KYAmy

Members
  • Content count

    5
  • Joined

  • Last visited

About KYAmy

  • Rank
    New Member

Profile Information

  • Location
    United States
  • Interests
    Keeping my home computers free viruses, spyware, malware, and other stuff.
  1. My computer is a HP Pavillion a350n with XP Service Pack 3 and a Pentium 4. My most noticeable problems is the pop-ups yes. I noticed every time the pop-ups occur is when the CPU usage spikes. I have not used my emai since this problem has occurred on this computer and it occurs regardless of if I am on-line or off-line. It might stop if I unplug the internet connect it might stop. I ran disk cleanup with no chance in the problem. I ran into a problem of removing ComboFix though. It said it was trying to delete it. The computer than closed a open internet browser, which was fine, then opened ComboFix to run the program. It asked me if there was any updates. After I said no it said that I needed to turn my anti-virus off so it could scan. I eventually was able to turn it off. I tried to delete it like it was posted and I do not know what happened. I do not know what happened. I can try again tomorrow. I am posting the log as requested. KyAmy Here is the MBAM log; Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5848 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/22/2011 9:36:15 PM mbam-log-2011-02-22 (21-36-15).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 249142 Time elapsed: 2 hour(s), 10 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Sorry I could not reply yesterday because I was busy. Anyway, when I turned my computer back on today it was worse than it was before with Spy Sweeper pop-ups every 30 seconds to 5 minutes, worse than before. I am posting my log from Spy Sweeper in case if this helps. I do not know what the problem is and thought sending the log might help. If I have to do a complete computer restore than I have it is better than having no computer. KyAmy 2/22/2011 12:59:03 PM: The Internet Communication shield has blocked access to: HOTWINUPDATES.COM 2/22/2011 12:58:57 PM: The Internet Communication shield has blocked access to: HOTVID44.COM 2/22/2011 12:58:54 PM: The Internet Communication shield has blocked access to: WWW.HOT-TV.COM 2/22/2011 12:58:48 PM: The Internet Communication shield has blocked access to: HOT-TV.COM 2/22/2011 12:57:07 PM: The Internet Communication shield has blocked access to: WWW.HOMELANDNETWORK.COM 2/22/2011 12:53:26 PM: ApplicationMinimized - EXIT 2/22/2011 12:53:26 PM: ApplicationMinimized - ENTER 2/22/2011 12:53:10 PM: The Internet Communication shield has blocked access to: HERE4SEARCH.COM 2/22/2011 12:53:07 PM: The Internet Communication shield has blocked access to: HERE4SEARCH.COM 2/22/2011 12:53:01 PM: The Internet Communication shield has blocked access to: HERE4SEARCH.BIZ 2/22/2011 12:48:53 PM: The Internet Communication shield has blocked access to: HARDCOREOVER.COM 2/22/2011 12:41:35 PM: The Internet Communication shield has blocked access to: WWW.GOOOGLE.BZ 2/22/2011 12:41:35 PM: The Internet Communication shield has blocked access to: GOSYSGD09.COM 2/22/2011 12:38:51 PM: The Internet Communication shield has blocked access to: GOMYRON.COM 2/22/2011 12:38:51 PM: The Internet Communication shield has blocked access to: GOODMOVIELAUGH.COM 2/22/2011 12:38:51 PM: The Internet Communication shield has blocked access to: GOOD-MOVIE-PLAY.COM 2/22/2011 12:37:57 PM: The Internet Communication shield has blocked access to: GOODMOVIELAUGH.COM 2/22/2011 12:37:56 PM: The Internet Communication shield has blocked access to: GOODMOVIELAUGH.COM 2/22/2011 12:35:59 PM: The Internet Communication shield has blocked access to: GO.DRIVECLEANER.COM 2/22/2011 12:35:59 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM 2/22/2011 12:34:17 PM: The Internet Communication shield has blocked access to: WWW.GL.SECDEP.INFO 2/22/2011 12:34:17 PM: The Internet Communication shield has blocked access to: GL.SECDEP.INFO 2/22/2011 12:30:37 PM: The Internet Communication shield has blocked access to: WWW.GETANTIVIRUSPLUSNOW.COM 2/22/2011 12:30:37 PM: The Internet Communication shield has blocked access to: GETANTIVIRUSPLUSNOW.COM 2/22/2011 12:30:37 PM: The Internet Communication shield has blocked access to: WWW.GETAVPLUSNOW.COM 2/22/2011 12:30:37 PM: The Internet Communication shield has blocked access to: GETAVPLUSNOW.COM 2/22/2011 12:29:32 PM: The Internet Communication shield has blocked access to: GETANTIVIRUSPLUSNOW.COM 2/22/2011 12:26:10 PM: The Internet Communication shield has blocked access to: WWW.GAYSTOGAY.COM 2/22/2011 12:22:34 PM: The Internet Communication shield has blocked access to: GAME4ALL.BIZ 2/22/2011 12:21:35 PM: The Internet Communication shield has blocked access to: WWW.GAD-NETWORK.COM 2/22/2011 12:15:49 PM: The Internet Communication shield has blocked access to: FP.OUTERINFO.NET 2/22/2011 12:15:49 PM: The Internet Communication shield has blocked access to: WWW.FR.DRIVECLEANER.COM 2/22/2011 12:15:49 PM: The Internet Communication shield has blocked access to: FR.DRIVECLEANER.COM 2/22/2011 12:15:49 PM: The Internet Communication shield has blocked access to: FREEAVTEST.COM 2/22/2011 12:15:49 PM: The Internet Communication shield has blocked access to: WWW.FREECAT.BIZ 2/22/2011 12:14:48 PM: The Internet Communication shield has blocked access to: FREEAVTEST.COM 2/22/2011 12:13:01 PM: The Internet Communication shield has blocked access to: FN777.GREATBAHAMAS.COM 2/22/2011 12:11:40 PM: The Internet Communication shield has blocked access to: FIRST-REASON.COM 2/22/2011 12:11:40 PM: The Internet Communication shield has blocked access to: FLASHFLASHMX.3322.ORG 2/22/2011 12:10:50 PM: The Internet Communication shield has blocked access to: FLASHFLASHMX.3322.ORG 2/22/2011 12:09:53 PM: The Internet Communication shield has blocked access to: FINDSPROPORTAL.COM 2/22/2011 12:09:53 PM: The Internet Communication shield has blocked access to: FINDXPROPORTAL.COM 2/22/2011 12:09:53 PM: The Internet Communication shield has blocked access to: FINDZPROPORTAL.COM 2/22/2011 12:09:04 PM: The Internet Communication shield has blocked access to: FINDZPROPORTAL.COM 2/22/2011 12:08:30 PM: The Internet Communication shield has blocked access to: FILE.QQHELPER.COM 2/22/2011 12:08:29 PM: The Internet Communication shield has blocked access to: FILE.UNIONSMS.NET 2/22/2011 12:08:29 PM: The Internet Communication shield has blocked access to: FILE2.QQHELPER.COM 2/22/2011 12:08:29 PM: The Internet Communication shield has blocked access to: FILE3.QQHELPER.COM 2/22/2011 12:05:55 PM: The Internet Communication shield has blocked access to: FECATI.COM 2/22/2011 12:05:55 PM: The Internet Communication shield has blocked access to: WWW.FEEDS2.2SEARCH.ORG 2/22/2011 12:05:55 PM: The Internet Communication shield has blocked access to: FEEDS2.2SEARCH.ORG 2/22/2011 12:05:01 PM: The Internet Communication shield has blocked access to: WWW.FEEDS2.2SEARCH.ORG 2/22/2011 12:01:34 PM: The Internet Communication shield has blocked access to: WWW.EZCYBERSEARCH.COM 2/22/2011 12:01:34 PM: The Internet Communication shield has blocked access to: WWW.F1ORGANIZER.COM 2/22/2011 12:01:34 PM: The Internet Communication shield has blocked access to: F5.COOKINGLUCK.COM 2/22/2011 12:01:34 PM: The Internet Communication shield has blocked access to: F6.COOKINGLUCK.COM 2/22/2011 12:01:34 PM: The Internet Communication shield has blocked access to: F7.COOKINGLUCK.COM 2/22/2011 11:58:48 AM: The Internet Communication shield has blocked access to: WWW.EVKO.BIZ 