Solved IE8 Pop-up Ads

flyboy1565 · 2010/10/11

[Resolved] IE8 Pop-up Ads

I posted my issues in Internet Help, but was informed to try here. I ran the DDS as requested! I would like any help possible.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Kimber at 20:17:14.59 on Mon 10/11/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1337 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kimber\Documents\JD's Helper.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fptb-hptb6
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
mURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" - "http://www.dot3dgames.com/games/footbowl/ "
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0 "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [hpqSRMon]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%202%20-%20Married%20in%20Manhattan/Images/stg_drm.ocx
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.2.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Dream%20Day%20Wedding%202%20-%20Married%20in%20Manhattan/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-10 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-2 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-10 297752]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-10-08 23:39:38 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78d0e7d4-aeec-4684-bbf0-1b7e78a8a61e}\mpengine.dll
2010-09-28 21:35:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 22:07:36 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 22:07:32 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 22:07:25 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 22:07:20 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 20:18:13.99 ===============

broni · 2010/10/11

Attach.txt part of DDS is missing.

You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG, use AVG Remover: http://www.avg.com/us-en/download-tools
If Norton, use Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

flyboy1565 · 2010/10/15

ok i'll run the other programs you suggested, and also lose norton. here is the attach file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2008 4:24:39 PM
System Uptime: 10/15/2010 11:44:27 AM (7 hours ago)

Motherboard: Wistron | | 30CE
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 134.998 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.942 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0124
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0124
Service: tunnel

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Photosmart C6200
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart C6200
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer
AceMoney Lite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player
AIM 6
AIO_Scan
Amazon MP3 Downloader 1.0.10
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 8.5
BlueVoda Website Builder 10.2
Bonjour
BufferChm
C6200
C6200_Help
Cake Mania 3 (remove only)
Cards_Calendar_OrderGift_DoMorePlugout
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diner Dash - Flo on the Go
Diner Dash Flo Through Time (remove only)
DocProc
DocProcQFolder
Dream Day Wedding
DVD Suite
EA Link
eSupportQFolder
Fax
Gamevance
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Hamachi 1.0.2.5
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HP User Guides 0090
HP Wireless Assistant
HP_Network_UserGuide
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
InstallMgr
iTunes
iWin Games (remove only)
iWin Toolbar
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 7
LabelPrint
LightScribe System Software 1.10.13.1
LiveUpdate (Symantec Corporation)
MarketResearch
Marvell Miniport Driver
Meet Your Computer
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Move Media Player
MSN Toolbar
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Netflix Movie Viewer
NetWaiting
Network
Norton Internet Security (Symantec Corporation)
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Opera 10.00
PanoStandAlone
Parking Dash (remove only)
Power2Go
PowerDirector
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
RealArcade
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
Slingbox Flash Tour
SlingPlayer
SmartDraw 2009
SmartWebPrintingOC
SolutionCenter
Spin & Win
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Status
SymNet
Text Twist 2
The Sims™ Life Stories
Toolbox
Touch Pad Driver
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Viewpoint Media Player
Wal-Mart Digital Photo Manager
WebReg
Wedding Dash
Wedding Dash 2
WildTangent Games
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zoo Tycoon: Complete Collection
Zoombinis Logical Journey(TM)

==== End Of File ===========================

thanks

broni · 2010/10/15

Ok

flyboy1565 · 2010/10/15

ok here is malwarebytes report.. gonna run the others..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4843

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/15/2010 7:35:53 PM
mbam-log-2010-10-15 (19-35-53).txt

Scan type: Quick scan
Objects scanned: 18313
Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

had to stop it midway but will rerun at a later date.. thank very much broni for you help of these two different computers

broni · 2010/10/15

You're welcome

flyboy1565 · 2010/10/18

Broni, i tried the gmer and it doesn't work.. it keeps failing. should i try it in safe mode?

broni · 2010/10/18

Please do.
If still a problem, skip it and proceed with MBRCheck.

