Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect Virus


  • Please log in to reply
21 replies to this topic

#1 g.stirling

g.stirling

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 25 October 2010 - 11:19 PM

Hi Guys,

First time posting so I'm sorry if I do something wrong...

When I click on a result from a search engine like google or yahoo it redirects me to a blank page with a weird address in the address bar. Below is my HijackThis log. Please HELP!

I should also add that I have already run Malwarebytes Anti-Malware, Trojan Remover, Spybot - Seach and Destroy and Ad-Aware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:05 PM, on 26/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\GIZMO2\GIZMO.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HHHH Associates\Desktop Slideshow\DesktopSlideshow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Bizpro HSW Stock Tool\HSWTool.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.howardsstorageworld.com/default.aspx?PageView=Shared
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HOWARDS STORAGE WORLD
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.hsw.com.au;*.howardsstorage.com.au;*.howardsstorageworld.com.au;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GIZMO2] C:\Program Files\GIZMO2\GIZMO.exe
O4 - HKLM\..\Run: [KASHTHCVLR94657653912806] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Desktop Slideshow.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PhoneManager.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://192.168.16.2/HSWScripts/ScriptX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201045140503
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HowardsStorageWorld.local
O17 - HKLM\Software\..\Telephony: DomainName = HowardsStorageWorld.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HowardsStorageWorld.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HowardsStorageWorld.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kaseya Security Service (KaseyaAVService) - Unknown owner - C:\Program Files\Kaseya\Agent\KasAVSrv.exe
O23 - Service: Kaseya Agent (KATHCVLR94657653912806) - Kaseya International Limited - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 13739 bytes

Hi all, I posted yesterday but I didn't understand how to properly post for help on a virus, trojan, etc. I also don't know how to remove my post from yesterday so sorry in advance if I've done something wrong.

Every time I get search results from a search engine such as google or yahoo, when I click on a result I am redirected to a blank page with a weird web address. I have tried using both Internet Explorer and Mozilla Firefox but both have the same problem.

In attempts to fix the problem I have used Trojan Remover, Spybot - Search and Destroy, Ad-Aware, and Malwarebytes' Anti-Malware. and obviously, even after all this I still have the same problem... Please help!


DDS (Ver_10-10-21.02) - NTFSx86
Run by georgina at 9:30:07.91 on Wed 27/10/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1014.150 [GMT 11:00]

AV: AVG Internet Security Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\GIZMO2\GIZMO.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\HHHH Associates\Desktop Slideshow\DesktopSlideshow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Georgina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet.howardsstorageworld.com/default.aspx?PageView=Shared
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by HOWARDS STORAGE WORLD
uInternet Settings,ProxyServer = 127.0.0.1:80
uInternet Settings,ProxyOverride = *.hsw.com.au;*.howardsstorage.com.au;*.howardsstorageworld.com.au;<local>;*.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GIZMO2] c:\program files\gizmo2\GIZMO.exe
mRun: [KASHTHCVLR94657653912806] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\georgina\startm~1\programs\startup\deskto~1.lnk - c:\docume~1\georgina\applic~1\microsoft\installer\{5cb7d66f-99e1-4cff-bc47-43b889b6b2df}\_4ae13d6c.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\phonem~1.lnk - c:\program files\avaya\ip office\phone manager\PhoneManager.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://192.168.16.2/HSWScripts/ScriptX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201045140503
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\georgina\applic~1\mozilla\firefox\profiles\pn48hr1j.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet.howardsstorageworld.com/default.aspx?PageView=Shared
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\georgina\application data\mozilla\firefox\profiles\pn48hr1j.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-28 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-28 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-28 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-28 297752]
R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2009-10-28 221184]
R2 KATHCVLR94657653912806;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-1-19 806912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-14 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-13 3968]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-1-19 13824]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
S3 Nwlate73l;Nwlate73l; [x]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec antivirus\smclu\setup\smcinst.exe --> c:\program files\symantec antivirus\smclu\setup\smcinst.exe [?]

