Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/Google Redirect, Windows side effects


  • This topic is locked This topic is locked
30 replies to this topic

#1 Kat2020

Kat2020

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 March 2011 - 02:59 PM

Hello,

The good news is that the Firefox/Google Redirect Trojan and it's hidden "functions" seems to have finally been fixed by ComboFix. The bad news is that there is a side effect with Windows Security Center and Windows Update (after running ComboFix). I had been working with other people, but decided to come here as this may be a better place for advice on this matter.

Background:

- Trojans first detected by Windows Defender (new variant got past anti-virus software).
- Additional symptom was Google Results occasionally redirected, only in Firefox. Disabling Java in Firefox stopped the problem, so it seemed to be related to Java script in Firefox.
- Two Trojans found and removed, yet the hidden redirect still remained.
- Tried the following to find and fix, with no luck: Avast, MAM, SAS, Hitman Pro, GooredFix, ATF-Cleaner, TDSS Killer.
- Ran ComboFix (with some issues), and it solved the problem with redirects.
- Now have problems with Windows Security Center and Windows Update.

Windows Problems:

1. Windows Security Center can not be turned on (Windows Firewall and Windows Defender both seem to be running).

2. Windows Update will not install updates: - Windows Update error 80246008
- Background Intelligent Transfer Service (BITS) not functioning.
- Configuration Manager: A general internal error occurred.
- The specific image file did not contain a resource section.
- Attempt to start: Error 127: The specified procedure could not be found.

3. Windows Defender can not (automatically) update either. Assuming same error as above. (Performed a manual update by going to the Microsoft website).

------

Is this a problem I can fix here, or should this be taken to Microsoft? Any advise is appreciated!

Thanks!
Kat

------

Here is the DDS Log:

------

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Katie at 11:23:08.72 on Tue 03/08/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2556 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Katie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\6271rxe7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2011-2-25 505176]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2011-2-25 280408]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/03/11 10:05:43];C:\Program Files (x86)\HP\QuickPlay\000.fcl [2009-3-11 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-2-25 22360]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2011-2-25 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-2-25 42184]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2008-3-18 28464]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-7-29 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-2-28 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-29 193840]
R3 enecir;ENE CIR Receiver;C:\WINDOWS\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\WINDOWS\System32\drivers\jmcr.sys [2008-7-8 140888]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\WINDOWS\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\WINDOWS\System32\drivers\nvhda64v.sys [2008-5-13 54816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-08 18:42:34 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{12327E5F-A54D-4151-AE1A-479732538EBA}\mpengine.dll
2011-03-06 18:29:07 -------- d-----w- C:\Users\Katie\AppData\Local\Apple
2011-02-25 20:52:54 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-25 20:52:31 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-25 20:52:03 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-25 20:51:40 -------- d-----w- C:\Program Files\AVAST Software
2011-02-25 20:51:40 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-02-25 19:33:14 -------- d-----w- C:\Users\Katie\AppData\Local\Temp(23)
2011-02-25 19:18:26 -------- d-s---w- C:\ComboFix
2011-02-25 18:55:53 -------- d-----w- C:\$RECYCLE(0).BIN
2011-02-25 00:31:37 -------- d-----w- C:\Users\Katie\AppData\Local\Temp(33)
2011-02-23 21:25:57 -------- d-----w- C:\Users\Katie\AppData\Local\Apple Computer
2011-02-21 00:27:44 -------- d-----w- C:\Windows\System32\SRSLabs
2011-02-21 00:15:55 -------- d-----w- C:\Program Files\LSI SoftModem
2011-02-20 23:23:11 -------- d-----w- C:\Program Files\iPod
2011-02-20 23:22:39 -------- d-----w- C:\Program Files\iTunes
2011-02-20 21:46:39 -------- d-----w- C:\Program Files\iPod(41)
2011-02-20 21:42:11 -------- d-----w- C:\Users\Katie\{862f820f-c433-4cc1-a632-2128b738278c}
2011-02-09 17:35:40 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-09 17:35:40 1585168 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-09 17:35:39 1168512 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-09 17:35:37 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-09 17:35:37 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-09 17:35:36 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-09 17:35:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
==================== Find3M ====================
.
2011-02-23 17:06:56 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-21 02:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe
.
============= FINISH: 11:27:36.71 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 13 March 2011 - 06:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply




information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Kat2020

Kat2020
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 March 2011 - 03:52 PM

Hello Gringo,

Thanks for the response!

