Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects on XP PC, background ads/audio from unknown sources, hidden start menu.


  • This topic is locked This topic is locked
4 replies to this topic

#1 SoCalDad

SoCalDad

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 22 November 2011 - 03:55 PM

I知 on a Windows XP with Media Center PC and I知 experiencing Google redirects while in my Firefox Browser, background audio from iexplore.exe, iTunes pops up then random download of podcast occurs, and hidden start up menu. Booting up to safe mode produces a blue screen which keeps me from running programs in this mode.
My tech friend fought off a prior System Fix virus which came up last week using programs like Stringer, ComboFix, etc. I noticed he left the programs on my son痴 desktop. Can you help? If so, I知 not familiar with how to produce the log lists you will need to diagnose the problem.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:48 AM

Posted 22 November 2011 - 05:09 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. Since you have run ComboFix, please include the ComboFix log in the reply.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the other logs, include the ComboFix log, and describe what happens when you try to create the other logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 SoCalDad

SoCalDad
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 22 November 2011 - 11:52 PM

I downloaded DeFogger and disabled the CD Emulation Software. I used the Spyware and Malware self help guide to down load TDSSkiller and ran it from my desktop which created a TDSS rootkit removing tool log (see below). I was able to enable the viewing of the Hidden files for Windows XP by following the steps provided in the guide. I downloaded the DDS to desktop and ran it which created the DDS.txt and Attach.txt logs for your viewing. I do not have the log from the last ComboFix run. I could download it and run it again if you wish? I downloaded the GMER and tried to run it two separate times which resulted in a blue screen after running for a couple of hours. The blue screen provided the following information:

Check to make sure any new or suspect drivers
Tech info
Stop: 0x000000c5, (0x069368AC, 0x00000002, 0x000000001, 0x8054BFD2)
Beginning physical dump of memory
Physical memory dump complete.