2/22/2011 11:58:48 AM: The Internet Communication shield has blocked access to: EVKO.BIZ 2/22/2011 11:58:48 AM: The Internet Communication shield has blocked access to: EWIZARD.CC 2/22/2011 11:58:48 AM: The Internet Communication shield has blocked access to: EXACT-RESULTS.NET 2/22/2011 11:56:14 AM: The Internet Communication shield has blocked access to: ERT47.A1.WRS.MCBOO.COM 2/22/2011 11:53:31 AM: The Internet Communication shield has blocked access to: ENJOYWEBSURF.COM 2/22/2011 11:51:13 AM: The Internet Communication shield has blocked access to: WWW.ELITEMEDIAGROUP.NET 2/22/2011 11:51:13 AM: The Internet Communication shield has blocked access to: EMCODEC.COM 2/22/2011 11:44:38 AM: The Internet Communication shield has blocked access to: WWW.EASYWWW.INFO 2/22/2011 11:42:46 AM: The Internet Communication shield has blocked access to: DVDCODEC.NET 2/22/2011 11:42:45 AM: The Internet Communication shield has blocked access to: DYNAMIQUE.DRIVECLEANER.COM 2/22/2011 11:41:14 AM: The Internet Communication shield has blocked access to: DUMPSERV.COM 2/22/2011 11:35:04 AM: The Internet Communication shield has blocked access to: WWW.DRIVECLEANER.COM 2/22/2011 11:33:40 AM: The Internet Communication shield has blocked access to: DR.MCBOO.COM 2/22/2011 11:33:40 AM: The Internet Communication shield has blocked access to: DR38.MCBOO.COM 2/22/2011 11:33:40 AM: The Internet Communication shield has blocked access to: DR47.MCBOO.COM 2/22/2011 11:32:26 AM: The Internet Communication shield has blocked access to: DOLLARREVENUE.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: WWW.DOTCOMTOOLBAR.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWN.136136.NET 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.ABETTERINTERNET.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.BARDOWNLOAD.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.CDN.DRIVECLEANER.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.CDN.WINSOFTWARE.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.CONTEXTPLUS.NET 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.FAVORIT-NETWORK.COM 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: WWW.DOWNLOAD.JUPITERSATELLITES.BIZ 2/22/2011 11:32:25 AM: The Internet Communication shield has blocked access to: DOWNLOAD.JUPITERSATELLITES.BIZ 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD.MALWAREALARM.COM 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: WWW.DOWNLOAD.SECUREYOURNET.BIZ 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD.SECUREYOURNET.BIZ 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD.SPY-SHREDDER.COM 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD10.SPYWAREQUAKE.COM 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD11.SPYWAREQUAKE.COM 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD12.SPYWAREQUAKE.COM 2/22/2011 11:32:24 AM: The Internet Communication shield has blocked access to: DOWNLOAD13.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD15.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD2.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD3.SPYAXE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD3.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD4.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD5.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD7.SPYWAREQUAKE.COM 2/22/2011 11:32:23 AM: The Internet Communication shield has blocked access to: DOWNLOAD8.SPYWAREQUAKE.COM 2/22/2011 11:32:22 AM: The Internet Communication shield has blocked access to: DOWNLOAD9.SPYWAREQUAKE.COM 2/22/2011 11:32:22 AM: The Internet Communication shield has blocked access to: DOWNLOADAVR3.COM 2/22/2011 11:32:22 AM: The Internet Communication shield has blocked access to: WWW.DOWNLOADMAX.NET 2/22/2011 11:32:22 AM: The Internet Communication shield has blocked access to: DOWNLOADS.ADAWARE.CC 2/22/2011 11:31:33 AM: The Internet Communication shield has blocked access to: DOWNLOADS.ADAWARE.CC 2/22/2011 11:29:09 AM: The Internet Communication shield has blocked access to: WWW.DOWNLOAD.JUPITERSATELLITES.BIZ 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DIST.CHECKIN100.COM 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DL.AD-WARE.CC 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DL.MCBOO.COM 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DL.TARGETSAVER.COM 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DL.WEB-NEXUS.NET 2/22/2011 11:27:34 AM: The Internet Communication shield has blocked access to: DL1.ANTIVERMINS.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL1.ANTIVIRGEAR.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL2.BUNDLEXT.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL2.SPYFALCON.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL3.SPYWARESTRIKE.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL4.SPYFALCON.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL5.SPYWARESTRIKE.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DL6.SPYWARESTRIKE.COM 2/22/2011 11:27:33 AM: The Internet Communication shield has blocked access to: DNS-PROBLEM.COM 2/22/2011 11:26:45 AM: The Internet Communication shield has blocked access to: DNS-PROBLEM.COM 2/22/2011 11:26:44 AM: The Internet Communication shield has blocked access to: DNS-PROBLEM.COM 2/22/2011 11:25:55 AM: The Internet Communication shield has blocked access to: DL2.BUNDLEXT.COM 2/22/2011 11:25:43 AM: The Internet Communication shield has blocked access to: DL.TARGETSAVER.COM 2/22/2011 11:22:44 AM: The Internet Communication shield has blocked access to: DIASHKA.COM 2/22/2011 11:20:56 AM: The Internet Communication shield has blocked access to: DESKBAR.WORLDTOSTART.COM 2/22/2011 11:18:09 AM: The Internet Communication shield has blocked access to: DCWW.DMCAST.COM 2/22/2011 11:18:09 AM: The Internet Communication shield has blocked access to: DE.DRIVECLEANER.COM 2/22/2011 11:18:09 AM: The Internet Communication shield has blocked access to: DEDMAZAY.3322.ORG 2/22/2011 11:18:09 AM: The Internet Communication shield has blocked access to: WWW.DEFENDER2009.COM 2/22/2011 11:18:09 AM: The Internet Communication shield has blocked access to: WWW.DEFENDER-REVIEW.COM 2/22/2011 11:17:18 AM: The Internet Communication shield has blocked access to: WWW.DEFENDER2009.COM 2/22/2011 11:13:36 AM: The Internet Communication shield has blocked access to: CSX.ADSERVS.COM 2/22/2011 11:13:36 AM: The Internet Communication shield has blocked access to: CUREDC.INFO 2/22/2011 11:08:51 AM: The Internet Communication shield has blocked access to: COSTRIKE.COM 2/22/2011 11:08:51 AM: The Internet Communication shield has blocked access to: COUNT.HITSCOUNT.NET 2/22/2011 11:04:10 AM: The Internet Communication shield has blocked access to: CORE.PSYCHE-EVOLUTION.COM 2/22/2011 11:01:53 AM: The Internet Communication shield has blocked access to: WWW.CONTENT.DOLLARREVENUE.COM 2/22/2011 11:01:53 AM: The Internet Communication shield has blocked access to: CONTENT.DOLLARREVENUE.COM 2/22/2011 11:01:53 AM: The Internet Communication shield has blocked access to: CONTENT.IREIT.COM 2/22/2011 11:01:53 AM: The Internet Communication shield has blocked access to: WWW.CONTRA-VIRUS.COM 2/22/2011 11:01:53 AM: The Internet Communication shield has blocked access to: CONTRA-VIRUS.COM 2/22/2011 11:00:40 AM: The Internet Communication shield has blocked access to: COMMAND.ADSERVS.COM 2/22/2011 11:00:40 AM: The Internet Communication shield has blocked access to: WWW.COMMONNAME.COM 2/22/2011 11:00:40 AM: The Internet Communication shield has blocked access to: COMMONNAME.COM 2/22/2011 10:58:52 