Below is a log from another run of DDS.

My current problem is still the same (details in OP). I seem to be suffering from side-effects after running ComboFix. Let me know what else you need.

Thanks,
Kat

--------------------------

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Katie at 12:45:33.53 on Mon 03/14/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2817 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Katie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\6271rxe7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2011-2-25 505176]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2011-2-25 280408]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/03/11 10:05:43];C:\Program Files (x86)\HP\QuickPlay\000.fcl [2009-3-11 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-2-25 22360]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2011-2-25 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-2-25 42184]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2008-3-18 28464]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-7-29 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-2-28 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-29 193840]
R3 enecir;ENE CIR Receiver;C:\WINDOWS\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\WINDOWS\System32\drivers\jmcr.sys [2008-7-8 140888]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\WINDOWS\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\WINDOWS\System32\drivers\nvhda64v.sys [2008-5-13 54816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-11 22:49:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-08 18:42:34 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{12327E5F-A54D-4151-AE1A-479732538EBA}\mpengine.dll
2011-03-06 18:29:07 -------- d-----w- C:\Users\Katie\AppData\Local\Apple
2011-02-25 20:52:54 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-25 20:52:31 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-25 20:52:03 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-25 20:51:40 -------- d-----w- C:\Program Files\AVAST Software
2011-02-25 20:51:40 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-02-25 19:33:14 -------- d-----w- C:\Users\Katie\AppData\Local\Temp(23)
2011-02-25 19:18:26 -------- d-s---w- C:\ComboFix
2011-02-25 18:55:53 -------- d-----w- C:\$RECYCLE(0).BIN
2011-02-25 00:31:37 -------- d-----w- C:\Users\Katie\AppData\Local\Temp(33)
2011-02-23 21:25:57 -------- d-----w- C:\Users\Katie\AppData\Local\Apple Computer
2011-02-21 00:27:44 -------- d-----w- C:\Windows\System32\SRSLabs
2011-02-21 00:15:55 -------- d-----w- C:\Program Files\LSI SoftModem
2011-02-20 23:23:11 -------- d-----w- C:\Program Files\iPod
2011-02-20 23:22:39 -------- d-----w- C:\Program Files\iTunes
2011-02-20 21:46:39 -------- d-----w- C:\Program Files\iPod(41)
2011-02-20 21:42:11 -------- d-----w- C:\Users\Katie\{862f820f-c433-4cc1-a632-2128b738278c}
.
==================== Find3M ====================
.
2011-02-23 17:06:56 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-21 02:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:47:55.31 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 14 March 2011 - 07:00 PM

Hello

I know you ran it before but I would like to see a freash combofix scan - so delete the one you have now and download a new one



Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 17 March 2011 - 02:08 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 20 March 2011 - 05:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 21 March 2011 - 03:17 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 21 March 2011 - 03:18 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kat2020

Kat2020
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 21 March 2011 - 06:35 PM

Hello,

Just wanted to check first, here is what happened with the Combofix run:

- Combofix indicates that Avast is running and active, even though all shields are turned off. (this has happened before, even with Avast uninstalled).
- After Combofix runs through it's checks, it attempts to reboot, and the reboot fails.
- Window Start-up Repair then runs when trying to boot, and a Windows Restore must be used to successfully reboot.

Shall I still run Combofix in Safe Mode?

Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 22 March 2011 - 06:31 AM

Hello


I want you to run this first


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Kat2020

Kat2020
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 March 2011 - 01:24 PM

Finally got a chance to run it. Had another blue screen incident (before running TDSSKiller). Definitely something wrong with Windows. It still can't download any updates, possibly due to "Background Intelligent Transfer Service (BITS) not functioning."

Anyway, here is the log from TDSSKiller. It did not find anything. I had run that initially and it did not find anything at that time either.