flyboy1565 · 2010/10/26

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Phoenix
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv2700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x8244A000 \SystemRoot\system32\ntkrnlpa.exe
0x82417000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\system32\drivers\intelide.sys
0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80799000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD3000 \SystemRoot\system32\drivers\atapi.sys
0x82ADB000 \SystemRoot\system32\drivers\ataport.SYS
0x82AF9000 \SystemRoot\system32\drivers\msahci.sys
0x82B03000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B35000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B45000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A60B000 \SystemRoot\system32\drivers\ndis.sys
0x8A716000 \SystemRoot\system32\drivers\msrpc.sys
0x8A741000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80F000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1C000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB55000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5D000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6C000 \SystemRoot\System32\drivers\ecache.sys
0x8AB93000 \SystemRoot\system32\drivers\disk.sys
0x8ABA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABDB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ABEF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ABFE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8A9DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AA00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A9EB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EE04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F775000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FA02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FAA1000 \SystemRoot\System32\drivers\watchdog.sys
0x8FAAD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FAB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FAF6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FB92000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FE37000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FE47000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FE55000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FE6F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FE80000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FE94000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FEE6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FEEA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FEFD000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FF02000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FF0D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8FF36000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FF41000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF59000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FF5F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FF8E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FFCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FFDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FFF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FBD8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F777000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F78B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F7A0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FFFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F7B0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F7DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F7E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F7F1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A77C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A7B1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A7C2000 \SystemRoot\system32\drivers\CHDRT32.sys
0x82BB6000 \SystemRoot\system32\drivers\portcls.sys
0x807A9000 \SystemRoot\system32\drivers\drmk.sys
0x805B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9020B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9030E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x903C3000 \SystemRoot\system32\drivers\modem.sys
0x903D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x903D9000 \SystemRoot\System32\Drivers\Null.SYS
0x903E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x903E7000 \SystemRoot\System32\drivers\vga.sys
0x807CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90200000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A9F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A7F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BE3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9040A000 \SystemRoot\System32\Drivers\avgtdix.sys
0x90423000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90455000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x90481000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x904A6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x904BD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x904BF000 \SystemRoot\system32\DRIVERS\smb.sys
0x904D3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x904F4000 \SystemRoot\system32\drivers\afd.sys
0x9053C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90552000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x9055B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90569000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9057C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x905B8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x905C2000 \SystemRoot\System32\Drivers\dfsc.sys
0x905D9000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x90806000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90857000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x90864000 \SystemRoot\System32\Drivers\bthport.sys
0x908E4000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9090D000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x90917000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90931000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x90940000 \SystemRoot\system32\drivers\btwavdt.sys
0x91406000 \SystemRoot\system32\drivers\btwaudio.sys
0x91486000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x91489000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91496000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x99420000 \SystemRoot\System32\win32k.sys
0x9155D000 \SystemRoot\System32\drivers\Dxapi.sys
0x99640000 \SystemRoot\System32\TSDDD.dll
0x99660000 \SystemRoot\System32\cdd.dll
0x91576000 \SystemRoot\system32\drivers\luafv.sys
0x8A914000 \SystemRoot\system32\drivers\spsys.sys
0x91591000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x915A1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x915CB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x915D5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82009000 \SystemRoot\system32\drivers\HTTP.sys
0x82076000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82093000 \SystemRoot\system32\DRIVERS\bowser.sys
0x820AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x820C1000 \SystemRoot\system32\drivers\mrxdav.sys
0x820E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x82101000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8213A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82152000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8217A000 \SystemRoot\System32\DRIVERS\srv.sys
0x821E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA0E00000 \SystemRoot\system32\drivers\peauth.sys
0xA0EDE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0EE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0EF4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA0EFE000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA0F02000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0F18000 \SystemRoot\system32\DRIVERS\monitor.sys
0x775E0000 \Windows\System32\ntdll.dll