14:29:09.0562 3520 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
14:29:09.0921 3520 ============================================================
14:29:09.0921 3520 Current date / time: 2011/11/22 14:29:09.0921
14:29:09.0921 3520 SystemInfo:
14:29:09.0921 3520
14:29:09.0921 3520 OS Version: 5.1.2600 ServicePack: 3.0
14:29:09.0921 3520 Product type: Workstation
14:29:09.0921 3520 ComputerName: FAMILYCOMPUTER
14:29:09.0921 3520 UserName: Sam Triantis
14:29:09.0921 3520 Windows directory: C:\WINDOWS
14:29:09.0921 3520 System windows directory: C:\WINDOWS
14:29:09.0921 3520 Processor architecture: Intel x86
14:29:09.0921 3520 Number of processors: 2
14:29:09.0921 3520 Page size: 0x1000
14:29:09.0921 3520 Boot type: Normal boot
14:29:09.0921 3520 ============================================================
14:29:19.0921 3520 Initialize success
14:33:12.0281 4040 ============================================================
14:33:12.0281 4040 Scan started
14:33:12.0281 4040 Mode: Manual;
14:33:12.0281 4040 ============================================================
14:33:13.0203 4040 Abiosdsk - ok
14:33:13.0265 4040 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:33:13.0265 4040 abp480n5 - ok
14:33:13.0312 4040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:33:13.0312 4040 ACPI - ok
14:33:13.0343 4040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:33:13.0343 4040 ACPIEC - ok
14:33:13.0390 4040 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:33:13.0390 4040 adpu160m - ok
14:33:13.0421 4040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:33:13.0421 4040 aec - ok
14:33:13.0468 4040 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:33:13.0468 4040 AFD - ok
14:33:13.0515 4040 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:33:13.0515 4040 agp440 - ok
14:33:13.0562 4040 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:33:13.0562 4040 agpCPQ - ok
14:33:13.0609 4040 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:33:13.0609 4040 Aha154x - ok
14:33:13.0625 4040 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:33:13.0625 4040 aic78u2 - ok
14:33:13.0671 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:33:13.0671 4040 aic78xx - ok
14:33:13.0703 4040 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:33:13.0703 4040 AliIde - ok
14:33:13.0750 4040 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:33:13.0750 4040 alim1541 - ok
14:33:13.0781 4040 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:33:13.0781 4040 amdagp - ok
14:33:13.0812 4040 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:33:13.0812 4040 amsint - ok
14:33:13.0875 4040 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:33:13.0875 4040 asc - ok
14:33:13.0890 4040 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:33:13.0890 4040 asc3350p - ok
14:33:13.0921 4040 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:33:13.0921 4040 asc3550 - ok
14:33:13.0984 4040 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:33:13.0984 4040 ASCTRM - ok
14:33:14.0062 4040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:33:14.0062 4040 AsyncMac - ok
14:33:14.0078 4040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:33:14.0078 4040 atapi - ok
14:33:14.0109 4040 Atdisk - ok
14:33:14.0156 4040 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:33:14.0156 4040 ati2mtag - ok
14:33:14.0218 4040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:33:14.0234 4040 Atmarpc - ok
14:33:14.0234 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:33:14.0234 4040 audstub - ok
14:33:14.0281 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:33:14.0281 4040 Beep - ok
14:33:14.0296 4040 bvrp_pci - ok
14:33:14.0421 4040 catchme - ok
14:33:14.0453 4040 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:33:14.0453 4040 cbidf - ok
14:33:14.0468 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:33:14.0468 4040 cbidf2k - ok
14:33:14.0515 4040 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:33:14.0515 4040 CCDECODE - ok
14:33:14.0546 4040 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:33:14.0546 4040 cd20xrnt - ok
14:33:14.0593 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:33:14.0593 4040 Cdaudio - ok
14:33:14.0640 4040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:33:14.0640 4040 Cdfs - ok
14:33:14.0671 4040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:33:14.0671 4040 Cdrom - ok
14:33:14.0687 4040 Changer - ok
14:33:14.0734 4040 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:33:14.0734 4040 CmdIde - ok
14:33:14.0765 4040 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:33:14.0765 4040 Cpqarray - ok
14:33:14.0843 4040 ctac32k (8a9c65ce4fe6e8cb24ce06ba28d951a0) C:\WINDOWS\system32\drivers\ctac32k.sys
14:33:14.0843 4040 ctac32k - ok
14:33:14.0875 4040 ctaud2k (47236971dfb3e03690b98e41665d0924) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:33:14.0875 4040 ctaud2k - ok
14:33:14.0906 4040 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:33:14.0921 4040 ctdvda2k - ok
14:33:14.0953 4040 ctprxy2k (2381cf056c15271f6b8dab50ff82cf3a) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:33:14.0953 4040 ctprxy2k - ok
14:33:15.0015 4040 ctsfm2k (da1c530de86c85a701138b30fb145af3) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:33:15.0015 4040 ctsfm2k - ok
14:33:15.0031 4040 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:33:15.0046 4040 dac2w2k - ok
14:33:15.0078 4040 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:33:15.0078 4040 dac960nt - ok
14:33:15.0156 4040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:33:15.0156 4040 Disk - ok
14:33:15.0203 4040 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:33:15.0203 4040 DLABOIOM - ok
14:33:15.0218 4040 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:33:15.0218 4040 DLACDBHM - ok
14:33:15.0265 4040 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:33:15.0265 4040 DLADResN - ok
14:33:15.0281 4040 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:33:15.0281 4040 DLAIFS_M - ok