=============== Created Last 30 ================

2010-10-25 10:09:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-25 05:54:40 -------- d-----w- c:\docume~1\georgina\locals~1\applic~1\Sunbelt Software
2010-10-25 05:50:47 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-25 05:49:11 -------- d-----w- c:\program files\Lavasoft
2010-10-25 00:47:05 -------- d-----w- c:\program files\Trend Micro
2010-10-25 00:25:22 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-25 00:25:22 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-25 00:25:22 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-25 00:25:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-25 00:25:22 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-25 00:25:20 -------- d-----w- c:\program files\Trojan Remover
2010-10-25 00:25:20 -------- d-----w- c:\docume~1\georgina\applic~1\Simply Super Software
2010-10-25 00:25:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-10-22 04:03:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-22 04:03:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-21 23:20:08 -------- d--h--w- C:\$AVG8.VAULT$
2010-10-21 03:31:15 69632 --sha-r- c:\windows\system32\esent97Y.dll
2010-10-21 03:19:03 -------- d-----w- c:\docume~1\georgina\applic~1\WindSolutions
2010-10-21 03:18:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2010-10-24 21:38:36 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2008-04-13 19:39:36 566784 --sh--w- c:\windows\system32\gpedit.dll

============= FINISH: 9:32:39.11 ===============

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 26 October 2010 - 06:08 PM.
Moved from Web Browsing/Email and Other Internet Applications ~BP


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 26 October 2010 - 06:06 PM

Hi, g.stirling :)

:welcome:

You may be infected with a backdoor trojan. I would suggest you backup your important documents before proceeding.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 06:18 PM

Hi and thanks for your quick response... It is greatly appreciated.

Below are the two reports. Nothing was found with TDSSKiller but one was found with MBR Check.