Processes (total 90):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
536 csrss.exe
588 C:\Windows\System32\wininit.exe
600 csrss.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
876 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\winlogon.exe
1084 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\SLsvc.exe
1288 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\spoolsv.exe
1644 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
1716 C:\Windows\System32\svchost.exe
1960 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2000 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
2012 C:\Program Files\Bonjour\mDNSResponder.exe
2024 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
1384 C:\Program Files\AVG\AVG8\avgrsx.exe
1808 C:\Program Files\iWin Games\iWinTrusted.exe
224 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2108 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2220 C:\Windows\System32\svchost.exe
2256 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2520 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2532 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2576 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2596 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2668 C:\Windows\System32\SearchIndexer.exe
2732 C:\Windows\System32\drivers\XAudio.exe
2752 C:\PROGRA~1\AVG\AVG8\avgemc.exe
2768 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2912 C:\Program Files\AVG\AVG8\avgcsrvx.exe
3016 C:\Windows\System32\taskeng.exe
3052 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3264 C:\Windows\System32\nvvsvc.exe
3656 C:\Windows\System32\dwm.exe
3728 C:\Windows\System32\taskeng.exe
3752 C:\Windows\explorer.exe
728 C:\Program Files\Apoint2K\Apoint.exe
740 C:\Program Files\HP\QuickPlay\QPService.exe
2324 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
832 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3144 C:\Program Files\Windows Defender\MSASCui.exe
3364 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
2332 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1984 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3688 C:\Program Files\AVG\AVG8\avgtray.exe
3920 WmiPrvSE.exe
1100 C:\Program Files\iTunes\iTunesHelper.exe
3988 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4068 C:\Program Files\Gamevance\gamevance32.exe
3584 C:\Program Files\Windows Sidebar\sidebar.exe
3592 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
1652 C:\Windows\ehome\ehtray.exe
1664 C:\Program Files\Skype\Phone\Skype.exe
3216 C:\Program Files\Windows Media Player\wmpnscfg.exe
3224 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3196 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2328 C:\Windows\ehome\ehmsas.exe
4200 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4480 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5112 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
5452 C:\Program Files\Windows Media Player\wmpnetwk.exe
5476 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
6056 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2948 C:\Program Files\iPod\bin\iPodService.exe
4272 C:\Windows\System32\svchost.exe
2640 C:\Program Files\Apoint2K\ApMsgFwd.exe
4620 C:\Program Files\Apoint2K\ApntEx.exe
2720 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
1696 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
5992 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4752 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2472 dllhost.exe
2908 dllhost.exe
6512 C:\Users\Kimber\Documents\Computer Help\MBRCheck download.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`67da8600 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