14:33:15.0296 4040 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:33:15.0296 4040 DLAOPIOM - ok
14:33:15.0312 4040 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:33:15.0312 4040 DLAPoolM - ok
14:33:15.0312 4040 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:33:15.0312 4040 DLARTL_N - ok
14:33:15.0328 4040 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:33:15.0328 4040 DLAUDFAM - ok
14:33:15.0343 4040 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:33:15.0343 4040 DLAUDF_M - ok
14:33:15.0406 4040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:33:15.0406 4040 dmboot - ok
14:33:15.0437 4040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:33:15.0453 4040 dmio - ok
14:33:15.0453 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:33:15.0453 4040 dmload - ok
14:33:15.0484 4040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:33:15.0484 4040 DMusic - ok
14:33:15.0515 4040 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:33:15.0515 4040 Dot4 - ok
14:33:15.0562 4040 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:33:15.0578 4040 Dot4Print - ok
14:33:15.0625 4040 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
14:33:15.0625 4040 dot4usb - ok
14:33:15.0640 4040 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:33:15.0656 4040 dpti2o - ok
14:33:15.0687 4040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:33:15.0687 4040 drmkaud - ok
14:33:15.0750 4040 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:33:15.0750 4040 DRVMCDB - ok
14:33:15.0750 4040 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:33:15.0750 4040 DRVNDDM - ok
14:33:15.0796 4040 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:33:15.0796 4040 E100B - ok
14:33:15.0812 4040 EagleNT - ok
14:33:15.0859 4040 emupia (661cf27263f3e0b553be050a42d357db) C:\WINDOWS\system32\drivers\emupia2k.sys
14:33:15.0859 4040 emupia - ok
14:33:15.0921 4040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:33:15.0937 4040 Fastfat - ok
14:33:15.0968 4040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:33:15.0968 4040 Fdc - ok
14:33:16.0015 4040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:33:16.0015 4040 Fips - ok
14:33:16.0046 4040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:33:16.0046 4040 Flpydisk - ok
14:33:16.0109 4040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:33:16.0125 4040 FltMgr - ok
14:33:16.0140 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:33:16.0140 4040 Fs_Rec - ok
14:33:16.0156 4040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:33:16.0156 4040 Ftdisk - ok
14:33:16.0187 4040 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:33:16.0187 4040 GEARAspiWDM - ok
14:33:16.0218 4040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:33:16.0218 4040 Gpc - ok
14:33:16.0312 4040 ha20x2k (4b1e6b601c6c8c1cced6c945a9f6e83e) C:\WINDOWS\system32\drivers\ha20x2k.sys
14:33:16.0312 4040 ha20x2k - ok
14:33:16.0406 4040 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:33:16.0406 4040 hamachi - ok
14:33:16.0437 4040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:33:16.0437 4040 HidUsb - ok
14:33:16.0453 4040 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:33:16.0468 4040 hpn - ok
14:33:16.0484 4040 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:33:16.0484 4040 HSFHWBS2 - ok
14:33:16.0531 4040 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:33:16.0531 4040 HSF_DP - ok
14:33:16.0609 4040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:33:16.0609 4040 HTTP - ok
14:33:16.0656 4040 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:33:16.0671 4040 i2omgmt - ok
14:33:16.0687 4040 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:33:16.0687 4040 i2omp - ok
14:33:16.0718 4040 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:33:16.0718 4040 i8042prt - ok
14:33:16.0734 4040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:33:16.0734 4040 Imapi - ok
14:33:16.0781 4040 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:33:16.0781 4040 ini910u - ok
14:33:16.0828 4040 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:33:16.0828 4040 IntelIde - ok
14:33:16.0875 4040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:33:16.0875 4040 intelppm - ok
14:33:16.0937 4040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:33:16.0937 4040 Ip6Fw - ok
14:33:16.0953 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:33:16.0953 4040 IpFilterDriver - ok
14:33:16.0968 4040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:33:16.0968 4040 IpInIp - ok
14:33:17.0000 4040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:33:17.0000 4040 IpNat - ok
14:33:17.0015 4040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:33:17.0015 4040 IPSec - ok
14:33:17.0046 4040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:33:17.0046 4040 IRENUM - ok
14:33:17.0093 4040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:33:17.0093 4040 isapnp - ok
14:33:17.0140 4040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:33:17.0140 4040 Kbdclass - ok
14:33:17.0203 4040 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:33:17.0203 4040 kbdhid - ok
14:33:17.0218 4040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:33:17.0218 4040 kmixer - ok
14:33:17.0250 4040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:33:17.0250 4040 KSecDD - ok
14:33:17.0265 4040 lbrtfdc - ok
14:33:17.0328 4040 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:33:17.0328 4040 mdmxsdk - ok
14:33:17.0359 4040 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:33:17.0359 4040 MHNDRV - ok
14:33:17.0375 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:33:17.0375 4040 mnmdd - ok
14:33:17.0437 4040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:33:17.0437 4040 Modem - ok
14:33:17.0484 4040 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:33:17.0484 4040 MODEMCSA - ok
14:33:17.0500 4040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:33:17.0515 4040 Mouclass - ok
14:33:17.0546 4040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:33:17.0546 4040 mouhid - ok