AM: The Internet Communication shield has blocked access to: CODECSOFT.NET 2/22/2011 10:57:52 AM: The Internet Communication shield has blocked access to: CODE.IGNPHRASES.COM 2/22/2011 10:56:44 AM: The Internet Communication shield has blocked access to: CLRSCH.COM 2/22/2011 10:55:16 AM: The Internet Communication shield has blocked access to: CLEANCODEC.COM 2/22/2011 10:55:15 AM: The Internet Communication shield has blocked access to: CLICKAIRE.COM 2/22/2011 10:55:15 AM: The Internet Communication shield has blocked access to: WWW.CLICKSPRING.NET 2/22/2011 10:55:15 AM: The Internet Communication shield has blocked access to: CLICKSPRING.NET 2/22/2011 10:55:15 AM: The Internet Communication shield has blocked access to: CLIENT.MYADULTEXPLORER.COM 2/22/2011 10:54:26 AM: The Internet Communication shield has blocked access to: CLIENT.MYADULTEXPLORER.COM 2/22/2011 10:54:11 AM: The Internet Communication shield has blocked access to: WWW.CLICKSPRING.NET 2/22/2011 10:51:51 AM: The Internet Communication shield has blocked access to: CHILDHE.COM 2/22/2011 10:51:51 AM: The Internet Communication shield has blocked access to: CHKWL.COM 2/22/2011 10:51:02 AM: The Internet Communication shield has blocked access to: CHKWL.COM 2/22/2011 10:50:42 AM: The Internet Communication shield has blocked access to: WWW.CHECK.JUPITERSATELLITES.BIZ 2/22/2011 10:50:42 AM: The Internet Communication shield has blocked access to: CHECK.JUPITERSATELLITES.BIZ 2/22/2011 10:48:39 AM: The Internet Communication shield has blocked access to: CCECAEDBEBFCAF.COM 2/22/2011 10:48:39 AM: The Internet Communication shield has blocked access to: CDN.DRIVECLEANER.COM 2/22/2011 10:48:39 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:48:38 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:56 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:56 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:52 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:52 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:50 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:49 AM: The Internet Communication shield has blocked access to: CDN2.MOVIES-ETC.COM 2/22/2011 10:47:41 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:47:41 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:47:37 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:47:37 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:47:35 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:47:34 AM: The Internet Communication shield has blocked access to: CDN.MOVIES-ETC.COM 2/22/2011 10:44:02 AM: The Internet Communication shield has blocked access to: WWW.CASHDELUXE.NET 2/22/2011 10:44:02 AM: The Internet Communication shield has blocked access to: CASHDELUXE.NET 2/22/2011 10:44:02 AM: The Internet Communication shield has blocked access to: WWW.CASHSURFERS.COM 2/22/2011 10:44:02 AM: The Internet Communication shield has blocked access to: WWW.CASHUNLIM.COM 2/22/2011 10:44:02 AM: The Internet Communication shield has blocked access to: CASHUNLIM.COM 2/22/2011 10:43:08 AM: The Internet Communication shield has blocked access to: WWW.CASHSURFERS.COM 2/22/2011 10:41:58 AM: The Internet Communication shield has blocked access to: CAMPAIGNS.OUTERINFO.NET 2/22/2011 10:41:09 AM: The Internet Communication shield has blocked access to: CAMPAIGNS.OUTERINFO.NET 2/22/2011 10:39:33 AM: The Internet Communication shield has blocked access to: CACHE.SURFACCURACY.COM 2/22/2011 10:39:33 AM: The Internet Communication shield has blocked access to: CACHE.YSBWEB.COM 2/22/2011 10:38:01 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:18 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:18 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:14 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:14 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:12 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:37:11 AM: The Internet Communication shield has blocked access to: BUYTRAFF.BIZ 2/22/2011 10:36:45 AM: The Internet Communication shield has blocked access to: BSA.SAFETYDOWNLOAD.COM 2/22/2011 10:36:45 AM: The Internet Communication shield has blocked access to: BUHARTES.INFO 2/22/2011 10:36:45 AM: The Internet Communication shield has blocked access to: BURNSRECYCLINGINC.COM 2/22/2011 10:35:15 AM: The Internet Communication shield has blocked access to: BSA.SAFETYDOWNLOAD.COM 2/22/2011 10:33:00 AM: The Internet Communication shield has blocked access to: BONUSPROMOOFFER.COM 2/22/2011 10:33:00 AM: The Internet Communication shield has blocked access to: WWW.BOOKEDSPACE.COM 2/22/2011 10:33:00 AM: The Internet Communication shield has blocked access to: BOOMGIRLTV.COM 2/22/2011 10:27:29 AM: The Internet Communication shield has blocked access to: BINS.MEDIA-MOTOR.NET 2/22/2011 10:27:29 AM: The Internet Communication shield has blocked access to: BINS2.MEDIA-MOTOR.NET 2/22/2011 10:26:22 AM: The Internet Communication shield has blocked access to: BEST-TARGETED-TRAFFIC.COM 2/22/2011 10:26:22 AM: The Internet Communication shield has blocked access to: BEST-VOYEUR.INFO 2/22/2011 10:26:22 AM: The Internet Communication shield has blocked access to: WWW.BETTERSEARCH.BIZ 2/22/2011 10:24:50 AM: The Internet Communication shield has blocked access to: BESTMANAGE1.ORG 2/22/2011 10:24:50 AM: The Internet Communication shield has blocked access to: BESTNETWOK.NET 2/22/2011 10:24:50 AM: The Internet Communication shield has blocked access to: WWW.BESTOFFERSNETWORKS.COM 2/22/2011 10:24:50 AM: The Internet Communication shield has blocked access to: BESTPRIVATETUBE.NET 2/22/2011 10:21:48 AM: The Internet Communication shield has blocked access to: WWW.BEGIN2SEARCH.COM 2/22/2011 10:19:19 AM: The Internet Communication shield has blocked access to: AWBETA.NET-NUCLEUS.COM 2/22/2011 10:19:19 AM: The Internet Communication shield has blocked access to: WWW.AWESOMEHOMEPAGE.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: AWMDABEST.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: WWW.AXOBJECTPAGE.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: AYB.DNS-LOOK-UP.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: AYB.NETBIOS-WAIT.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: B122.MCBOO.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: B152.BUNDLEXT.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: B155.BUNDLEXT.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: WWW.BABESPORNMAG.