broni · 2010/10/26

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

flyboy1565 · 2010/10/27

ok will do. Thank you

flyboy1565 · 2010/10/27

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Phoenix
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv2700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x82418000 \SystemRoot\system32\ntkrnlpa.exe
0x827D1000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80730000 \SystemRoot\system32\drivers\volmgr.sys
0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80789000 \SystemRoot\system32\drivers\intelide.sys
0x80790000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079E000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A0F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD6000 \SystemRoot\system32\drivers\atapi.sys
0x82ADE000 \SystemRoot\system32\drivers\ataport.SYS
0x82AFC000 \SystemRoot\system32\drivers\msahci.sys
0x82B06000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B38000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B48000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A605000 \SystemRoot\system32\drivers\ndis.sys
0x8A710000 \SystemRoot\system32\drivers\msrpc.sys
0x8A73B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A806000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB19000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB52000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5A000 \SystemRoot\System32\Drivers\mup.sys
0x8AB69000 \SystemRoot\System32\drivers\ecache.sys
0x8AB90000 \SystemRoot\system32\drivers\disk.sys
0x8ABA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ABEC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ABFB000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8A9D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AA00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A9E2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F009000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F0A8000 \SystemRoot\System32\drivers\watchdog.sys
0x8F0B4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F0BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F0FD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F10C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F199000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F603000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F82B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F83B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F849000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8F863000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8F874000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F888000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F8DA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F8DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F8F1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F8F6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F901000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8F92A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F935000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F94D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F953000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F982000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F9C3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F9CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F9E5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF7A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F9F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F1DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EF9D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFB2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F600000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EFC2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F1F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EFEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A776000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A9EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A7AB000 \SystemRoot\system32\drivers\CHDRT32.sys
0x82BB9000 \SystemRoot\system32\drivers\portcls.sys
0x807AE000 \SystemRoot\system32\drivers\drmk.sys
0x805B3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FD03000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FDB8000 \SystemRoot\system32\drivers\modem.sys
0x8FDC5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FDDC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FDDE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8A7DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EFF9000 \SystemRoot\System32\Drivers\Null.SYS
0x8E600000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A7E7000 \SystemRoot\System32\drivers\vga.sys
0x807D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A7F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82BE6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82BEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x82A00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x807F4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x80600000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8FE0D000 \SystemRoot\System32\Drivers\bthport.sys
0x8FE8D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FEA3000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8FEBC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FEEE000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8FF1A000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8FF3F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FF53000 \SystemRoot\system32\drivers\afd.sys
0x8FF9B000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8FFC4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FFDA000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8FFE4000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x9020F000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90229000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90237000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x90246000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90259000 \SystemRoot\system32\drivers\btwavdt.sys
0x902C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x902FC000 \SystemRoot\system32\drivers\btwaudio.sys
0x9037C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90386000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x90389000 \SystemRoot\System32\Drivers\dfsc.sys
0x903A0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x903A6000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A90B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98A40000 \SystemRoot\System32\win32k.sys
0x8FFED000 \SystemRoot\System32\drivers\Dxapi.sys
0x805F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98C60000 \SystemRoot\System32\TSDDD.dll
0x98C80000 \SystemRoot\System32\cdd.dll
0x81003000 \SystemRoot\system32\drivers\luafv.sys
0x8101E000 \SystemRoot\system32\drivers\spsys.sys
0x810CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x810DE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81108000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81112000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81125000 \SystemRoot\system32\drivers\HTTP.sys
0x81192000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x811AF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x811C8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x811DD000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F40C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F42B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F464000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F47C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F4A4000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F50A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F50E000 \SystemRoot\system32\drivers\peauth.sys
0x9F5EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F400000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F4F2000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F4FC000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAE00B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77710000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
600 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
704 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\winlogon.exe
976 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\nvvsvc.exe
1056 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\spoolsv.exe
1700 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
1816 C:\Windows\System32\svchost.exe
2012 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2032 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
2044 C:\Program Files\Bonjour\mDNSResponder.exe
216 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\taskeng.exe
816 C:\Program Files\AVG\AVG8\avgrsx.exe
500 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2168 C:\Program Files\iWin Games\iWinTrusted.exe
2216 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2260 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2272 C:\Windows\System32\svchost.exe
2312 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\svchost.exe
2372 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2576 C:\Windows\System32\nvvsvc.exe
2820 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2832 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2876 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2896 C:\Windows\System32\svchost.exe
2948 C:\Windows\System32\svchost.exe
2984 C:\Windows\System32\SearchIndexer.exe
3024 C:\Windows\System32\drivers\XAudio.exe
3044 C:\PROGRA~1\AVG\AVG8\avgemc.exe
3056 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3248 C:\Program Files\AVG\AVG8\avgcsrvx.exe
3276 WmiPrvSE.exe
3344 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3708 C:\Windows\System32\dwm.exe
3736 C:\Windows\System32\taskeng.exe
3780 C:\Windows\explorer.exe
3836 C:\Windows\System32\taskeng.exe
1524 C:\Program Files\Apoint2K\Apoint.exe
1856 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1364 C:\Program Files\HP\QuickPlay\QPService.exe
1268 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2700 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2748 C:\Program Files\Windows Defender\MSASCui.exe
2920 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3008 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3072 C:\Program Files\AVG\AVG8\avgtray.exe
2256 C:\Program Files\iTunes\iTunesHelper.exe
3488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2428 C:\Program Files\Gamevance\gamevance32.exe
3680 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3756 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3904 C:\Program Files\Windows Sidebar\sidebar.exe
3868 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2132 WmiPrvSE.exe
4064 C:\Windows\ehome\ehtray.exe
3256 C:\Program Files\Skype\Phone\Skype.exe
2504 C:\Program Files\Windows Media Player\wmpnscfg.exe
2532 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2500 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2392 C:\Windows\ehome\ehmsas.exe
4284 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4824 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4952 C:\Windows\System32\mobsync.exe
5260 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
5760 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5896 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
6084 C:\Program Files\Windows Media Player\wmpnetwk.exe
240 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3900 C:\Program Files\iPod\bin\iPodService.exe
868 C:\Windows\System32\svchost.exe
5052 C:\Program Files\Apoint2K\ApMsgFwd.exe
3768 C:\Program Files\Apoint2K\ApntEx.exe
2644 dllhost.exe
972 dllhost.exe
5352 C:\Users\Kimber\Documents\Computer Help\MBRCheck download.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`67da8600 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