----
2011/03/24 11:16:30.0487 2792 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 11:16:30.0846 2792 ================================================================================
2011/03/24 11:16:30.0846 2792 SystemInfo:
2011/03/24 11:16:30.0846 2792
2011/03/24 11:16:30.0846 2792 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/24 11:16:30.0846 2792 Product type: Workstation
2011/03/24 11:16:30.0846 2792 ComputerName: PC
2011/03/24 11:16:30.0846 2792 UserName: Kat
2011/03/24 11:16:30.0846 2792 Windows directory: C:\Windows
2011/03/24 11:16:30.0846 2792 System windows directory: C:\Windows
2011/03/24 11:16:30.0846 2792 Running under WOW64
2011/03/24 11:16:30.0846 2792 Processor architecture: Intel x64
2011/03/24 11:16:30.0846 2792 Number of processors: 2
2011/03/24 11:16:30.0846 2792 Page size: 0x1000
2011/03/24 11:16:30.0846 2792 Boot type: Normal boot
2011/03/24 11:16:30.0846 2792 ================================================================================
2011/03/24 11:16:31.0454 2792 Initialize success
2011/03/24 11:16:38.0677 2820 ================================================================================
2011/03/24 11:16:38.0677 2820 Scan started
2011/03/24 11:16:38.0677 2820 Mode: Manual;
2011/03/24 11:16:38.0677 2820 ================================================================================
2011/03/24 11:16:39.0582 2820 Accelerometer (70bbe6a93a6bb26b42b03c7d08646d4e) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/03/24 11:16:39.0675 2820 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/03/24 11:16:39.0847 2820 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/03/24 11:16:40.0034 2820 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/03/24 11:16:40.0065 2820 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/03/24 11:16:40.0190 2820 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/03/24 11:16:40.0440 2820 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/03/24 11:16:40.0627 2820 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/03/24 11:16:40.0814 2820 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/03/24 11:16:40.0892 2820 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/03/24 11:16:41.0048 2820 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/03/24 11:16:41.0079 2820 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/03/24 11:16:41.0157 2820 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/24 11:16:41.0532 2820 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/03/24 11:16:41.0657 2820 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/03/24 11:16:41.0735 2820 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/24 11:16:41.0875 2820 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/24 11:16:41.0953 2820 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/03/24 11:16:42.0093 2820 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/03/24 11:16:42.0156 2820 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/03/24 11:16:42.0249 2820 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/03/24 11:16:42.0327 2820 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/24 11:16:42.0468 2820 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/03/24 11:16:42.0671 2820 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/03/24 11:16:42.0842 2820 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/03/24 11:16:43.0029 2820 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/24 11:16:43.0076 2820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/24 11:16:43.0217 2820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/03/24 11:16:43.0419 2820 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/03/24 11:16:43.0451 2820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/03/24 11:16:43.0575 2820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/24 11:16:43.0607 2820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/03/24 11:16:43.0763 2820 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/24 11:16:43.0809 2820 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/03/24 11:16:43.0997 2820 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/24 11:16:44.0028 2820 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
2011/03/24 11:16:44.0168 2820 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/24 11:16:44.0215 2820 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/24 11:16:44.0387 2820 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/03/24 11:16:44.0449 2820 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/24 11:16:44.0605 2820 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/24 11:16:44.0667 2820 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/03/24 11:16:44.0855 2820 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/24 11:16:44.0886 2820 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/03/24 11:16:45.0073 2820 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/24 11:16:45.0104 2820 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/24 11:16:45.0291 2820 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/03/24 11:16:45.0479 2820 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/03/24 11:16:45.0572 2820 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/24 11:16:45.0681 2820 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/24 11:16:45.0697 2820 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/24 11:16:45.0806 2820 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/03/24 11:16:45.0962 2820 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/24 11:16:46.0134 2820 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/03/24 11:16:46.0227 2820 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/03/24 11:16:46.0368 2820 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/03/24 11:16:46.0555 2820 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
2011/03/24 11:16:46.0617 2820 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/03/24 11:16:46.0742 2820 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/03/24 11:16:46.0789 2820 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/03/24 11:16:47.0007 2820 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/24 11:16:47.0054 2820 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/03/24 11:16:47.0085 2820 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/03/24 11:16:47.0226 2820 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/24 11:16:47.0288 2820 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/03/24 11:16:47.0444 2820 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/24 11:16:47.0491 2820 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/24 11:16:47.0631 2820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/24 11:16:47.0756 2820 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/03/24 11:16:47.0912 2820 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/24 11:16:48.0037 2820 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/03/24 11:16:48.0084 2820 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/24 11:16:48.0193 2820 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/24 11:16:48.0349 2820 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/03/24 11:16:48.0443 