2010/10/27 10:13:43.0615 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 10:13:43.0615 ================================================================================
2010/10/27 10:13:43.0615 SystemInfo:
2010/10/27 10:13:43.0615
2010/10/27 10:13:43.0615 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/27 10:13:43.0615 Product type: Workstation
2010/10/27 10:13:43.0615 ComputerName: ELFA02
2010/10/27 10:13:43.0615 UserName: georgina
2010/10/27 10:13:43.0615 Windows directory: C:\WINDOWS
2010/10/27 10:13:43.0615 System windows directory: C:\WINDOWS
2010/10/27 10:13:43.0615 Processor architecture: Intel x86
2010/10/27 10:13:43.0615 Number of processors: 2
2010/10/27 10:13:43.0615 Page size: 0x1000
2010/10/27 10:13:43.0615 Boot type: Normal boot
2010/10/27 10:13:43.0615 ================================================================================
2010/10/27 10:13:43.0928 Initialize success
2010/10/27 10:13:49.0337 ================================================================================
2010/10/27 10:13:49.0337 Scan started
2010/10/27 10:13:49.0337 Mode: Manual;
2010/10/27 10:13:49.0337 ================================================================================
2010/10/27 10:13:49.0837 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/27 10:13:49.0868 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/10/27 10:13:49.0915 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 10:13:49.0946 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 10:13:50.0009 ADIHdAudAddService (f3494e4e29605846cb1d21f2fc50d407) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/10/27 10:13:50.0056 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/27 10:13:50.0087 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/10/27 10:13:50.0134 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 10:13:50.0165 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 10:13:50.0228 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/27 10:13:50.0259 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/27 10:13:50.0290 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/27 10:13:50.0337 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/27 10:13:50.0369 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/27 10:13:50.0400 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/27 10:13:50.0415 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/27 10:13:50.0462 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/27 10:13:50.0478 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/27 10:13:50.0509 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/27 10:13:50.0540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/27 10:13:50.0572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/27 10:13:50.0619 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 10:13:50.0634 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 10:13:50.0666 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 10:13:50.0712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 10:13:50.0791 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/27 10:13:50.0931 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/27 10:13:50.0963 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/10/27 10:13:51.0009 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/27 10:13:51.0056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 10:13:51.0088 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/27 10:13:51.0103 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 10:13:51.0135 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/27 10:13:51.0150 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/27 10:13:51.0166 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 10:13:51.0197 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 10:13:51.0228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 10:13:51.0275 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/27 10:13:51.0306 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/27 10:13:51.0353 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/27 10:13:51.0385 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/27 10:13:51.0416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 10:13:51.0463 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 10:13:51.0525 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 10:13:51.0557 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 10:13:51.0588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 10:13:51.0619 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/27 10:13:51.0635 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 10:13:51.0650 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/27 10:13:51.0729 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2010/10/27 10:13:51.0807 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 10:13:51.0869 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 10:13:51.0963 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 10:13:52.0057 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 10:13:52.0088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/27 10:13:52.0119 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 10:13:52.0151 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 10:13:52.0198 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/27 10:13:52.0244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 10:13:52.0291 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/10/27 10:13:52.0338 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/27 10:13:52.0416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 10:13:52.0448 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/27 10:13:52.0495 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 10:13:52.0526 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/27 10:13:52.0573 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/27 10:13:52.0620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 10:13:52.0823 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/27 10:13:53.0073 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/10/27 10:13:53.0167 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 10:13:53.0261 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/27 10:13:53.0292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/27 10:13:53.0323 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/27 10:13:53.0354 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/27 10:13:53.0386 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 10:13:53.0401 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 10:13:53.0432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 10:13:53.0495 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 10:13:53.0526 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 10:13:53.0573 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 10:13:53.0620 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/10/27 10:13:53.0761 KAPFA (9c3abc6d9cc915056f0918469f567975) C:\WINDOWS\system32\drivers\KAPFA.SYS
2010/10/27 10:13:53.0839 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 10:13:53.0886 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 10:13:53.0933 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 10:13:53.0964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 10:13:54.0089 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/27 10:13:54.0245 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 10:13:54.0292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 10:13:54.0308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 10:13:54.0370 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 10:13:54.0402 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 10:13:54.0417 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/27 10:13:54.0464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 10:13:54.0527 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 10:13:54.0589 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 10:13:54.0636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 10:13:54.0652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 10:13:54.0683 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 10:13:54.0730 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 10:13:54.0761 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/27 10:13:54.0793 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 10:13:54.0871 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/27 10:13:54.0918 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 10:13:54.0949 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/27 10:13:55.0011 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 10:13:55.0058 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 10:13:55.0090 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 10:13:55.0121 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 10:13:55.0152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 10:13:55.0199 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 10:13:55.0246 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 10:13:55.0277 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 10:13:55.0340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 10:13:55.0418 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 10:13:55.0590 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 10:13:55.0621 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 10:13:55.0668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 10:13:55.0699 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 10:13:55.0730 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 10:13:55.0746 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 10:13:55.0793 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 10:13:55.0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 10:13:55.0934 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/27 10:13:55.0965 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/27 10:13:56.0027 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/10/27 10:13:56.0074 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 10:13:56.0184 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
