONFX.SYS
Address: 0xB0E6B000 Size: 110592 File Visible: - Signed: -
Status: -

Name: ctac32k.sys
Image Path: F:\WINDOWS\system32\drivers\ctac32k.sys
Address: 0xB0E86000 Size: 638976 File Visible: - Signed: -
Status: -

Name: ctaud2k.sys
Image Path: F:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB8C9E000 Size: 525696 File Visible: - Signed: -
Status: -

Name: CTAUDFX.SYS
Image Path: F:\WINDOWS\System32\drivers\CTAUDFX.SYS
Address: 0xB0DE0000 Size: 569344 File Visible: - Signed: -
Status: -

Name: ctoss2k.sys
Image Path: F:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB8C46000 Size: 212992 File Visible: - Signed: -
Status: -

Name: ctprxy2k.sys
Image Path: F:\WINDOWS\system32\drivers\ctprxy2k.sys
Address: 0xBAB70000 Size: 32768 File Visible: - Signed: -
Status: -

Name: CTSBLFX.SYS
Image Path: F:\WINDOWS\System32\drivers\CTSBLFX.SYS
Address: 0xB0D52000 Size: 581632 File Visible: - Signed: -
Status: -

Name: ctsfm2k.sys
Image Path: F:\WINDOWS\system32\drivers\ctsfm2k.sys
Address: 0xB0F22000 Size: 167936 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8F8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: F:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAA78000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_nvatabus.sys
Image Path: F:\WINDOWS\System32\Drivers\dump_nvatabus.sys
Address: 0xA885B000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xA8E6A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: F:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA8CF4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: F:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: F:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA904F000 Size: 4096 File Visible: - Signed: -
Status: -

Name: emupia2k.sys
Image Path: F:\WINDOWS\system32\drivers\emupia2k.sys
Address: 0xB0F4B000 Size: 192512 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: F:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBAC10000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: F:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB277A000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA5E3000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: F:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBAE48000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA631000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: F:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xB9FC8000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xBAD5C000 Size: 9984 File Visible: - Signed: -
Status: -

Name: ha10kx2k.sys
Image Path: F:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xB0F7A000 Size: 1089536 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: F:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB276A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB454A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: F:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB4A2E000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: F:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7885000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: F:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8E9B000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: F:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBAA48000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAEB5F000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAEC1F000 Size: 75264 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: F:\WINDOWS\system32\DRIVERS\irda.sys
Address: 0xA7F28000 Size: 88192 File Visible: - Signed: -
Status: -

Name: irenum.sys
Image Path: F:\WINDOWS\system32\DRIVERS\irenum.sys
Address: 0xBAD68000 Size: 11264 File Visible: - Signed: -
Status: -

Name: irsir.sys
Image Path: F:\WINDOWS\system32\DRIVERS\irsir.sys
Address: 0xBAC18000 Size: 18688 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8C8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: F:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC28000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: F:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: F:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA4905000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8D1F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA5BA000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: F:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBAE4C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: F:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC20000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: F:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7E5B000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAE9DA000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: F:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB453A000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: F:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBAAE8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: F:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD7C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA4E6000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA500000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAD74000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB1D68000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB7CC2000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: F:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB4051000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: F:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB278A000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: F:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAEB37000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: F:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA938000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: F:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB4532000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA52D000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: F:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: F:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAFDA000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: F:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D6000 Size: 6057984 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB85F9000 Size: 6132576 File Visible: - Signed: -
Status: -

Name: nvatabus.sys
Image Path: nvatabus.sys
Address: 0xBA603000 Size: 90112 File Visible: - Signed: -
Status: -

Name: nvatabus.sys
Image Path: nvatabus.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: nvcchflt.sys
Image Path: nvcchflt.sys
Address: 0xBAB38000 Size: 16640 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: F:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB4031000 Size: 33408 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: F:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xB9FC4000 Size: 12928 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB8C06000 Size: 262144 File Visible: - Signed: -
Status: -

Name: NVSNPU.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xB8BD3000 Size: 208896 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8A8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA650000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP0282
Image Path: \Driver\PCI_PNP0282
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: F:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8C7A000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: F:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xBAA38000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: F:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB7CB1000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: F:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC40000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: F:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB62B6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: F:\WINDOWS\system32\DRIVERS\rasirda.sys
Address: 0xBAC30000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8E8B000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: F:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8E7B000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: F:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBAAD8000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: F:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC48000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: F:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAEA4A000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: F:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBAE4E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: F:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBAA68000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: F:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4435000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: F:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA68F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: F:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAD64000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: F:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8EAB000 Size: 64512 File Visible: - Signed: -
Status: -

Name: serscan.sys
Image Path: F:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xBAE04000 Size: 6784 File Visible: - Signed: -
Status: -

Name: spip.sys
Image Path: spip.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA5D1000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: F:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA7DB9000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: F:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBAE06000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: F:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBAA88000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: F:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAEBC6000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC38000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: F:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAAF8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: F:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB7C53000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBAE44000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: F:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAB68000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: F:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB4041000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: F:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBAB60000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8D42000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: F:\WINDOWS\System32\drivers\vga.sys
Address: 0xB4542000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: F:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB85E5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: F:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB4011000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: F:\WINDOWS\System32\watchdog.sys
Address: 0xB5671000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: F:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7D54000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: F:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WmBEnum.sys
Image Path: F:\WINDOWS\system32\drivers\WmBEnum.sys
Address: 0xB8D8A000 Size: 10144 File Visible: - Signed: -
Status: -

Name: WmFilter.sys
Image Path: F:\WINDOWS\system32\drivers\WmFilter.sys
Address: 0xB452A000 Size: 22240 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: F:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WmXlCore.sys
Image Path: F:\WINDOWS\system32\drivers\WmXlCore.sys
Address: 0xBAB08000 Size: 45504 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:24 PM

Posted 11 January 2010 - 11:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:24 PM

Posted 16 January 2010 - 10:59 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users