2820 hpdskflt (2f396ef793acf48ad9d2e1f885fc2752) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/03/24 11:16:48.0536 2820 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/24 11:16:48.0630 2820 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/03/24 11:16:48.0770 2820 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/03/24 11:16:48.0942 2820 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/03/24 11:16:48.0973 2820 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/03/24 11:16:49.0113 2820 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/24 11:16:49.0160 2820 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/03/24 11:16:49.0316 2820 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/03/24 11:16:49.0379 2820 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/03/24 11:16:49.0503 2820 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/24 11:16:49.0566 2820 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/24 11:16:49.0737 2820 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/24 11:16:49.0784 2820 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/24 11:16:49.0956 2820 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/03/24 11:16:50.0034 2820 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/03/24 11:16:50.0096 2820 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/24 11:16:50.0205 2820 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/03/24 11:16:50.0268 2820 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/03/24 11:16:50.0424 2820 JMCR (b0d2c287c3d65036d927016959142517) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/24 11:16:50.0455 2820 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/24 11:16:50.0517 2820 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/24 11:16:50.0673 2820 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/24 11:16:50.0705 2820 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/03/24 11:16:50.0876 2820 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/24 11:16:50.0923 2820 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/24 11:16:50.0939 2820 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/24 11:16:50.0954 2820 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/24 11:16:51.0048 2820 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/03/24 11:16:51.0141 2820 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/03/24 11:16:51.0173 2820 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/03/24 11:16:51.0297 2820 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/03/24 11:16:51.0391 2820 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/24 11:16:51.0500 2820 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/24 11:16:51.0531 2820 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/24 11:16:51.0547 2820 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/03/24 11:16:51.0703 2820 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/03/24 11:16:51.0734 2820 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/24 11:16:51.0781 2820 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/24 11:16:51.0906 2820 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/24 11:16:51.0968 2820 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/24 11:16:52.0062 2820 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/24 11:16:52.0124 2820 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/24 11:16:52.0218 2820 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/03/24 11:16:52.0311 2820 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/03/24 11:16:52.0374 2820 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/03/24 11:16:52.0514 2820 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/03/24 11:16:52.0592 2820 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/24 11:16:52.0733 2820 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/24 11:16:52.0779 2820 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/03/24 11:16:52.0857 2820 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/03/24 11:16:52.0967 2820 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/24 11:16:53.0013 2820 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/03/24 11:16:53.0060 2820 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/03/24 11:16:53.0216 2820 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/24 11:16:53.0310 2820 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/03/24 11:16:53.0466 2820 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/24 11:16:53.0513 2820 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/24 11:16:53.0575 2820 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/24 11:16:53.0684 2820 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/03/24 11:16:53.0762 2820 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/24 11:16:53.0871 2820 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/24 11:16:54.0027 2820 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/03/24 11:16:54.0168 2820 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/03/24 11:16:54.0246 2820 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/03/24 11:16:54.0261 2820 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/24 11:16:54.0417 2820 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/03/24 11:16:54.0542 2820 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/03/24 11:16:54.0605 2820 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2011/03/24 11:16:54.0761 2820 NVHDA (73b0abbca290a5709a193c3b6877d34e) C:\Windows\system32\drivers\nvhda64v.sys
2011/03/24 11:16:55.0073 2820 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/24 11:16:55.0260 2820 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/03/24 11:16:55.0275 2820 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/03/24 11:16:55.0322 2820 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/03/24 11:16:55.0509 2820 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/24 11:16:55.0697 2820 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/03/24 11:16:55.0759 2820 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/03/24 11:16:55.0899 2820 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/03/24 11:16:55.0977 2820 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/03/24 11:16:56.0087 2820 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/03/24 11:16:56.0196 2820 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/03/24 11:16:56.0321 2820 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/03/24 11:16:56.0430 2820 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/24 11:16:56.0555 2820 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/03/24 11:16:56.0633 2820 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/24 11:16:56.0789 2820 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/03/24 11:16:56.0913 2820 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/03/24 11:16:56.0991 2820 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/24 11:16:57.0116 2820 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/24 11:16:57.0194 2820 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/24 11:16:57.0335 2820 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/24 11:16:57.0413 2820 