2010/10/27 10:13:56.0293 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/10/27 10:13:56.0340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/27 10:13:56.0387 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/10/27 10:13:56.0418 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 10:13:56.0434 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 10:13:56.0481 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/27 10:13:56.0528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/27 10:13:56.0559 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/27 10:13:56.0590 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/27 10:13:56.0622 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/27 10:13:56.0637 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/27 10:13:56.0668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 10:13:56.0731 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 10:13:56.0778 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 10:13:56.0809 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 10:13:56.0856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 10:13:56.0887 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 10:13:56.0903 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 10:13:56.0965 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 10:13:57.0012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 10:13:57.0106 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 10:13:57.0184 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2010/10/27 10:13:57.0278 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 10:13:57.0341 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 10:13:57.0356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 10:13:57.0434 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/27 10:13:57.0466 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/27 10:13:57.0559 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2010/10/27 10:13:57.0591 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/27 10:13:57.0653 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 10:13:57.0731 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 10:13:57.0794 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 10:13:57.0841 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/27 10:13:57.0872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 10:13:57.0950 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 10:13:57.0997 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/27 10:13:58.0044 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/27 10:13:58.0060 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/27 10:13:58.0075 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/27 10:13:58.0122 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 10:13:58.0185 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 10:13:58.0232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 10:13:58.0263 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 10:13:58.0310 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 10:13:58.0357 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/27 10:13:58.0529 tvtfilter (034e58ba89731b5d1634e85b4e37ee0b) C:\WINDOWS\system32\drivers\tvtfilter.sys
2010/10/27 10:13:58.0638 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2010/10/27 10:13:58.0701 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 10:13:58.0716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/27 10:13:58.0794 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 10:13:58.0873 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/27 10:13:58.0920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/27 10:13:58.0982 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 10:13:59.0029 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 10:13:59.0060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 10:13:59.0091 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 10:13:59.0123 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 10:13:59.0154 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/27 10:13:59.0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 10:13:59.0295 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/27 10:13:59.0326 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/27 10:13:59.0373 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 10:13:59.0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 10:13:59.0482 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 10:13:59.0560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/27 10:13:59.0623 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 10:13:59.0654 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/27 10:13:59.0732 ================================================================================
2010/10/27 10:13:59.0732 Scan finished
2010/10/27 10:13:59.0732 ================================================================================
2010/10/27 10:14:28.0871 ================================================================================
2010/10/27 10:14:28.0871 Scan started
2010/10/27 10:14:28.0871 Mode: Manual;
2010/10/27 10:14:28.0871 ================================================================================
2010/10/27 10:14:29.0168 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/27 10:14:29.0184 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/10/27 10:14:29.0231 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 10:14:29.0262 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 10:14:29.0325 ADIHdAudAddService (f3494e4e29605846cb1d21f2fc50d407) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/10/27 10:14:29.0356 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/27 10:14:29.0372 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/10/27 10:14:29.0387 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 10:14:29.0419 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 10:14:29.0465 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/27 10:14:29.0497 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/27 10:14:29.0512 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/27 10:14:29.0544 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/27 10:14:29.0559 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/27 10:14:29.0590 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/27 10:14:29.0606 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/27 10:14:29.0637 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/27 10:14:29.0653 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/27 10:14:29.0684 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/27 10:14:29.0700 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/27 10:14:29.0716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/27 10:14:29.0778 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 10:14:29.0809 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 10:14:29.0841 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 10:14:29.0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 10:14:29.0919 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/27 10:14:29.0966 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/27 10:14:29.0981 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/10/27 10:14:30.0028 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/27 10:14:30.0059 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 10:14:30.0091 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/27 10:14:30.0106 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 10:14:30.0138 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/27 10:14:30.0153 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/27 10:14:30.0169 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 10:14:30.0200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 10:14:30.0231 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 10:14:30.0356 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/27 10:14:30.0388 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/27 10:14:30.0435 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/27 10:14:30.0435 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/27 10:14:30.0482 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 10:14:30.0513 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 10:14:30.0560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 10:14:30.0591 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 10:14:30.0638 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 10:14:30.0653 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/27 10:14:30.0685 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 10:14:30.0700 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/27 10:14:30.0747 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2010/10/27 10:14:30.0794 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 10:14:30.0825 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 10:14:30.0872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 10:14:30.0888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 10:14:30.0935 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/27 10:14:30.0966 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 10:14:30.0982 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 10:14:31.0029 