14:33:17.0578 4040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:33:17.0578 4040 MountMgr - ok
14:33:17.0609 4040 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:33:17.0609 4040 mraid35x - ok
14:33:17.0640 4040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:33:17.0656 4040 MRxDAV - ok
14:33:17.0687 4040 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:33:17.0703 4040 MRxSmb - ok
14:33:17.0734 4040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:33:17.0734 4040 Msfs - ok
14:33:17.0765 4040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:33:17.0765 4040 MSKSSRV - ok
14:33:17.0812 4040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:33:17.0812 4040 MSPCLOCK - ok
14:33:17.0812 4040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:33:17.0828 4040 MSPQM - ok
14:33:17.0859 4040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:33:17.0859 4040 mssmbios - ok
14:33:17.0906 4040 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:33:17.0906 4040 MSTEE - ok
14:33:17.0968 4040 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:33:17.0968 4040 Mup - ok
14:33:18.0015 4040 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:33:18.0015 4040 NABTSFEC - ok
14:33:18.0062 4040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:33:18.0062 4040 NDIS - ok
14:33:18.0109 4040 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:33:18.0109 4040 NdisIP - ok
14:33:18.0171 4040 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:33:18.0171 4040 NdisTapi - ok
14:33:18.0234 4040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:33:18.0234 4040 Ndisuio - ok
14:33:18.0250 4040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:33:18.0250 4040 NdisWan - ok
14:33:18.0281 4040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:33:18.0296 4040 NDProxy - ok
14:33:18.0328 4040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:33:18.0328 4040 NetBIOS - ok
14:33:18.0390 4040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:33:18.0390 4040 NetBT - ok
14:33:18.0406 4040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:33:18.0406 4040 Npfs - ok
14:33:18.0453 4040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:33:18.0453 4040 Ntfs - ok
14:33:18.0484 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:33:18.0484 4040 Null - ok
14:33:18.0562 4040 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:33:18.0578 4040 nv - ok
14:33:18.0593 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:33:18.0609 4040 NwlnkFlt - ok
14:33:18.0625 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:33:18.0625 4040 NwlnkFwd - ok
14:33:18.0671 4040 ossrv (99f877a7bb6feb5af1184eafe937c208) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:33:18.0671 4040 ossrv - ok
14:33:18.0750 4040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:33:18.0750 4040 Parport - ok
14:33:18.0796 4040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:33:18.0796 4040 PartMgr - ok
14:33:18.0843 4040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:33:18.0843 4040 ParVdm - ok
14:33:18.0843 4040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:33:18.0859 4040 PCI - ok
14:33:18.0859 4040 PCIDump - ok
14:33:18.0859 4040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:33:18.0875 4040 PCIIde - ok
14:33:18.0890 4040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:33:18.0890 4040 Pcmcia - ok
14:33:18.0906 4040 PDCOMP - ok
14:33:18.0906 4040 PDFRAME - ok
14:33:18.0921 4040 PDRELI - ok
14:33:18.0921 4040 PDRFRAME - ok
14:33:18.0953 4040 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:33:18.0953 4040 perc2 - ok
14:33:19.0000 4040 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:33:19.0000 4040 perc2hib - ok
14:33:19.0046 4040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:33:19.0046 4040 PptpMiniport - ok
14:33:19.0062 4040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:33:19.0062 4040 PSched - ok
14:33:19.0140 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:33:19.0140 4040 Ptilink - ok
14:33:19.0203 4040 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:33:19.0203 4040 PxHelp20 - ok
14:33:19.0234 4040 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:33:19.0234 4040 ql1080 - ok
14:33:19.0265 4040 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:33:19.0281 4040 Ql10wnt - ok
14:33:19.0312 4040 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:33:19.0312 4040 ql12160 - ok
14:33:19.0343 4040 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:33:19.0343 4040 ql1240 - ok
14:33:19.0390 4040 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:33:19.0390 4040 ql1280 - ok
14:33:19.0421 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:33:19.0421 4040 RasAcd - ok
14:33:19.0468 4040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:33:19.0468 4040 Rasl2tp - ok
14:33:19.0484 4040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:33:19.0484 4040 RasPppoe - ok
14:33:19.0515 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:33:19.0515 4040 Raspti - ok
14:33:19.0531 4040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:33:19.0531 4040 Rdbss - ok
14:33:19.0546 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:33:19.0546 4040 RDPCDD - ok
14:33:19.0562 4040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:33:19.0562 4040 rdpdr - ok
14:33:19.0625 4040 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:33:19.0625 4040 RDPWD - ok
14:33:19.0656 4040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:33:19.0656 4040 redbook - ok
14:33:19.0703 4040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:33:19.0703 4040 Secdrv - ok
14:33:19.0718 4040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:33:19.0718 4040 serenum - ok
14:33:19.0750 4040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:33:19.0750 4040 Serial - ok
14:33:19.0781 4040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:33:19.0781 4040 Sfloppy - ok
14:33:19.0812 4040 Simbad - ok
14:33:19.0859 4040 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:33:19.0859 4040 sisagp - ok