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/24 11:16:57.0537 2820 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/24 11:16:57.0584 2820 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/24 11:16:57.0693 2820 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/03/24 11:16:57.0740 2820 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/24 11:16:57.0865 2820 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/03/24 11:16:58.0037 2820 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/24 11:16:58.0083 2820 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/24 11:16:58.0239 2820 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/03/24 11:16:58.0302 2820 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/24 11:16:58.0473 2820 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/24 11:16:58.0520 2820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/24 11:16:58.0567 2820 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/03/24 11:16:58.0692 2820 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/03/24 11:16:58.0739 2820 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/03/24 11:16:58.0785 2820 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/03/24 11:16:58.0895 2820 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/24 11:16:58.0926 2820 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/24 11:16:58.0973 2820 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/03/24 11:16:59.0097 2820 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/03/24 11:16:59.0113 2820 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/03/24 11:16:59.0191 2820 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/03/24 11:16:59.0394 2820 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/03/24 11:16:59.0456 2820 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/03/24 11:16:59.0581 2820 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/24 11:16:59.0643 2820 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/24 11:16:59.0831 2820 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/03/24 11:16:59.0955 2820 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/24 11:16:59.0987 2820 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/03/24 11:17:00.0018 2820 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/03/24 11:17:00.0127 2820 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/03/24 11:17:00.0252 2820 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/24 11:17:00.0439 2820 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/03/24 11:17:00.0611 2820 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/24 11:17:00.0735 2820 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/24 11:17:00.0782 2820 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/03/24 11:17:00.0891 2820 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/03/24 11:17:00.0954 2820 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/24 11:17:01.0094 2820 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/24 11:17:01.0157 2820 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/24 11:17:01.0328 2820 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/24 11:17:01.0406 2820 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/24 11:17:01.0531 2820 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/03/24 11:17:01.0593 2820 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/24 11:17:01.0749 2820 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/24 11:17:01.0796 2820 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/03/24 11:17:01.0921 2820 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/03/24 11:17:01.0937 2820 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/03/24 11:17:02.0061 2820 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/24 11:17:02.0139 2820 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/24 11:17:02.0311 2820 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/03/24 11:17:02.0389 2820 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/24 11:17:02.0514 2820 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/03/24 11:17:02.0592 2820 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/24 11:17:02.0701 2820 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/24 11:17:02.0748 2820 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/24 11:17:02.0888 2820 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/24 11:17:02.0935 2820 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/24 11:17:03.0044 2820 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/24 11:17:03.0107 2820 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/24 11:17:03.0263 2820 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/24 11:17:03.0309 2820 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/24 11:17:03.0356 2820 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/03/24 11:17:03.0465 2820 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/03/24 11:17:03.0528 2820 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/03/24 11:17:03.0590 2820 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/03/24 11:17:03.0731 2820 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/03/24 11:17:03.0777 2820 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/03/24 11:17:03.0918 2820 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/03/24 11:17:03.0980 2820 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 11:17:03.0996 2820 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 11:17:04.0043 2820 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/03/24 11:17:04.0167 2820 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/24 11:17:04.0277 2820 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/03/24 11:17:04.0433 2820 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/24 11:17:04.0542 2820 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/24 11:17:04.0698 2820 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/24 11:17:04.0760 2820 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/24 11:17:04.0854 2820 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\HP\QuickPlay\000.fcl
2011/03/24 11:17:04.0947 2820 ================================================================================
2011/03/24 11:17:04.0947 2820 Scan finished
2011/03/24 11:17:04.0947 2820 ================================================================================

Edited by Kat2020, 24 March 2011 - 01:36 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 25 March 2011 - 07:56 AM

Hello Kat


now try to run combofix in safe mode now.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 28 March 2011 - 03:07 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Kat2020

Kat2020
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 March 2011 - 02:01 PM

I attempted to run ComboFix in safe mode. I had uninstalled Avast, but Combofix still still warns that Avast is running. Should I run ComboFix even though it thinks that Avast is running? (and why does it think Avast is running?)

Thanks!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 28 March 2011 - 02:07 PM

Yes run it anyway


windows is telling it it is running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users