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/27 10:14:31.0076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 10:14:31.0107 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/10/27 10:14:31.0154 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/27 10:14:31.0169 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 10:14:31.0201 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/27 10:14:31.0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 10:14:31.0357 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/27 10:14:31.0388 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/27 10:14:31.0419 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 10:14:31.0623 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/27 10:14:31.0685 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/10/27 10:14:31.0716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 10:14:31.0748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/27 10:14:31.0763 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/27 10:14:31.0810 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/27 10:14:31.0857 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/27 10:14:31.0873 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 10:14:31.0888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 10:14:31.0920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 10:14:31.0951 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 10:14:31.0967 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 10:14:32.0014 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 10:14:32.0045 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/10/27 10:14:32.0092 KAPFA (9c3abc6d9cc915056f0918469f567975) C:\WINDOWS\system32\drivers\KAPFA.SYS
2010/10/27 10:14:32.0107 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 10:14:32.0123 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 10:14:32.0154 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 10:14:32.0185 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 10:14:32.0295 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/27 10:14:32.0436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 10:14:32.0482 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 10:14:32.0498 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 10:14:32.0545 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 10:14:32.0561 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 10:14:32.0576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/27 10:14:32.0592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 10:14:32.0733 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 10:14:32.0779 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 10:14:32.0842 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 10:14:32.0873 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 10:14:32.0905 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 10:14:32.0951 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 10:14:32.0983 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/27 10:14:32.0998 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 10:14:33.0014 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/27 10:14:33.0030 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 10:14:33.0045 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/27 10:14:33.0108 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 10:14:33.0155 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 10:14:33.0186 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 10:14:33.0202 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 10:14:33.0217 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 10:14:33.0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 10:14:33.0280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 10:14:33.0327 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 10:14:33.0358 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 10:14:33.0420 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 10:14:33.0467 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 10:14:33.0483 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 10:14:33.0514 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 10:14:33.0530 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 10:14:33.0561 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 10:14:33.0577 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 10:14:33.0608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 10:14:33.0655 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 10:14:33.0733 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/27 10:14:33.0749 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/27 10:14:33.0827 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/10/27 10:14:33.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 10:14:33.0968 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
2010/10/27 10:14:34.0108 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/10/27 10:14:34.0155 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/27 10:14:34.0218 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/10/27 10:14:34.0233 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 10:14:34.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 10:14:34.0280 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/27 10:14:34.0311 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/27 10:14:34.0327 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/27 10:14:34.0343 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/27 10:14:34.0358 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/27 10:14:34.0374 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/27 10:14:34.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 10:14:34.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 10:14:34.0452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 10:14:34.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 10:14:34.0499 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 10:14:34.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 10:14:34.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 10:14:34.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 10:14:34.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 10:14:34.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 10:14:34.0780 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2010/10/27 10:14:34.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 10:14:34.0874 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 10:14:34.0906 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 10:14:34.0984 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/27 10:14:34.0999 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/27 10:14:35.0046 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
2010/10/27 10:14:35.0062 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/27 10:14:35.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 10:14:35.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 10:14:35.0187 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 10:14:35.0234 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/27 10:14:35.0249 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 10:14:35.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 10:14:35.0406 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/27 10:14:35.0421 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/27 10:14:35.0437 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/27 10:14:35.0453 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/27 10:14:35.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 10:14:35.0546 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 10:14:35.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 10:14:35.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 10:14:35.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 10:14:35.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/27 10:14:35.0750 tvtfilter (034e58ba89731b5d1634e85b4e37ee0b) C:\WINDOWS\system32\drivers\tvtfilter.sys
2010/10/27 10:14:35.0797 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2010/10/27 10:14:35.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 10:14:35.0859 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/27 10:14:35.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 10:14:36.0000 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/27 10:14:36.0031 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/27 10:14:36.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 10:14:36.0094 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 10:14:36.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 10:14:36.0219 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 10:14:36.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 10:14:36.0266 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/27 10:14:36.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 10:14:36.0312 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/27 10:14:36.0344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/27 10:14:36.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 10:14:36.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 10:14:36.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 10:14:36.0578 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/27 10:14:36.0625 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 10:14:36.0641 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/27 10:14:36.0703 ================================================================================
2010/10/27 10:14:36.0703 Scan finished
2010/10/27 10:14:36.0703 ================================================================================