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: WWW.BARDOWNLOAD.COM 2/22/2011 10:19:18 AM: The Internet Communication shield has blocked access to: BARDOWNLOAD.COM 2/22/2011 10:16:41 AM: The Internet Communication shield has blocked access to: WWW.AXOBJECTPAGE.COM 2/22/2011 10:14:55 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:13 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:13 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:09 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:09 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:07 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:14:06 AM: The Internet Communication shield has blocked access to: AV-LOOK.COM 2/22/2011 10:10:40 AM: The Internet Communication shield has blocked access to: AV-2009.COM 2/22/2011 10:09:37 AM: The Internet Communication shield has blocked access to: ASTA-KILLER.COM 2/22/2011 10:09:37 AM: The Internet Communication shield has blocked access to: ASTRUMAVRPRO.COM 2/22/2011 10:09:37 AM: The Internet Communication shield has blocked access to: ATTREZZI.BIZ 2/22/2011 10:08:04 AM: The Internet Communication shield has blocked access to: ASTRUMAVRPRO.COM 2/22/2011 10:07:38 AM: The Internet Communication shield has blocked access to: ASDBIZ.BIZ 2/22/2011 10:07:38 AM: The Internet Communication shield has blocked access to: ASECURITYISSUE.COM 2/22/2011 10:05:37 AM: The Internet Communication shield has blocked access to: APPROVEDLINKS.COM 2/22/2011 10:05:37 AM: The Internet Communication shield has blocked access to: APPS.DESKWIZZ.COM 2/22/2011 10:05:37 AM: The Internet Communication shield has blocked access to: APROTECTEDPAGE.COM 2/22/2011 10:02:25 AM: The Internet Communication shield has blocked access to: ANTIVIRUS2008X.COM 2/22/2011 10:02:25 AM: The Internet Communication shield has blocked access to: ANTIVIRUS-2009.COM 2/22/2011 10:02:25 AM: The Internet Communication shield has blocked access to: ANTIVIRUS2009PROFESSIONAL.COM 2/22/2011 10:02:24 AM: The Internet Communication shield has blocked access to: ANTIVIRUS-DATABASE.COM 2/22/2011 10:02:24 AM: The Internet Communication shield has blocked access to: ANTIVIRUSGOLDEN.COM 2/22/2011 10:02:24 AM: The Internet Communication shield has blocked access to: ANTIVIRUSPROTECTOR.COM 2/22/2011 10:01:03 AM: The Internet Communication shield has blocked access to: ANTIVIRUS-DATABASE.COM 2/22/2011 10:00:35 AM: The Internet Communication shield has blocked access to: ANTIVIR-SYSTEMPRO.COM 2/22/2011 10:00:35 AM: The Internet Communication shield has blocked access to: ANTIVIRUS-2008PRO.COM 2/22/2011 9:59:18 AM: The Internet Communication shield has blocked access to: WWW.ANTIVIRGEAR.COM 2/22/2011 9:58:25 AM: The Internet Communication shield has blocked access to: ANTISPYWARE-2008.NAME 2/22/2011 9:58:25 AM: The Internet Communication shield has blocked access to: ANTISPYWARE-2008.ORG 2/22/2011 9:58:25 AM: The Internet Communication shield has blocked access to: ANTISPYWARE2008-DOWNLOAD.COM 2/22/2011 9:58:25 AM: The Internet Communication shield has blocked access to: ANTISPYWARE-2008-DOWNLOAD.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: ANTISPYWARE2008-DOWNLOAD.ORG 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: ANTISPYWARE-2008-DOWNLOAD.ORG 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWAREBOT.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: ANTISPYWAREBOX.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWAREEXPERT.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: ANTISPYWAREEXPERT.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWAREMASTER.COM 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:58:24 AM: The Internet Communication shield has blocked access to: ANTISPYWEB.NET 2/22/2011 9:58:23 AM: The Internet Communication shield has blocked access to: WWW.ANTIVERMINS.COM 2/22/2011 9:56:32 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:56:32 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:56:28 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:56:28 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:56:26 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:56:25 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYWARE-REVIEW.INFO 2/22/2011 9:55:36 AM: The Internet Communication shield has blocked access to: WWW.ANIMEPORNMAG.COM 2/22/2011 9:55:36 AM: The Internet Communication shield has blocked access to: WWW.ANTIAID.COM 2/22/2011 9:55:36 AM: The Internet Communication shield has blocked access to: ANTIMALWAREGUARD.COM 2/22/2011 9:55:36 AM: The Internet Communication shield has blocked access to: WWW.ANTISPYKIT.COM 2/22/2011 9:55:36 AM: The Internet Communication shield has blocked access to: ANTISPYLAB.COM 2/22/2011 9:54:47 AM: The Internet Communication shield has blocked access to: ANTISPYLAB.COM 2/22/2011 9:52:44 AM: The Internet Communication shield has blocked access to: WWW.ANALCORD.COM 2/22/2011 9:51:45 AM: The Internet Communication shield has blocked access to: WWW.AMAENA.COM 2/22/2011 9:50:51 AM: None 2/22/2011 9:50:51 AM: Traces Found: 0 2/22/2011 9:50:51 AM: Full Sweep has completed. Elapsed time 00:37:14 2/22/2011 9:50:50 AM: File Sweep Complete, Elapsed Time: 00:25:50 2/22/2011 9:50:02 AM: Warning: Corrupt Archive: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\pchplugin.zip 2/22/2011 9:49:43 AM: Warning: Corrupt Archive: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\motdeusr.zip 2/22/2011 9:49:41 AM: The Internet Communication shield has blocked access to: ALLMEGABUCKS.COM 2/22/2011 9:49:41 AM: Warning: Failed to add dependency MD5. This function must have a fully qualified path name:SCRes.dll 2/22/2011 9:48:53 AM: The Internet Communication shield has blocked access to: ALLMEGABUCKS.COM 2/22/2011 9:48:52 AM: The Internet Communication shield has blocked access to: ALLMEGABUCKS.COM 2/22/2011 9:33:54 AM: The Internet Communication shield has blocked access to: AD-WARE.CC 2/22/2011 9:33:53 AM: The Internet Communication shield has blocked access to: AD-WARE.CC 2/22/2011 9:29:03 AM: The Internet Communication shield has blocked access to: ADSERVING.FAVORIT-NETWORK.COM 2/22/2011 9:29:01 AM: The Internet Communication shield has blocked access to: ADSEXTEND.NET 2/22/2011 9:28:56 AM: The Internet Communication shield has blocked access to: ADSEXTEND.NET 2/22/2011 9:28:33 AM: The Internet Communication shield has blocked access to: ADS.Z-QUEST.COM 2/22/2011 9:24:59 AM: Starting File Sweep 2/22/2011 9:24:58 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00 2/22/2011 9:24:58 AM: Starting Cookie Sweep 2/22/2011 9:24:57 AM: Registry Sweep Complete, Elapsed Time:00:00:59 2/22/2011 9:23:57 AM: Starting Registry Sweep 2/22/2011 9:23:57 AM: Memory Sweep Complete, Elapsed Time: 00:10:14 2/22/2011 9:21:44 AM: ApplicationMinimized - EXIT 2/22/2011 9:21:44 AM: ApplicationMinimized - ENTER 2/22/2011 9:21:41 AM: The Internet Communication shield has blocked access to: AD.OUTERINFOADS.COM 2/22/2011 9:21:36 AM: The Internet Communication shield has blocked access to: AD.MOKEAD.COM 2/22/2011 9:13:42 AM: Starting Memory Sweep 2/22/2011 9:13:39 AM: ApplicationMinimized - EXIT 2/22/2011 9:13:39 AM: ApplicationMinimized - ENTER 2/22/2011 9:13:36 AM: Start Full Sweep 2/22/2011 9:13:36 AM: Sweep initiated using definitions version 1890 2/22/2011 9:11:25 AM: ApplicationMinimized - EXIT 2/22/2011 9:11:25 AM: ApplicationMinimized - ENTER 2/22/2011 9:11:06 AM: The Internet Communication shield has blocked access to: WWW.AC66.CN 2/22/2011 9:10:17 AM: License Check Status (0): Success 2/22/2011 9:10:15 AM: Your definitions are up to date. 2/22/2011 9:09:55 AM: ApplicationMinimized - EXIT 2/22/2011 9:09:55 AM: ApplicationMinimized - ENTER 2/22/2011 9:09:38 AM: The Internet Communication shield has blocked access to: ABOUTCLICKER.COM 2/22/2011 9:09:29 AM: The Internet Communication shield has blocked access to: AASZXY.RU 2/22/2011 9:08:45 AM: The Internet Communication shield has blocked access to: AASZXY.RU 2/22/2011 9:08:29 AM: The Internet Communication shield has blocked access to: 8AD.COM 2/22/2011 9:07:32 AM: The Internet Communication shield has blocked access to: WWW.7939.COM 2/22/2011 9:07:32 AM: The Internet Communication shield has blocked access to: 7939.COM 2/22/2011 9:07:32 AM: The Internet Communication shield has blocked access to: 80GW6RY3I3X3QBRKWHXHW.032439.COM 2/22/2011 9:05:59 AM: The Internet Communication shield has blocked access to: WWW.7939.COM 2/22/2011 9:05:58 AM: The Internet Communication shield has blocked access to: WWW.7939.COM 2/22/2011 9:05:30 AM: The Internet Communication shield has blocked access to: 4199.COM 2/22/2011 9:05:30 AM: The Internet Communication shield has