ok that's been completed.. but still recieving random pop-up ads, like when i vist this site.

broni · 2010/10/27

The log looks good now

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

flyboy1565 · 2010/10/27

2010/10/27 16:13:48.0680 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 16:13:48.0680 ================================================================================
2010/10/27 16:13:48.0680 SystemInfo:
2010/10/27 16:13:48.0680
2010/10/27 16:13:48.0680 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/27 16:13:48.0680 Product type: Workstation
2010/10/27 16:13:48.0680 ComputerName: KIMBER-PC
2010/10/27 16:13:48.0681 UserName: Kimber
2010/10/27 16:13:48.0681 Windows directory: C:\Windows
2010/10/27 16:13:48.0681 System windows directory: C:\Windows
2010/10/27 16:13:48.0681 Processor architecture: Intel x86
2010/10/27 16:13:48.0681 Number of processors: 2
2010/10/27 16:13:48.0681 Page size: 0x1000
2010/10/27 16:13:48.0681 Boot type: Normal boot
2010/10/27 16:13:48.0681 ================================================================================
2010/10/27 16:13:49.0186 Initialize success
2010/10/27 16:13:55.0901 ================================================================================
2010/10/27 16:13:55.0901 Scan started
2010/10/27 16:13:55.0901 Mode: Manual;
2010/10/27 16:13:55.0901 ================================================================================
2010/10/27 16:13:56.0654 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/27 16:13:56.0706 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/10/27 16:13:56.0799 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/10/27 16:13:56.0919 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/10/27 16:13:56.0985 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/10/27 16:13:57.0119 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/27 16:13:57.0238 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/10/27 16:13:57.0286 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/27 16:13:57.0360 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/10/27 16:13:57.0417 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/10/27 16:13:57.0483 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/10/27 16:13:57.0550 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/10/27 16:13:57.0622 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/27 16:13:57.0739 ApfiltrService (b49a709f65bf3beaa2b03f8ec139d568) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/10/27 16:13:57.0881 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/10/27 16:13:58.0009 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/10/27 16:13:58.0093 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/27 16:13:58.0167 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/27 16:13:58.0323 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/27 16:13:58.0385 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/27 16:13:58.0461 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/27 16:13:58.0588 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/27 16:13:58.0683 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/27 16:13:58.0795 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/10/27 16:13:58.0876 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/27 16:13:58.0930 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/27 16:13:58.0986 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/27 16:13:59.0058 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/27 16:13:59.0122 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/27 16:13:59.0186 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/27 16:13:59.0244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/27 16:13:59.0346 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/10/27 16:13:59.0438 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/27 16:13:59.0496 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/10/27 16:13:59.0558 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/10/27 16:13:59.0714 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/10/27 16:13:59.0799 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
2010/10/27 16:13:59.0851 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2010/10/27 16:13:59.0919 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/10/27 16:14:00.0015 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/27 16:14:00.0079 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/27 16:14:00.0149 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/10/27 16:14:00.0247 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/27 16:14:00.0301 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/27 16:14:00.0357 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/10/27 16:14:00.0455 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/10/27 16:14:00.0539 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/27 16:14:00.0585 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/10/27 16:14:00.0617 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/10/27 16:14:00.0769 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/27 16:14:00.0923 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/27 16:14:01.0036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/27 16:14:01.0132 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/27 16:14:01.0201 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/27 16:14:01.0341 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/27 16:14:01.0433 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/10/27 16:14:01.0532 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/10/27 16:14:01.0671 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/27 16:14:01.0794 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/27 16:14:01.0902 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/27 16:14:01.0985 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/27 16:14:02.0023 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/27 16:14:02.0085 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/27 16:14:02.0175 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/27 16:14:02.0219 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/27 16:14:02.0285 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/27 16:14:02.0367 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/27 16:14:02.0512 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2010/10/27 16:14:02.0604 HdAudAddService (4487da7bd384caafa0c620b19fea540a) C:\Windows\system32\drivers\CHDART.sys
