Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem in Firefox Only


  • This topic is locked This topic is locked
11 replies to this topic

#1 paulternate

paulternate

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 April 2011 - 09:02 PM

I don't know if it is relevant or not but I have been using Google Chrome, after switching from Firefox, for about a year now. I recently wanted to give FF4 a try so I downloaded it and love it, except for this one problem. In chrome, browsing is fine. I can search google without incident, every time. In FF, every single time I click a google search result it is redirected to some scam site, different scam every time. It is driving me absolutely insane. I ran Malware Bytes. I heard that usually doesn't fix it but decided to try it anyway. I also read about removing rogue entries in the hosts file. Tried it, no luck. I absolutely cannot take it anymore. It drives insane. I really appreciate you taking the time to look at my logs. Thanks a ton in advance!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Paul at 18:21:49.01 on Fri 04/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3054.1116 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ef7356bc77a65e9e\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\3RVX\3RVX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Relmtech\Unified Remote\UnifiedRemoteServer.exe
C:\Users\Paul\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Belvedere\Belvedere.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TVTrigger\TVTrigger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\notepad.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Google Update] "c:\users\paul\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [VistaSwitcher] "c:\program files\vistaswitcher\vswitch.exe" /startup
uRun: [3RVX] c:\program files\3rvx\3RVX.exe
uRun: [AdobeBridge]
uRun: [UnifiedRemoteServer] c:\program files\relmtech\unified remote\UnifiedRemoteServer.exe
uRun: [cacaoweb] "c:\users\paul\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\paul\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\tvtrig~1.lnk - c:\program files\tvtrigger\TVTrigger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belved~1.lnk - c:\program files\belvedere\Belvedere.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B8734410-B119-6850-E407-98713DD90942} - c:\program files\system32\svchost.exe s
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\trjhdu76.default\
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\paul\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-17 20549]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2011-2-10 1373480]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-5 2296696]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-2-5 719616]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-2-18 104960]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-29 20224]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 netr28u;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-7 1343400]
.
=============== Created Last 30 ================
.
2011-04-02 00:56:27 388096 ----a-r- c:\users\paul\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-02 00:56:27 -------- d-----w- c:\program files\Trend Micro
2011-03-31 05:16:29 -------- d-----w- c:\progra~2\Norton
2011-03-31 05:16:26 -------- d-----w- c:\users\paul\appdata\local\NPE
2011-03-24 01:00:43 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-03-24 01:00:40 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2011-03-24 01:00:37 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-03-22 01:26:09 -------- d-----w- c:\users\paul\appdata\local\Intel
2011-03-18 04:19:48 -------- d-----w- c:\users\paul\appdata\local\HerraizSoto
2011-03-18 04:17:37 -------- d-----w- c:\program files\HerraizSoto
2011-03-12 22:55:05 -------- d-----w- c:\users\paul\appdata\local\ATI
2011-03-12 22:54:33 -------- d-----w- c:\program files\common files\ATI Technologies
2011-03-12 22:54:30 -------- d-----w- c:\program files\ATI Stream
2011-03-12 22:53:34 -------- d-----w- c:\program files\ATI
2011-03-12 22:52:53 -------- d-----w- c:\program files\ATI Technologies
2011-03-12 22:52:19 -------- d-----w- C:\ATI
2011-03-12 03:42:31 -------- d-----w- C:\DriveKey
2011-03-12 03:42:23 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-03-12 03:42:23 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-03-12 03:42:23 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-03-12 03:42:23 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-03-12 03:42:22 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-03-09 01:18:45 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 01:18:45 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 01:18:45 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 01:18:45 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 01:18:43 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 01:18:42 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 19:48:44 -------- d-----w- c:\program files\iPod
2011-03-06 19:48:43 -------- d-----w- c:\program files\iTunes
2011-03-05 21:27:02 -------- d-----w- c:\users\paul\appdata\roaming\TeamViewer
2011-03-05 21:26:06 -------- d-----w- c:\program files\TeamViewer
2011-03-05 21:25:45 -------- d-----w- c:\program files\NexusFont
.
==================== Find3M ====================
.
2011-03-24 01:00:43 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-03-24 01:00:40 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-24 01:00:37 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-02-20 06:41:39 52224 --sha-r- c:\windows\system32\f3ahvoasj.dll
2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-18 01:28:45 62053 ----a-w- c:\users\paul\ia_remove.sh3443.tmp
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:27:44.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:22 PM

Posted 06 April 2011 - 07:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 paulternate

paulternate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 10 April 2011 - 04:41 PM

My computer status has not changed since my last post. I did run the programs again and these logs are the newer versions. Thanks again for all your help.