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x010800cc

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A7E000 \WINDOWS\system32\KDCOM.DLL
0xF798E000 \WINDOWS\system32\BOOTVID.dll
0xF744F000 ACPI.sys
0xF7A80000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF743E000 pci.sys
0xF757E000 isapnp.sys
0xF7B46000 pciide.sys
0xF77FE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF758E000 MountMgr.sys
0xF741F000 ftdisk.sys
0xF7A82000 dmload.sys
0xF73F9000 dmio.sys
0xF7806000 PartMgr.sys
0xF759E000 VolSnap.sys
0xF73E1000 atapi.sys
0xF75AE000 disk.sys
0xF75BE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73C1000 fltmgr.sys
0xF73AF000 sr.sys
0xF75CE000 PxHelp20.sys
0xF7398000 KSecDD.sys
0xF730B000 Ntfs.sys
0xF72DE000 NDIS.sys
0xF72C4000 Mup.sys
0xF7A84000 avgrkx86.sys
0xF775E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF690A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF68F6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF68CE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF68A4000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF788E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6880000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7896000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF776E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A72000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF789E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF686C000 \SystemRoot\system32\DRIVERS\parport.sys
0xF777E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78A6000 \SystemRoot\system32\drivers\iviaspi.sys
0xF778E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF779E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6849000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78AE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xF7C30000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF727E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6832000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78BE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6821000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78CE000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF67F1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78D6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\psadd.sys
0xF7AA4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6793000 \SystemRoot\system32\DRIVERS\update.sys
0xF7266000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF760E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6C7000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xAA6A3000 \SystemRoot\system32\drivers\portcls.sys
0xF761E000 \SystemRoot\system32\drivers\drmk.sys
0xAA68B000 \SystemRoot\system32\drivers\AEAudio.sys
0xAA62B000 \SystemRoot\system32\drivers\Senfilt.sys
0xF763E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AAE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A26000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A2A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF767E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7AB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BA2000 \SystemRoot\System32\Drivers\Null.SYS
0xF78FE000 \SystemRoot\System32\drivers\vga.sys
0xF7AB4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AB6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7906000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF790E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A36000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA98B0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9857000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA982F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9809000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA97E7000 \SystemRoot\System32\drivers\afd.sys
0xF769E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76AE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA97BC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7916000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA974C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76CE000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF791E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA96FB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7A52000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA999B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA96BB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA98E3000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7956000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BFC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA959F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA931E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF787E000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xF7AD6000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xA91C5000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9083000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7ADE000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xA94BB000 \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
0xF7BFA000 \??\C:\Program Files\SMI2\smi2.sys
0xA8F43000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
0xA8A63000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
0xA86BE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA89C3000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7E1E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA7BD2000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xA78CA000 \??\C:\DOCUME~1\Georgina\LOCALS~1\Temp\uwtdapow.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
856 C:\WINDOWS\system32\smss.exe
912 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
980 C:\WINDOWS\system32\services.exe
992 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1516 svchost.exe
1644 svchost.exe
1692 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1776 C:\WINDOWS\system32\spoolsv.exe
1912 svchost.exe
1980 C:\WINDOWS\system32\IPSSVC.EXE
2000 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2012 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2044 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
168 C:\Program Files\Bonjour\mDNSResponder.exe
172 C:\WINDOWS\system32\cisvc.exe
292 C:\WINDOWS\system32\svchost.exe
328 C:\Program Files\Java\jre6\bin\jqs.exe
420 C:\Program Files\Kaseya\Agent\KasAVSrv.exe
436 C:\Program Files\Kaseya\Agent\AgentMon.exe
488 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
668 C:\WINDOWS\system32\svchost.exe
884 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
1532 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
1556 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
1628 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
1868 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
156 C:\PROGRA~1\AVG\AVG8\avgam.exe
648 wmpnetwk.exe
2116 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
2160 C:\WINDOWS\system32\rundll32.exe
2300 C:\Program Files\Lenovo\System Update\SUService.exe
2820 unsecapp.exe
2884 alg.exe
3072 wmiprvse.exe
3488 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
3324 C:\WINDOWS\explorer.exe
1328 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
1348 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
1384 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
1472 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
2056 C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
2360 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
472 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2724 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
2756 C:\WINDOWS\system32\igfxtray.exe
2808 C:\WINDOWS\system32\hkcmd.exe
2788 C:\WINDOWS\system32\igfxpers.exe
2152 C:\Program Files\GIZMO2\GIZMO.exe
2232 C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
768 C:\Program Files\iTunes\iTunesHelper.exe
3636 C:\Program Files\Google\Google Talk\googletalk.exe
3852 C:\WINDOWS\system32\ctfmon.exe
3820 C:\Program Files\Skype\Phone\Skype.exe
3896 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4008 C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe
3632 C:\Program Files\HHHH Associates\Desktop Slideshow\DesktopSlideshow.exe
3048 C:\Program Files\iPod\bin\iPodService.exe
3980 C:\WINDOWS\system32\wbem\wmiapsrv.exe
4384 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5392 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
4404 C:\WINDOWS\system32\cidaemon.exe
2128 C:\Program Files\Internet Explorer\iexplore.exe
4960 C:\Documents and Settings\Georgina\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-08NCB1, Rev: 10.02E01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E49E0E857554DA709AC5B4035EF80F82577F2BA2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 26 October 2010 - 06:40 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 08:43 PM

Please see below my combofix log

ComboFix 10-10-25.04 - georgina 27/10/2010 11:34:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1014.504 [GMT 11:00]
Running from: c:\documents and settings\Georgina\Desktop\ComboFix.exe
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-26 06:00 . 2010-10-26 06:00 -------- d-----w- c:\documents and settings\Georgina\Local Settings\Application Data\Mozilla
2010-10-25 10:09 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-25 05:54 . 2010-10-25 05:54 -------- d-----w- c:\documents and settings\Georgina\Local Settings\Application Data\Sunbelt Software
2010-10-25 05:50 . 2010-10-25 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-25 05:49 . 2010-10-25 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-25 05:49 . 2010-10-25 05:49 -------- d-----w- c:\program files\Lavasoft
2010-10-25 00:47 . 2010-10-25 00:47 -------- d-----w- c:\program files\Trend Micro
2010-10-25 00:30 . 2010-10-26 04:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-25 00:25 . 2006-06-19 02:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-25 00:25 . 2006-05-25 04:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-25 00:25 . 2005-08-25 14:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-25 00:25 . 2003-02-02 09:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-25 00:25 . 2002-03-05 14:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-25 00:25 . 2010-10-25 00:25 -------- d-----w- c:\program files\Trojan Remover
2010-10-25 00:25 . 2010-10-25 00:25 -------- d-----w- c:\documents and settings\Georgina\Application Data\Simply Super Software
2010-10-25 00:25 . 2010-10-25 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-10-22 04:03 . 2010-10-24 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-22 04:03 . 2010-10-24 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-21 23:20 . 2010-10-22 01:01 -------- d-----w- C:\$AVG8.VAULT$
2010-10-21 03:31 . 2010-10-21 03:31 69632 --sha-r- c:\windows\system32\esent97Y.dll
2010-10-21 03:19 . 2010-10-21 03:19 -------- d-----w- c:\documents and settings\Georgina\Application Data\WindSolutions
2010-10-21 03:18 . 2010-10-21 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 21:38 . 2007-12-05 17:50 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2008-04-13 19:39 566784 --sh--w- c:\windows\system32\gpedit.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-02-01 120368]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-04-18 69632]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-13 2333440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-15 868352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-12 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-12 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-12 135168]
"GIZMO2"="c:\program files\GIZMO2\GIZMO.exe" [2008-11-17 2229512]
"KASHTHCVLR94657653912806"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2010-01-14 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