2010/10/27 16:14:02.0711 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/27 16:14:02.0812 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/27 16:14:02.0876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/27 16:14:03.0009 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/27 16:14:03.0092 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/10/27 16:14:03.0182 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/27 16:14:03.0249 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/10/27 16:14:03.0337 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/27 16:14:03.0447 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/27 16:14:03.0579 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/27 16:14:03.0675 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/27 16:14:03.0749 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/10/27 16:14:03.0826 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/27 16:14:03.0895 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/27 16:14:03.0954 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/10/27 16:14:04.0075 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/27 16:14:04.0165 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/27 16:14:04.0193 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/27 16:14:04.0269 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/27 16:14:04.0375 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/27 16:14:04.0436 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/27 16:14:04.0531 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/27 16:14:04.0577 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/10/27 16:14:04.0669 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/27 16:14:04.0728 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/27 16:14:04.0781 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/27 16:14:04.0843 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/27 16:14:04.0919 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/27 16:14:05.0026 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/27 16:14:05.0141 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/27 16:14:05.0219 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/27 16:14:05.0286 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/27 16:14:05.0370 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/27 16:14:05.0424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/27 16:14:05.0470 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/27 16:14:05.0521 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/10/27 16:14:05.0602 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/10/27 16:14:05.0691 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/27 16:14:05.0764 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/27 16:14:05.0801 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/27 16:14:05.0841 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/27 16:14:05.0900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/27 16:14:05.0965 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/10/27 16:14:06.0032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/27 16:14:06.0092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/27 16:14:06.0184 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/27 16:14:06.0259 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/27 16:14:06.0335 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/27 16:14:06.0374 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/27 16:14:06.0432 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/10/27 16:14:06.0481 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/10/27 16:14:06.0573 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/27 16:14:06.0648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/27 16:14:06.0723 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/27 16:14:06.0793 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/27 16:14:06.0846 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/27 16:14:06.0926 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/27 16:14:06.0961 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/27 16:14:07.0031 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/27 16:14:07.0110 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/27 16:14:07.0203 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/27 16:14:07.0308 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/27 16:14:07.0410 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/27 16:14:07.0508 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/27 16:14:07.0598 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/27 16:14:07.0700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/27 16:14:07.0788 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/27 16:14:07.0896 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/27 16:14:08.0075 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/10/27 16:14:08.0267 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/27 16:14:08.0356 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/27 16:14:08.0420 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/27 16:14:08.0540 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/27 16:14:08.0607 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/27 16:14:08.0650 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/27 16:14:08.0745 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2010/10/27 16:14:09.0156 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/27 16:14:09.0468 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/10/27 16:14:09.0548 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/10/27 16:14:09.0638 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/10/27 16:14:09.0806 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/27 16:14:09.0857 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/27 16:14:09.0931 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/27 16:14:09.0965 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/27 16:14:10.0055 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/27 16:14:10.0101 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/10/27 16:14:10.0160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/27 16:14:10.0274 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/27 16:14:10.0491 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/27 16:14:10.0547 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/10/27 16:14:10.0652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/27 16:14:10.0752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/10/27 16:14:10.0881 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/27 16:14:10.0976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/27 16:14:11.0004 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/27 16:14:11.0066 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/27 16:14:11.0148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/27 16:14:11.0231 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/27 16:14:11.0319 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/27 16:14:11.0389 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/27 16:14:11.0466 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/10/27 16:14:11.0540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/27 16:14:11.0614 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/27 16:14:11.0733 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/10/27 16:14:11.0786 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/27 