14:33:19.0906 4040 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:33:19.0906 4040 SLIP - ok
14:33:19.0953 4040 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:33:19.0953 4040 SONYPVU1 - ok
14:33:19.0984 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:33:19.0984 4040 Sparrow - ok
14:33:20.0031 4040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:33:20.0031 4040 splitter - ok
14:33:20.0078 4040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:33:20.0078 4040 sr - ok
14:33:20.0156 4040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:20.0156 4040 Srv - ok
14:33:20.0203 4040 SSFMONM (bf04a08c401400bc0da199815182745e) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
14:33:20.0218 4040 SSFMONM - ok
14:33:20.0218 4040 SSHRMD (af050b5f3ffb33d5ce6eade855eaa461) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
14:33:20.0218 4040 SSHRMD - ok
14:33:20.0265 4040 SSIDRV (6121a6526080c60d73747987c0f6a050) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
14:33:20.0265 4040 SSIDRV - ok
14:33:20.0312 4040 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:33:20.0312 4040 streamip - ok
14:33:20.0390 4040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:33:20.0390 4040 swenum - ok
14:33:20.0406 4040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:33:20.0421 4040 swmidi - ok
14:33:20.0453 4040 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:33:20.0453 4040 symc810 - ok
14:33:20.0500 4040 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:33:20.0500 4040 symc8xx - ok
14:33:20.0531 4040 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:33:20.0546 4040 sym_hi - ok
14:33:20.0593 4040 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:33:20.0593 4040 sym_u3 - ok
14:33:20.0656 4040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:33:20.0656 4040 sysaudio - ok
14:33:20.0703 4040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:20.0703 4040 Tcpip - ok
14:33:20.0765 4040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:33:20.0765 4040 TDPIPE - ok
14:33:20.0781 4040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:33:20.0781 4040 TDTCP - ok
14:33:20.0812 4040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:33:20.0812 4040 TermDD - ok
14:33:20.0875 4040 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:33:20.0875 4040 tifsfilter - ok
14:33:20.0906 4040 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:33:20.0906 4040 timounter - ok
14:33:20.0906 4040 TKFsAc - ok
14:33:20.0921 4040 TKFsAv - ok
14:33:20.0937 4040 TKFsFt - ok
14:33:20.0953 4040 TKRgAc - ok
14:33:20.0953 4040 TKRgFt - ok
14:33:20.0984 4040 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:33:20.0984 4040 TosIde - ok
14:33:21.0046 4040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:33:21.0046 4040 Udfs - ok
14:33:21.0093 4040 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:33:21.0093 4040 ultra - ok
14:33:21.0156 4040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:33:21.0156 4040 Update - ok
14:33:21.0234 4040 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:33:21.0234 4040 USBAAPL - ok
14:33:21.0296 4040 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:33:21.0296 4040 usbaudio - ok
14:33:21.0390 4040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:33:21.0390 4040 usbccgp - ok
14:33:21.0453 4040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:33:21.0453 4040 usbehci - ok
14:33:21.0468 4040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:33:21.0468 4040 usbhub - ok
14:33:21.0500 4040 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:33:21.0500 4040 usbscan - ok
14:33:21.0546 4040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:33:21.0546 4040 USBSTOR - ok
14:33:21.0562 4040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:33:21.0562 4040 usbuhci - ok
14:33:21.0609 4040 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:33:21.0609 4040 usbvideo - ok
14:33:21.0640 4040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:33:21.0640 4040 VgaSave - ok
14:33:21.0671 4040 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:33:21.0671 4040 viaagp - ok
14:33:21.0734 4040 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:33:21.0734 4040 ViaIde - ok
14:33:21.0765 4040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:33:21.0765 4040 VolSnap - ok
14:33:21.0796 4040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:33:21.0796 4040 Wanarp - ok
14:33:21.0859 4040 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:33:21.0859 4040 wanatw - ok
14:33:21.0859 4040 WDICA - ok
14:33:21.0875 4040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:33:21.0890 4040 wdmaud - ok
14:33:21.0953 4040 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:33:21.0953 4040 winachsf - ok
14:33:22.0031 4040 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:33:22.0031 4040 WpdUsb - ok
14:33:22.0078 4040 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:33:22.0078 4040 WSTCODEC - ok
14:33:22.0140 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:33:22.0140 4040 WudfPf - ok
14:33:22.0156 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:33:22.0171 4040 WudfRd - ok
14:33:22.0171 4040 XDva347 - ok
14:33:22.0187 4040 XDva349 - ok
14:33:22.0203 4040 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
14:33:22.0203 4040 \Device\Harddisk0\DR0 - ok
14:33:22.0218 4040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR8
14:33:22.0234 4040 \Device\Harddisk5\DR8 - ok
14:33:22.0250 4040 Boot (0x1200) (392b87743c73b3bc0da2ad430d5016ac) \Device\Harddisk0\DR0\Partition0
14:33:22.0250 4040 \Device\Harddisk0\DR0\Partition0 - ok
14:33:22.0250 4040 Boot (0x1200) (a639db2706c9c75f35e946a9054a8a9e) \Device\Harddisk5\DR8\Partition0
14:33:22.0250 4040 \Device\Harddisk5\DR8\Partition0 - ok
14:33:22.0250 4040 ============================================================
14:33:22.0250 4040 Scan finished
14:33:22.0250 4040 ============================================================
14:33:22.0265 0376 Detected object count: 0
14:33:22.0265 0376 Actual detected object count: 0