Paul

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Paul at 11:53:53.40 on Sun 04/10/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3054.1617 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ef7356bc77a65e9e\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\3RVX\3RVX.exe
C:\Program Files\Relmtech\Unified Remote\UnifiedRemoteServer.exe
C:\Users\Paul\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Belvedere\Belvedere.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TVTrigger\TVTrigger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\ehome\mcupdate.EXE
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Google Update] "c:\users\paul\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [VistaSwitcher] "c:\program files\vistaswitcher\vswitch.exe" /startup
uRun: [3RVX] c:\program files\3rvx\3RVX.exe
uRun: [AdobeBridge]
uRun: [UnifiedRemoteServer] c:\program files\relmtech\unified remote\UnifiedRemoteServer.exe
uRun: [cacaoweb] "c:\users\paul\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\paul\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\tvtrig~1.lnk - c:\program files\tvtrigger\TVTrigger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belved~1.lnk - c:\program files\belvedere\Belvedere.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B8734410-B119-6850-E407-98713DD90942} - c:\program files\system32\svchost.exe s
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\trjhdu76.default\
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\paul\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\paul\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-17 20549]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2011-2-10 1373480]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-5 2296696]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-2-5 719616]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-2-18 104960]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-29 20224]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 netr28u;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-7 1343400]
.
=============== Created Last 30 ================
.
2011-04-09 02:54:54 -------- d-----w- c:\users\paul\appdata\roaming\RayV
2011-04-09 02:54:49 -------- d-----w- c:\program files\RayV
2011-04-08 06:55:08 -------- d-----w- c:\program files\DVD Shrink
2011-04-08 00:19:42 -------- d-----w- C:\WTablet
2011-04-06 05:07:26 -------- d-----w- c:\users\paul\appdata\roaming\Sublime Text
2011-04-06 05:07:21 -------- d-----w- c:\program files\Sublime Text
2011-04-02 00:56:27 388096 ----a-r- c:\users\paul\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-02 00:56:27 -------- d-----w- c:\program files\Trend Micro
2011-03-31 05:16:29 -------- d-----w- c:\progra~2\Norton
2011-03-31 05:16:26 -------- d-----w- c:\users\paul\appdata\local\NPE
2011-03-24 01:00:43 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-03-24 01:00:40 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2011-03-24 01:00:37 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-03-22 18:38:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2011-03-22 01:26:09 -------- d-----w- c:\users\paul\appdata\local\Intel
2011-03-18 04:19:48 -------- d-----w- c:\users\paul\appdata\local\HerraizSoto
2011-03-18 04:17:37 -------- d-----w- c:\program files\HerraizSoto
2011-03-12 22:55:05 -------- d-----w- c:\users\paul\appdata\local\ATI
2011-03-12 22:54:33 -------- d-----w- c:\program files\common files\ATI Technologies
2011-03-12 22:54:30 -------- d-----w- c:\program files\ATI Stream
2011-03-12 22:53:34 -------- d-----w- c:\program files\ATI
2011-03-12 22:52:53 -------- d-----w- c:\program files\ATI Technologies
2011-03-12 22:52:19 -------- d-----w- C:\ATI
2011-03-12 03:42:31 -------- d-----w- C:\DriveKey
2011-03-12 03:42:23 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-03-12 03:42:23 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-03-12 03:42:23 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-03-12 03:42:23 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-03-12 03:42:22 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
.
==================== Find3M ====================
.
2011-03-24 01:00:43 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-03-24 01:00:40 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-03-24 01:00:37 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-02-20 06:41:39 52224 --sha-r- c:\windows\system32\f3ahvoasj.dll
2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-18 01:28:45 62053 ----a-w- c:\users\paul\ia_remove.sh3443.tmp
.
============= FINISH: 11:54:32.93 ===============

Attached Files



#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:22 PM

Posted 12 April 2011 - 05:29 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:22 PM

Posted 12 April 2011 - 06:08 AM

Hello,

:step1: P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.


:step2: Run TDSSKiller
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 paulternate

paulternate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 12 April 2011 - 07:26 PM

I downloaded and ran TDSSKiller.exe but it returned no results. It performed the scan but no malicious OR suspicious objects were found. I have pasted the log below. Thanks again for your help!