16:14:11.0849 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/27 16:14:11.0878 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/27 16:14:11.0957 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2010/10/27 16:14:12.0031 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/27 16:14:12.0082 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/27 16:14:12.0231 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/27 16:14:12.0303 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/27 16:14:12.0364 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/27 16:14:12.0420 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/27 16:14:12.0479 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/27 16:14:12.0578 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/27 16:14:12.0629 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/27 16:14:12.0686 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/27 16:14:12.0744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/27 16:14:12.0822 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/10/27 16:14:12.0891 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/10/27 16:14:13.0024 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/10/27 16:14:13.0139 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/27 16:14:13.0207 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/27 16:14:13.0331 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/27 16:14:13.0410 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/27 16:14:13.0444 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/27 16:14:13.0546 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/10/27 16:14:13.0619 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/27 16:14:13.0681 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/27 16:14:13.0750 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/10/27 16:14:13.0839 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/10/27 16:14:13.0935 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS
2010/10/27 16:14:13.0982 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS
2010/10/27 16:14:14.0073 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/27 16:14:14.0121 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/27 16:14:14.0271 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/27 16:14:14.0355 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/27 16:14:14.0429 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/27 16:14:14.0470 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/27 16:14:14.0530 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/27 16:14:14.0607 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/27 16:14:14.0696 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/27 16:14:14.0817 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/27 16:14:14.0874 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/27 16:14:14.0937 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/27 16:14:14.0984 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/10/27 16:14:15.0060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/27 16:14:15.0158 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/27 16:14:15.0221 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/10/27 16:14:15.0303 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/27 16:14:15.0357 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/27 16:14:15.0425 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/27 16:14:15.0536 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/27 16:14:15.0594 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/27 16:14:15.0650 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/27 16:14:15.0775 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/27 16:14:15.0814 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/27 16:14:15.0856 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/27 16:14:15.0911 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/10/27 16:14:15.0973 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/27 16:14:16.0039 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/27 16:14:16.0096 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/27 16:14:16.0205 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/27 16:14:16.0262 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/27 16:14:16.0326 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/10/27 16:14:16.0382 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/10/27 16:14:16.0455 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/10/27 16:14:16.0516 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/27 16:14:16.0588 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/27 16:14:16.0668 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/27 16:14:16.0741 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/10/27 16:14:16.0841 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/27 16:14:16.0904 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/27 16:14:16.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/27 16:14:17.0014 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/10/27 16:14:17.0095 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/27 16:14:17.0212 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/27 16:14:17.0364 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/27 16:14:17.0475 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/27 16:14:17.0550 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/27 16:14:17.0654 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/10/27 16:14:17.0770 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/27 16:14:17.0869 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/27 16:14:17.0966 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/10/27 16:14:18.0317 ================================================================================
2010/10/27 16:14:18.0317 Scan finished
2010/10/27 16:14:18.0317 ================================================================================

broni · 2010/10/27

Looks good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

flyboy1565 · 2010/10/30

hey broni, i tried to run combofix, i had a problem because i couldn't disable my avg and still couldn't unistall norton. I had unistalled norton but it still appears to be running thus not allowing combofix to run. please let me know what i can do

broni · 2010/10/30

What do you mean by "not allowing "?

flyboy1565 · 2010/10/31

it said that i had four types of avg running after i disabled resident guard. also that norton is running. i hit continue after i thought i disabled avg and then it said that they were still continuing.

broni · 2010/10/31

Disregard Combofix warnings and run it.

flyboy1565 · 2010/10/31

ok we'll do

Log in or Sign up

Solved IE8 Pop-up Ads

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved IE8 Pop-up Ads

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

broni Moderator Malware Analyst

flyboy1565 Inactive Thread Starter

Share This Page

Useful Searches