c:\documents and settings\Georgina\Start Menu\Programs\Startup\
Desktop Slideshow.lnk - c:\documents and settings\Georgina\Application Data\Microsoft\Installer\{5CB7D66F-99E1-4CFF-BC47-43B889B6B2DF}\_4ae13d6c.exe [2010-7-28 1078]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-10 113664]
PhoneManager.lnk - c:\program files\Avaya\IP Office\Phone Manager\PhoneManager.exe [2009-9-7 6044672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-18 17:05 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R2 KaseyaAVService;Kaseya Security Service;c:\program files\Kaseya\Agent\KasAVSrv.exe [10/28/2009 5:14 PM 221184]
R2 KATHCVLR94657653912806;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [1/19/2009 10:37 AM 806912]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 11:05 AM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [5/13/2006 1:10 PM 3968]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [1/19/2009 10:37 AM 13824]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 6:46 PM 1355928]
S3 Nwlate73l;Nwlate73l; [x]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.howardsstorageworld.com/default.aspx?PageView=Shared
uInternet Settings,ProxyServer = 127.0.0.1:80
uInternet Settings,ProxyOverride = *.hsw.com.au;*.howardsstorage.com.au;*.howardsstorageworld.com.au;<local>;*.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Georgina\Application Data\Mozilla\Firefox\Profiles\pn48hr1j.default\
FF - prefs.js: browser.startup.homepage - hxxp://intranet.howardsstorageworld.com/default.aspx?PageView=Shared
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Georgina\Application Data\Mozilla\Firefox\Profiles\pn48hr1j.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
Notify-avgrsstarter - avgrsstx.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 11:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2627389296-3520647433-2699487601-1944\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{337C1421-01EC-070B-EEA0-DA2A0664D5DC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-27 11:47:15
ComboFix-quarantined-files.txt 2010-10-27 00:46

Pre-Run: 149,675,196,416 bytes free
Post-Run: 152,149,147,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - F11212EB050FB256A051A070BD8D3307

#6 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 09:35 PM

Hi,

Not sure what the next step is as the redirecting problem is still present.

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 26 October 2010 - 10:16 PM

Are you still being redirected?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 10:18 PM

Hi,

Yes I am still being redirected.

#9 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 10:20 PM

This is the weird web address that appears but nothing is on the screen just a blank web page

http://www.anirgenhotgo.com/search.php?q=(and then the name of whatever I have searched)

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 26 October 2010 - 10:33 PM

Are you connected throughout a router?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 10:35 PM

It is a work computer and I am connected through a router I believe, however, there are three other computers connected to the same source for the internet. They are not having any issues.

Edited by g.stirling, 26 October 2010 - 10:36 PM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 26 October 2010 - 11:06 PM

Lets perform an online scan. If that comes clean, I will need to have the Master Boot Record checked.

Download the enclosed folder.