blocked access to: WWW.4199.COM 2/22/2011 9:05:30 AM: The Internet Communication shield has blocked access to: 4-2005-SEARCH.COM 2/22/2011 9:05:30 AM: The Internet Communication shield has blocked access to: 4-OPEN-DAVINCI.COM 2/22/2011 9:05:30 AM: The Internet Communication shield has blocked access to: WWW.6700.CN 2/22/2011 9:05:29 AM: The Internet Communication shield has blocked access to: 6SEK.COM 2/22/2011 9:05:29 AM: The Internet Communication shield has blocked access to: WWW.7322.COM 2/22/2011 9:04:40 AM: The Internet Communication shield has blocked access to: WWW.7322.COM 2/22/2011 9:03:28 AM: The Internet Communication shield has blocked access to: 4199.COM 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: 1STSEARCHPORTAL.COM 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: 2-2005-SEARCH.COM 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: 24-7SEARCHING-AND-MORE.COM 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: WWW.2SEARCH.ORG 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: 2SEARCH.ORG 2/22/2011 9:02:54 AM: The Internet Communication shield has blocked access to: 3-2005-SEARCH.COM 2/22/2011 9:02:53 AM: The Internet Communication shield has blocked access to: WWW.3322.ORG 2/22/2011 8:58:21 AM: The Internet Communication shield has blocked access to: 1-2005-SEARCH.COM 2/22/2011 8:58:21 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:38 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:38 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:34 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:34 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:32 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:57:31 AM: The Internet Communication shield has blocked access to: 123TOPSEARCH.COM 2/22/2011 8:56:50 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities 2/22/2011 8:56:50 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities 2/22/2011 8:56:31 AM: The Internet Communication shield has blocked access to: WWW.007GUARD.COM 2/22/2011 8:56:26 AM: The Internet Communication shield has blocked access to: 008K.COM 2/22/2011 8:55:35 AM: The Internet Communication shield has blocked access to: 008K.COM 2/22/2011 8:55:28 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CamMonitor. Parse Failure 2/22/2011 8:54:57 AM: License Check Status (0): Success 2/22/2011 8:54:46 AM: Webroot Software 6.1.0.145 started 2/22/2011 8:54:46 AM: | Start of Session, Tuesday, February 22, 2011
  3. My computer is running fine now. The computer speed running back to what it use to be along with the internet speed. I have no idea exactly how I got whatever caused all my problems. I will wait to use DeFogger Re-Enable until you say it is okay to do so. KyAmy
  4. Sorry it took me awhile, I wasn't feeling well yesterday and this morning I went to church. Anyway I spent part of this afternoon doing the scans. For some reason I noticed you had replied to my message before I got anything by email. Anyway below is what I have. Thank you, KyAmy This is the requested TDSSKiller log.txt 2011/02/20 17:06:46.0234 3532 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/20 17:06:48.0203 3532 ================================================================================ 2011/02/20 17:06:48.0203 3532 SystemInfo: 2011/02/20 17:06:48.0203 3532 2011/02/20 17:06:48.0203 3532 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/20 17:06:48.0203 3532 Product type: Workstation 2011/02/20 17:06:48.0203 3532 ComputerName: AMYCOMPUTER 2011/02/20 17:06:48.0203 3532 UserName: Owner 2011/02/20 17:06:48.0203 3532 Windows directory: C:\WINDOWS 2011/02/20 17:06:48.0203 3532 System windows directory: C:\WINDOWS 2011/02/20 17:06:48.0203 3532 Processor architecture: Intel x86 2011/02/20 17:06:48.0203 3532 Number of processors: 2 2011/02/20 17:06:48.0203 3532 Page size: 0x1000 2011/02/20 17:06:48.0203 3532 Boot type: Normal boot 2011/02/20 17:06:48.0203 3532 ================================================================================ 2011/02/20 17:06:48.0937 3532 Initialize success 2011/02/20 17:06:53.0125 3472 ================================================================================ 2011/02/20 17:06:53.0125 3472 Scan started 2011/02/20 17:06:53.0125 3472 Mode: Manual; 2011/02/20 17:06:53.0125 3472 ================================================================================ 2011/02/20 17:06:56.0546 3472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/20 17:06:56.0609 3472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/20 17:06:56.0718 3472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/20 17:06:56.0812 3472 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/20 17:06:56.0843 3472 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/02/20 17:06:57.0000 3472 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/20 17:06:57.0234 3472 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/02/20 17:06:57.0359 3472 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 2011/02/20 17:06:57.0421 3472 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/20 17:06:57.0578 3472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/20 17:06:57.0609 3472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/20 17:06:57.0718 3472 ATICXCAP (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys 2011/02/20 17:06:57.0859 3472 ATICXTUN (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys 2011/02/20 17:06:57.0984 3472 ATICXXBR (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys 2011/02/20 17:06:58.0125 3472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/20 17:06:58.0187 3472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/20 17:06:58.0234 3472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/20 17:06:58.0296 3472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/20 17:06:58.0343 3472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/20 17:06:58.0406 3472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/20 17:06:58.0468 3472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/20 17:06:58.0515 3472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/20 17:06:58.0578 3472 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys 2011/02/20 17:06:58.0812 3472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/20 17:06:58.0906 3472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/20 17:06:59.0015 3472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/20 17:06:59.0093 3472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/20 17:06:59.0156 3472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/20 17:06:59.0234 3472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/20 17:06:59.0296 3472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/20 17:06:59.0359 3472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/20 17:06:59.0406 3472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/20 17:06:59.0453 3472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/20 17:06:59.0500 3472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/20 17:06:59.0562 3472 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/02/20 17:06:59.0625 3472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/20 17:06:59.0671 3472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/20 17:06:59.0718 3472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/20 17:06:59.0828 3472 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/20 17:06:59.0953 3472 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/20 17:07:00.0062 3472 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/20 17:07:00.0187 