DDS.txt Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by Sam Triantis at 15:27:34 on 2011-11-22
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Sam Triantis\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253776150562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{316EF3E1-D970-450E-9B8C-48F009DE9E10} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam triantis\application data\mozilla\firefox\profiles\475eunp6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: c:\documents and settings\sam triantis\application data\mozilla\firefox\profiles\475eunp6.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: c:\documents and settings\sam triantis\application data\mozilla\firefox\profiles\475eunp6.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\sam triantis\application data\mozilla\firefox\profiles\475eunp6.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - component: c:\program files\windows ilivid toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FreeAgentGoNext Service;Seagate Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? npggsvc;nProtect GameGuard Service
R? TKFsAc;TKFsAc
R? TKFsAv;TKFsAv
R? TKFsFt;TKFsFt
R? TKRgAc;TKRgAc
R? TKRgFt;TKRgFt
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? XDva347;XDva347
R? XDva349;XDva349
S? McrdSvc;Media Center Extender Service
S? SSFMONM;Spy Sweeper File System Filter Driver
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WRConsumerService;Webroot Client Service
.
=============== Created Last 30 ================
.
2011-11-22 09:31:12 -------- d-sha-r- C:\cmdcons
2011-11-22 09:22:58 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 09:22:57 98816 ----a-w- c:\windows\sed.exe
2011-11-22 09:22:57 518144 ----a-w- c:\windows\SWREG.exe
2011-11-22 09:22:57 256000 ----a-w- c:\windows\PEV.exe
2011-11-22 09:21:36 -------- d-s---w- C:\ComboFix
2011-11-18 17:12:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 17:12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-18 01:15:44 45584 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-11-18 01:15:44 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-11-18 01:15:44 181008 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-11-18 01:13:24 -------- dc-h--w- c:\documents and settings\all users\application data\{13B9F5E8-C08A-4A36-853C-E98B1B218525}
2011-11-18 01:12:57 -------- d-----w- c:\program files\Webroot
2011-11-18 01:09:38 -------- d-----w- c:\documents and settings\all users\application data\Webroot
2011-11-17 16:45:31 -------- d-----w- c:\documents and settings\all users\application data\WinZipEC
2011-11-17 16:45:27 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2011-11-11 19:48:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-26 22:00:33 -------- d-----w- c:\program files\Windows Media Connect 2
.
==================== Find3M ====================
.
2011-11-11 19:48:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 08:18:13 4807 ----a-w- C:\DetectionData.tmp
2011-11-05 08:18:13 111569 ----a-w- C:\InformationalData.tmp
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:29:23.70 ===============

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 AM

Posted 27 November 2011 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428929 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 AM

Posted 02 December 2011 - 04:05 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users