Save and extract its contents to the desktop. Once extracted click on the test.bat file and post its report.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following are checked
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 26 October 2010 - 11:40 PM

Here is the report from the test.zip file

I am still running the Kapersky Online Scanner


Local Area Connection:
Node IpAddress: [192.168.16.226] Scope Id: []



NetBIOS Local Name Table



Name Type Status

---------------------------------------------

ELFA02 <00> UNIQUE Registered

HOWARDSSTORAGE <00> GROUP Registered

ELFA02 <20> UNIQUE Registered

HOWARDSSTORAGE <1E> GROUP Registered



Windows IP Configuration



Host Name . . . . . . . . . . . . : ELFA02

Primary Dns Suffix . . . . . . . : HowardsStorageWorld.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : HowardsStorageWorld.local

howardsstorageworld.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : howardsstorageworld.local

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-1A-6B-5A-5A-B3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.16.226

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.16.254

DHCP Server . . . . . . . . . . . : 192.168.16.6

DNS Servers . . . . . . . . . . . : 192.168.16.6

192.168.16.2

Primary WINS Server . . . . . . . : 192.168.16.6

Secondary WINS Server . . . . . . : 192.168.16.2

Lease Obtained. . . . . . . . . . : Wednesday, 27 October 2010 11:20:04 AM

Lease Expires . . . . . . . . . . : Thursday, 4 November 2010 11:20:04 AM



Pinging Yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=167ms TTL=53

Reply from 98.137.149.56: bytes=32 time=168ms TTL=53

Reply from 98.137.149.56: bytes=32 time=168ms TTL=53

Reply from 98.137.149.56: bytes=32 time=165ms TTL=53



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 165ms, Maximum = 168ms, Average = 167ms



Pinging Google.com [66.102.11.104] with 32 bytes of data:



Reply from 66.102.11.104: bytes=32 time=9ms TTL=57

Reply from 66.102.11.104: bytes=32 time=12ms TTL=57

Reply from 66.102.11.104: bytes=32 time=5ms TTL=57

Reply from 66.102.11.104: bytes=32 time=5ms TTL=57



Ping statistics for 66.102.11.104:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = 12ms, Average = 7ms

These Windows services are started:

Apple Mobile Device
Application Layer Gateway Service
Automatic LiveUpdate Scheduler
Automatic Updates
Bonjour Service
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Help and Support
HID Input Service
HTTP SSL
Indexing Service
iPod Service
IPS Core Service
IPSEC Services
Java Quick Starter
Kaseya Agent
Kaseya Security Service
Logical Disk Manager
Net Logon
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
SQL Server (MSSQLSERVER)
SSDP Discovery Service
System Event Notification
System Restore Service
System Update
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
ThinkVantage Registry Monitor Service
TVT Backup Service
TVT Scheduler
Universal Plug and Play Device Host
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Time
Wireless Zero Configuration
WMI Performance Adapter
Workstation

The command completed successfully.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 PM

Posted 27 October 2010 - 12:57 AM

No issues in that report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 g.stirling

g.stirling
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 27 October 2010 - 05:04 PM

Hi,

Here is the Kapersky Online Scanner report. However, it also scanned a network drive at work G:/

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 28, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 26, 2010 21:24:02
Records in database: 4178813
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\
H:\
T:\
Y:\
Z:\

Scan statistics:
Objects scanned: 659194
Threats found: 10
Infected objects found: 20
Suspicious objects found: 0
Scan duration: 12:52:54


File name / Threat / Threats count
C:\Documents and Settings\Georgina\Application Data\Sun\Java\Deployment\cache\6.0\18\17376d2-625bc09a Infected: Trojan-Downloader.Java.Agent.al 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.gq 1
C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.fl 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\Back to the future.exe Infected: not-a-virus:AdWare.Win32.EZula.d 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\balloons.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\bikini-01_lvo.exe Infected: not-a-virus:AdWare.Win32.Gator.3013 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\bikini3_whg.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\setupbikini7wh.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\setupbikini7wh.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\setupbikini8wh.exe Infected: Trojan-Downloader.Win32.Wren.r 1
G:\International\Buying International\1 Deleted Info Prior to 172010\Peter\McP C Drive\051202_1027 (D)\screen savers\waterfalls_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\Back to the future.exe Infected: not-a-virus:AdWare.Win32.EZula.d 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\balloons.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\bikini-01_lvo.exe Infected: not-a-virus:AdWare.Win32.Gator.3013 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\bikini3_whg.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\setupbikini7wh.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\setupbikini7wh.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\setupbikini8wh.exe Infected: Trojan-Downloader.Win32.Wren.r 1
G:\International\Intellectual Property\Buying International\Peter\My Documents\McP C Drive\051202_1027 (D)\screen savers\waterfalls_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1

Selected area has been scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users