3472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/20 17:07:00.0281 3472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/20 17:07:00.0343 3472 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/02/20 17:07:00.0453 3472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/20 17:07:00.0531 3472 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys 2011/02/20 17:07:00.0578 3472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/20 17:07:00.0625 3472 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/20 17:07:00.0687 3472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/20 17:07:00.0734 3472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/20 17:07:00.0781 3472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/20 17:07:00.0812 3472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/20 17:07:00.0875 3472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/20 17:07:00.0921 3472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/20 17:07:00.0953 3472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/20 17:07:01.0000 3472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/20 17:07:01.0046 3472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/20 17:07:01.0187 3472 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 2011/02/20 17:07:01.0468 3472 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/02/20 17:07:01.0515 3472 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/02/20 17:07:01.0578 3472 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/02/20 17:07:01.0609 3472 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/02/20 17:07:01.0765 3472 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/02/20 17:07:01.0906 3472 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/02/20 17:07:02.0031 3472 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/02/20 17:07:02.0078 3472 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/02/20 17:07:02.0250 3472 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/02/20 17:07:02.0390 3472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/20 17:07:02.0453 3472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/20 17:07:02.0484 3472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/20 17:07:02.0515 3472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/20 17:07:02.0609 3472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/20 17:07:02.0734 3472 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/20 17:07:02.0796 3472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/20 17:07:02.0875 3472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/20 17:07:02.0921 3472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/20 17:07:02.0953 3472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/20 17:07:03.0015 3472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/20 17:07:03.0062 3472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/20 17:07:03.0093 3472 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/20 17:07:03.0140 3472 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys 2011/02/20 17:07:03.0265 3472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/20 17:07:03.0328 3472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/20 17:07:03.0390 3472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/20 17:07:03.0437 3472 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/20 17:07:03.0484 3472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/20 17:07:03.0515 3472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/20 17:07:03.0578 3472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/20 17:07:03.0609 3472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/20 17:07:03.0671 3472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/20 17:07:03.0750 3472 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/20 17:07:03.0781 3472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/20 17:07:03.0843 3472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/20 17:07:03.0937 3472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/20 17:07:04.0046 3472 nv (5bb61fe2f5a33eda5df9f2ef8db5e969) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/20 17:07:04.0296 3472 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys 2011/02/20 17:07:04.0437 3472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/20 17:07:04.0468 3472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/20 17:07:04.0531 3472 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/20 17:07:04.0578 3472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/20 17:07:04.0625 3472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/20 17:07:04.0703 3472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/20 17:07:04.0734 3472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/20 17:07:04.0812 3472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/20 17:07:04.0859 3472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/20 17:07:05.0234 3472 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys 2011/02/20 17:07:05.0375 3472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/20 17:07:05.0421 3472 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/02/20 17:07:05.0468 3472 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/02/20 17:07:05.0578 3472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/20 17:07:05.0640 3472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/20 17:07:05.0671 3472 PxHelp20 (80c824c78dd1cac1833ae5dcca02b327) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2011/02/20 17:07:05.0859 3472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/20 17:07:05.0906 3472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/20 17:07:05.0953 3472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/20 17:07:05.0984 3472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/20 17:07:06.0031 3472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/20 17:07:06.0078 3472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/20 17:07:06.0140 3472 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/20 17:07:06.0203 3472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/20 17:07:06.0296 3472 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/02/20 17:07:06.0421 3472 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS 2011/02/20 17:07:06.0562 3472 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys 2011/02/20 17:07:06.0671 3472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/20 17:07:06.0718 3472 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/20 17:07:06.0765 3472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/20 17:07:06.0828 3472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/20 17:07:06.0937 3472 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2011/02/20 17:07:07.0093 3472 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2011/02/20 17:07:07.0187 3472 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2011/02/20 17:07:07.0328 3472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/20 17:07:07.0437 3472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/20 17:07:07.0484 3472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/20 17:07:07.0593 3472 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/20 17:07:07.0687 3472 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys 2011/02/20 17:07:07.0921 3472 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys 2011/02/20 17:07:08.0109 3472 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys 2011/02/20 17:07:08.0328 3472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/20 17:07:08.0390 3472 SunkFilt (61c7ce0d9789872aa1140c1a304143b0) C:\WINDOWS\System32\Drivers\sunkfilt.sys 2011/02/20 17:07:08.0453 3472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/20 17:07:08.0500 3472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/20 17:07:08.0718 3472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/20 17:07:08.0812 3472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/20 17:07:08.0859 3472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/20 17:07:08.0921 3472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/20 17:07:08.0984 3472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/20 17:07:09.0109 3472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/20 17:07:09.0218 3472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/20 17:07:09.0343 3472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/20 17:07:09.0421 3472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/20 17:07:09.0468 3472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/20 17:07:09.0531 3472 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/20 17:07:09.0593 3472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/20 17:07:09.0656 3472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/20 17:07:09.0703 3472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/20 17:07:09.0734 3472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/20 17:07:09.0796 3472 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 2011/02/20 17:07:09.0906 3472 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys 2011/02/20 17:07:09.0937 3472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/20 17:07:10.0015 3472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/20 17:07:10.0078 3472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/20 17:07:10.0218 3472 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/02/20 17:07:10.0296 3472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/20 17:07:10.0375 3472 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys 2011/02/20 17:07:10.0500 3472 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys 2011/02/20 17:07:10.0609 3472 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/20 17:07:10.0609 3472 ================================================================================ 2011/02/20 17:07:10.0609 3472 Scan finished 2011/02/20 17:07:10.0609 3472 ================================================================================ 2011/02/20 17:07:10.0640 3256 Detected object count: 1 2011/02/20 17:07:19.0875 3256 \HardDisk0 - will be cured after reboot 2011/02/20 17:07:19.0875 3256 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/20 17:07:36.0812 4164 Deinitialize success This is the requested C:\ComboFix.txt file: ComboFix 11-02-20.01 - Owner 02/20/2011 18:48:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1073 [GMT -6:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\Malware forum fix\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ps2.bat D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 ))))))))))))))))))))))))))))))) . 2011-02-16 19:13 . 2011-02-16 19:13 -------- d-----w- c:\windows\Sun 2011-02-14 18:48 . 2011-02-14 18:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-11 20:28 . 2011-02-11 20:28 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-11 20:28 . 2011-02-11 20:28 -------- d-----w- c:\program files\Trend Micro 2011-02-10 22:26 . 2011-02-10 22:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-02-10 22:25 . 2011-02-10 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-10 22:25 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-10 22:25 . 2011-02-10 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-10 22:25 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-10 15:42 . 2011-02-10 15:42 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-10 02:31 . 2011-02-10 02:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-02-09 20:39 . 2011-02-09 20:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2006-11-04 17:53 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2006-11-04 17:51 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2006-11-04 17:54 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2006-11-04 17:45 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-01-21 21:16 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2006-11-04 17:52 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2006-11-04 17:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2006-11-04 17:52 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2003-08-23 12:42 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2006-11-04 17:51 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2006-11-04 17:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2002-08-29 08:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-10-14 04:28 . 2011-01-08 16:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-09 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTMSG"="LTMSG.exe 7" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-14 49152] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 151597] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-23 3026944] "nwiz"="nwiz.exe" [2004-02-23 753664] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2010-10-09 32881] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-23 1193848] "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248] Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [N/A] c:\documents and settings\Default User\Start Menu\Programs\Startup\ mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/8/2011 10:25 AM 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2011 10:25 AM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2011 10:25 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2011 10:25 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/8/2011 10:25 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [1/8/2011 10:25 AM 141792] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/9/2011 6:11 PM 1201640] R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [3/30/2005 10:22 AM 173824] R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [3/30/2005 10:22 AM 29184] R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [3/30/2005 10:22 AM 9088] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/8/2011 10:25 AM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/8/2011 10:25 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/8/2011 10:25 AM 88544] S2 mrtRate;mrtRate; [x] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/8/2011 10:25 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/8/2011 10:25 AM 84264] S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/8/2011 10:25 AM 271480] --- Other Services/Drivers In Memory --- *Deregistered* - klmd25 *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder 2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3898947678-3768473032-4083076735-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 23:27] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3898947678-3768473032-4083076735-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-09 23:27] 2011-02-21 c:\windows\Tasks\User_Feed_Synchronization-{7E445774-1952-48F7-A294-C078EEDFD19B}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://srch-us9.hpwis.com/ mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Settings,ProxyOverride = localhost IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qjwv0vy3.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - Toolbar-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-20 18:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1080) c:\program files\Softex\OmniPass\opxpgina.dll . Completion time: 2011-02-20 19:02:45 ComboFix-quarantined-files.txt 2011-02-21 01:02 Pre-Run: 92,496,080,896 bytes free Post-Run: 92,761,632,768 bytes free - - End Of File - - 78817EA1D0EB272D27FB1E21E4007C78
  5. I have been having a slower than normal XP Windows computer that is running at about 70 to 100 percent memory usage normally at least since last Tuesday. I first noticed something odd when I clink on a link from Facebook page that I supposedly trusted. It went to a Youtube video that I clicked to open in another tap and I noticed that two tabs opened with the second one being a ad for fake software. I immediately got out of my Facebook account and closed the browser. I thought I was safe and scans did not pick up anything, so I thought I was safe. For awhile I accounted my slow computer for doing Microsoft updates. Later I noticed when I tried to search for something on Google that it would redirect me elsewhere, so then I knew that there was some a problem. I have McAfee 2011 Total Protection and Webroot SpySweeper. SpySweeper keeps blocking the web address number 213.174.15.369 saying it was connected to spyware. It also found fakealert.gen but after it deleted my computer, the program and then computer got locked up, so I do not know if it was removed. Since then there is no indication that the program is on the computer. I have run McAfee, SpySweeper, Spybot Sear & Destroy several times with little success. McAfee has found the pdfupd.exe Trojan or virus when I ran the scan yesterday. Somehow Google no longer currently redirects me to fake pages anymore. I do not know if that is because I have my firewall is blocking specifically 67.201.3616 and 213.174.15.16 or because these the programs I have now off my computer caused it. I have noticed that the computer could have a hard time or might not shut down. One time it will shut down normally, the next night it locks up, and another day is sits there saying it is shutting down for two plus hours until finally I turn it off manually. The computer starts up normally, it is just the shutting down I dread. I can get online sometimes but sometimes it will lock up. I can post a HiJack This file if anyone wants me to. Sorry for the details, but I was trying to explain from what sitting at home what is going on. There are something about computers I can handle, but this is just a tad bit over my head. All I know is that my computer need fixing. I would prefer not to have to go back to a clean install again because I had to do that a few months ago due to computer errors. Anyway I have included I think all the requested files. Below is the Malwarebytes' Anti-Ware log file: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5735 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/10/2011 8:07:23 PM mbam-log-2011-02-10 (20-07-23).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 254543 Time elapsed: 3 hour(s), 16 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------- Below is the DDS/GMER file: DDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 12:17:12.00 on Sat 02/19/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.920 [GMT -6:00] AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* ============== Running Processes =============== C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Owner\My Documents\Downloads\Malware forum fix\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://us9.hpwis.com/ uDefault_Search_URL = hxxp://srch-us9.hpwis.com/ uSearch Bar = hxxp://srch-us9.hpwis.com mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Settings,ProxyOverride = localhost uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll__BHODemonDisabled BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - __BHODemonDisabled BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll__BHODemonDisabled BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110108105027.dll__BHODemonDisabled BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {25515A79-C1C7-4B97-97F8-31A711694487} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [backupNotify] "c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe" uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe" uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [hpsysdrv] "c:\windows\system\hpsysdrv.exe" mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe" mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [HPHUPD05] "c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe" mRun: [HPHmon05] "c:\windows\system32\hphmon05.exe" mRun: [KBD] "c:\hp\kbd\KBD.EXE" mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE" mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect mRun: [PS2] "c:\windows\system32\ps2.exe" mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\j2re1.4.2_03\bin\jusched.exe" mRun: [LTMSG] "LTMSG.exe" 7 mRun: [AlcxMonitor] "ALCXMNTR.EXE" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286650300203 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qjwv0vy3.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-8 386840] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-8 84072] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-11 54760] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-8 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-8 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2011-1-8 141792] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2011-1-9 1201640] R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 173824] R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184] R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-8 55840] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-8 152960] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-8 52104] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-8 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-8 88544] S2 mrtRate;mrtRate; [x] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-8 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-8 84264] S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480] =============== Created Last 30 ================ 2011-02-11 20:28:33 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-02-11 20:28:30 -------- d-----w- c:\program files\Trend Micro 2011-02-10 22:26:42 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2011-02-10 22:25:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-10 22:25:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-10 22:25:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-10 22:25:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-10 15:42:10 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-02-10 15:42:10 -------- d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6Y120P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898555DC]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8985b7b8]; MOV EAX, [0x8985b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89839AB8] 3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000068[0x89865F18] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x89874D98] \Driver\atapi[0x8986B270] -> IRP_MJ_CREATE -> 0x898555DC kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; CLD ; REP MOVSB ; JMP FAR 0x7a0:0x52; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y120P0__________________________YAR41BW0#335930334a4c4550202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x89855422 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 12:20:03.89 ===============