2011/04/12 17:22:25.0067 4292 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 17:22:25.0412 4292 ================================================================================
2011/04/12 17:22:25.0412 4292 SystemInfo:
2011/04/12 17:22:25.0412 4292
2011/04/12 17:22:25.0412 4292 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/12 17:22:25.0412 4292 Product type: Workstation
2011/04/12 17:22:25.0412 4292 ComputerName: CYBORG99
2011/04/12 17:22:25.0412 4292 UserName: Paul
2011/04/12 17:22:25.0412 4292 Windows directory: C:\Windows
2011/04/12 17:22:25.0412 4292 System windows directory: C:\Windows
2011/04/12 17:22:25.0412 4292 Processor architecture: Intel x86
2011/04/12 17:22:25.0412 4292 Number of processors: 2
2011/04/12 17:22:25.0412 4292 Page size: 0x1000
2011/04/12 17:22:25.0412 4292 Boot type: Normal boot
2011/04/12 17:22:25.0412 4292 ================================================================================
2011/04/12 17:22:31.0069 4292 Initialize success
2011/04/12 17:22:42.0062 7052 ================================================================================
2011/04/12 17:22:42.0062 7052 Scan started
2011/04/12 17:22:42.0062 7052 Mode: Manual;
2011/04/12 17:22:42.0062 7052 ================================================================================
2011/04/12 17:22:45.0453 7052 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS

\1394ohci.sys
2011/04/12 17:22:45.0503 7052 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS

\ACPI.sys
2011/04/12 17:22:45.0533 7052 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS

\acpipmi.sys
2011/04/12 17:22:45.0619 7052 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS

\adp94xx.sys
2011/04/12 17:22:45.0656 7052 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS

\adpahci.sys
2011/04/12 17:22:45.0689 7052 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS

\adpu320.sys
2011/04/12 17:22:45.0727 7052 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers

\afd.sys
2011/04/12 17:22:45.0763 7052 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS

\agp440.sys
2011/04/12 17:22:45.0794 7052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS

\djsvs.sys
2011/04/12 17:22:45.0843 7052 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS

\aliide.sys
2011/04/12 17:22:45.0891 7052 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS

\amdagp.sys
2011/04/12 17:22:45.0910 7052 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS

\amdide.sys
2011/04/12 17:22:45.0943 7052 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS

\amdk8.sys
2011/04/12 17:22:46.0131 7052 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS

\atikmdag.sys
2011/04/12 17:22:46.0309 7052 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS

\atikmpag.sys
2011/04/12 17:22:46.0361 7052 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS

\amdppm.sys
2011/04/12 17:22:46.0398 7052 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS

\amdsata.sys
2011/04/12 17:22:46.0430 7052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS

\amdsbs.sys
2011/04/12 17:22:46.0460 7052 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS

\amdxata.sys
2011/04/12 17:22:46.0509 7052 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers

\appid.sys
2011/04/12 17:22:46.0574 7052 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS

\arc.sys
2011/04/12 17:22:46.0594 7052 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS

\arcsas.sys
2011/04/12 17:22:46.0626 7052 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS

\asyncmac.sys
2011/04/12 17:22:46.0653 7052 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS

\atapi.sys
2011/04/12 17:22:46.0858 7052 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS

\atikmdag.sys
2011/04/12 17:22:46.0984 7052 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS

\bxvbdx.sys
2011/04/12 17:22:47.0024 7052 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS

\b57nd60x.sys
2011/04/12 17:22:47.0068 7052 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers

\Beep.sys
2011/04/12 17:22:47.0122 7052 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS

\blbdrive.sys
2011/04/12 17:22:47.0151 7052 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS

\bowser.sys
2011/04/12 17:22:47.0176 7052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS

\BrFiltLo.sys
2011/04/12 17:22:47.0195 7052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS

\BrFiltUp.sys
2011/04/12 17:22:47.0237 7052 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers

\Brserid.sys
2011/04/12 17:22:47.0260 7052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers

\BrSerWdm.sys
2011/04/12 17:22:47.0283 7052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers

\BrUsbMdm.sys
2011/04/12 17:22:47.0304 7052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers

\BrUsbSer.sys
2011/04/12 17:22:47.0356 7052 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS

\motfilt.sys
2011/04/12 17:22:47.0399 7052 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS

\BthEnum.sys
2011/04/12 17:22:47.0418 7052 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS

\bthmodem.sys
2011/04/12 17:22:47.0452 7052 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS

\bthpan.sys
2011/04/12 17:22:47.0492 7052 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers

\BTHport.sys
2011/04/12 17:22:47.0540 7052 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers

\BTHUSB.sys
2011/04/12 17:22:47.0584 7052 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS

\cdfs.sys
2011/04/12 17:22:47.0638 7052 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers

\cdrbsdrv.sys
2011/04/12 17:22:47.0681 7052 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS

\cdrom.sys
2011/04/12 17:22:47.0724 7052 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS

\circlass.sys
2011/04/12 17:22:47.0761 7052 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/12 17:22:47.0806 7052 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS

\CmBatt.sys
2011/04/12 17:22:47.0832 7052 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS

\cmdide.sys
2011/04/12 17:22:47.0867 7052 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers

\cng.sys
2011/04/12 17:22:47.0901 7052 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS

\compbatt.sys
2011/04/12 17:22:47.0935 7052 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS

\CompositeBus.sys
2011/04/12 17:22:47.0976 7052 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS

\crcdisk.sys
2011/04/12 17:22:48.0087 7052 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder

\SysInfo.sys
2011/04/12 17:22:48.0147 7052 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers

\csc.sys
2011/04/12 17:22:48.0207 7052 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers

\dfsc.sys
2011/04/12 17:22:48.0244 7052 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers

\discache.sys
2011/04/12 17:22:48.0283 7052 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS

\disk.sys
2011/04/12 17:22:48.0331 7052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers

\drmkaud.sys
2011/04/12 17:22:48.0388 7052 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers

\dxgkrnl.sys
2011/04/12 17:22:48.0464 7052 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS

\e1e6032.sys
2011/04/12 17:22:48.0576 7052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS

\evbdx.sys
2011/04/12 17:22:48.0722 7052 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers

\ElbyCDIO.sys
2011/04/12 17:22:48.0764 7052 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS

\elxstor.sys
2011/04/12 17:22:48.0794 7052 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS

\errdev.sys
2011/04/12 17:22:48.0846 7052 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers

\exfat.sys
2011/04/12 17:22:48.0876 7052 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers

\fastfat.sys
2011/04/12 17:22:48.0933 7052 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS

\fdc.sys
2011/04/12 17:22:48.0970 7052 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers

\fileinfo.sys
2011/04/12 17:22:48.0993 7052 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers

\filetrace.sys
2011/04/12 17:22:49.0036 7052 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS

\flpydisk.sys
2011/04/12 17:22:49.0076 7052 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers

\fltmgr.sys
2011/04/12 17:22:49.0120 7052 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers

\FsDepends.sys
2011/04/12 17:22:49.0147 7052 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers

\Fs_Rec.sys
2011/04/12 17:22:49.0190 7052 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS

\fvevol.sys
2011/04/12 17:22:49.0229 7052 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS

\gagp30kx.sys
2011/04/12 17:22:49.0268 7052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS

\GEARAspiWDM.sys
2011/04/12 17:22:49.0339 7052 hcw18bda (0605442a9148c1e8008c7225d0617c77) C:\Windows\system32\drivers

\hcw18bda.sys
2011/04/12 17:22:49.0389 7052 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers

\hcw85cir.sys
2011/04/12 17:22:49.0435 7052 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers

\HdAudio.sys
2011/04/12 17:22:49.0470 7052 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS

\HDAudBus.sys
2011/04/12 17:22:49.0490 7052 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS

\HidBatt.sys
2011/04/12 17:22:49.0513 7052 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS

\hidbth.sys
2011/04/12 17:22:49.0553 7052 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS

\hidir.sys
2011/04/12 17:22:49.0605 7052 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS

\hidusb.sys
2011/04/12 17:22:49.0658 7052 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS

\HpSAMD.sys
2011/04/12 17:22:49.0695 7052 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers

\HTTP.sys
2011/04/12 17:22:49.0725 7052 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers

\hwpolicy.sys
2011/04/12 17:22:49.0759 7052 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS

\i8042prt.sys
2011/04/12 17:22:49.0797 7052 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS

\iaStorV.sys
2011/04/12 17:22:49.0836 7052 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS

\iirsp.sys
2011/04/12 17:22:49.0874 7052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS

\intelide.sys
2011/04/12 17:22:49.0903 7052 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS

\intelppm.sys
2011/04/12 17:22:49.0998 7052 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS

\ipfltdrv.sys
2011/04/12 17:22:50.0066 7052 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS

\IPMIDrv.sys
2011/04/12 17:22:50.0089 7052 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers

\ipnat.sys
2011/04/12 17:22:50.0129 7052 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers

\irenum.sys
2011/04/12 17:22:50.0150 7052 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS

\isapnp.sys
2011/04/12 17:22:50.0180 7052 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS

\msiscsi.sys
2011/04/12 17:22:50.0215 7052 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS

\kbdclass.sys
2011/04/12 17:22:50.0253 7052 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS

\kbdhid.sys
2011/04/12 17:22:50.0285 7052 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers

\ksecdd.sys
2011/04/12 17:22:50.0334 7052 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers

\ksecpkg.sys
2011/04/12 17:22:50.0423 7052 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS

\LHidFilt.Sys
2011/04/12 17:22:50.0470 7052 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS

\lltdio.sys
2011/04/12 17:22:50.0507 7052 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS

\LMouFilt.Sys
2011/04/12 17:22:50.0548 7052 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS

\lsi_fc.sys
2011/04/12 17:22:50.0578 7052 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS

\lsi_sas.sys
2011/04/12 17:22:50.0608 7052 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS

\lsi_sas2.sys
2011/04/12 17:22:50.0636 7052 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS

\lsi_scsi.sys
2011/04/12 17:22:50.0671 7052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers

\luafv.sys
2011/04/12 17:22:50.0718 7052 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers

\LUsbFilt.Sys
2011/04/12 17:22:50.0750 7052 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS

\megasas.sys
2011/04/12 17:22:50.0793 7052 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS

\MegaSR.sys
2011/04/12 17:22:50.0832 7052 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers

\modem.sys
2011/04/12 17:22:50.0882 7052 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS

\monitor.sys
2011/04/12 17:22:50.0925 7052 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers

\motoandroid.sys
2011/04/12 17:22:50.0984 7052 motccgp (e9bb4f3a075227da0bf00c0f8ed46829) C:\Windows\system32\DRIVERS

\motccgp.sys
2011/04/12 17:22:51.0006 7052 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS

\motccgpfl.sys
2011/04/12 17:22:51.0035 7052 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\Windows\system32\DRIVERS

\motmodem.sys
2011/04/12 17:22:51.0060 7052 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS

\motswch.sys
2011/04/12 17:22:51.0090 7052 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS

\Motousbnet.sys
2011/04/12 17:22:51.0148 7052 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS

\motusbdevice.sys
2011/04/12 17:22:51.0197 7052 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS

\mouclass.sys
2011/04/12 17:22:51.0247 7052 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS

\mouhid.sys
2011/04/12 17:22:51.0272 7052 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers

\mountmgr.sys
2011/04/12 17:22:51.0298 7052 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS

\mpio.sys
2011/04/12 17:22:51.0327 7052 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers

\mpsdrv.sys
2011/04/12 17:22:51.0364 7052 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers

\mrxdav.sys
2011/04/12 17:22:51.0401 7052 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS

\mrxsmb.sys
2011/04/12 17:22:51.0441 7052 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS

\mrxsmb10.sys
2011/04/12 17:22:51.0490 7052 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS

\mrxsmb20.sys
2011/04/12 17:22:51.0521 7052 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS

\msahci.sys
2011/04/12 17:22:51.0551 7052 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS

\msdsm.sys
2011/04/12 17:22:51.0585 7052 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers

\Msfs.sys
2011/04/12 17:22:51.0610 7052 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers

\mshidkmdf.sys
2011/04/12 17:22:51.0640 7052 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS

\msisadrv.sys
2011/04/12 17:22:51.0684 7052 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers

\MSKSSRV.sys
2011/04/12 17:22:51.0710 7052 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers

\MSPCLOCK.sys
2011/04/12 17:22:51.0732 7052 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers

\MSPQM.sys
2011/04/12 17:22:51.0764 7052 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers

\MsRPC.sys
2011/04/12 17:22:51.0793 7052 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS

\mssmbios.sys
2011/04/12 17:22:51.0824 7052 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers

\MSTEE.sys
2011/04/12 17:22:51.0852 7052 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS

\MTConfig.sys
2011/04/12 17:22:51.0876 7052 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers

\mup.sys
2011/04/12 17:22:51.0928 7052 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS

\nwifi.sys
2011/04/12 17:22:51.0981 7052 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers

\ndis.sys
2011/04/12 17:22:52.0022 7052 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS

\ndiscap.sys
2011/04/12 17:22:52.0056 7052 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS

\ndistapi.sys
2011/04/12 17:22:52.0088 7052 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS

\ndisuio.sys
2011/04/12 17:22:52.0118 7052 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS

\ndiswan.sys
2011/04/12 17:22:52.0150 7052 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers

\NDProxy.sys
2011/04/12 17:22:52.0189 7052 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS

\netbios.sys
2011/04/12 17:22:52.0215 7052 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS

\netbt.sys
2011/04/12 17:22:52.0282 7052 netr28u (105a0947e6e01e5a6b76dad87547cd89) C:\Windows\system32\DRIVERS

\netr28u.sys
2011/04/12 17:22:52.0347 7052 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS

\nfrd960.sys
2011/04/12 17:22:52.0379 7052 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers

\Npfs.sys
2011/04/12 17:22:52.0412 7052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers

\nsiproxy.sys
2011/04/12 17:22:52.0467 7052 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers

\Ntfs.sys
2011/04/12 17:22:52.0518 7052 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers

\Null.sys
2011/04/12 17:22:52.0559 7052 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS

\nvraid.sys
2011/04/12 17:22:52.0598 7052 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS

\nvstor.sys
2011/04/12 17:22:52.0631 7052 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS

\nv_agp.sys
2011/04/12 17:22:52.0658 7052 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS

\ohci1394.sys
2011/04/12 17:22:52.0721 7052 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS

\parport.sys
2011/04/12 17:22:52.0750 7052 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers

\partmgr.sys
2011/04/12 17:22:52.0774 7052 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS

\parvdm.sys
2011/04/12 17:22:52.0811 7052 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS

\pci.sys
2011/04/12 17:22:52.0839 7052 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS

\pciide.sys
2011/04/12 17:22:52.0870 7052 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS

\pcmcia.sys
2011/04/12 17:22:52.0904 7052 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers

\pcw.sys
2011/04/12 17:22:52.0945 7052 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers

\peauth.sys
2011/04/12 17:22:53.0148 7052 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS

\raspptp.sys
2011/04/12 17:22:53.0179 7052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS

\processr.sys
2011/04/12 17:22:53.0231 7052 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS

\pacer.sys
2011/04/12 17:22:53.0279 7052 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers

\PxHelp20.sys
2011/04/12 17:22:53.0333 7052 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS

\ql2300.sys
2011/04/12 17:22:53.0412 7052 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS

\ql40xx.sys
2011/04/12 17:22:53.0450 7052 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers

\qwavedrv.sys
2011/04/12 17:22:53.0476 7052 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS

\rasacd.sys
2011/04/12 17:22:53.0517 7052 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS

\AgileVpn.sys
2011/04/12 17:22:53.0550 7052 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS

\rasl2tp.sys
2011/04/12 17:22:53.0595 7052 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS

\raspppoe.sys
2011/04/12 17:22:53.0625 7052 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS

\rassstp.sys
2011/04/12 17:22:53.0662 7052 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS

\rdbss.sys
2011/04/12 17:22:53.0691 7052 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS

\rdpbus.sys
2011/04/12 17:22:53.0719 7052 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS

\RDPCDD.sys
2011/04/12 17:22:53.0750 7052 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers

\rdpdr.sys
2011/04/12 17:22:53.0788 7052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers

\rdpencdd.sys
2011/04/12 17:22:53.0818 7052 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers

\rdprefmp.sys
2011/04/12 17:22:53.0839 7052 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers

\RDPWD.sys
2011/04/12 17:22:53.0891 7052 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers

\rdyboost.sys
2011/04/12 17:22:53.0958 7052 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS

\rfcomm.sys
2011/04/12 17:22:54.0010 7052 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS

\rspndr.sys
2011/04/12 17:22:54.0039 7052 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS

\vms3cap.sys
2011/04/12 17:22:54.0097 7052 SaiK0728 (3c487b02017a5dd97e4a6b6032a3693b) C:\Windows\system32\DRIVERS

\SaiK0728.sys
2011/04/12 17:22:54.0141 7052 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS

\sbp2port.sys
2011/04/12 17:22:54.0175 7052 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS

\scfilter.sys
2011/04/12 17:22:54.0229 7052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers

\secdrv.sys
2011/04/12 17:22:54.0280 7052 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS

\serenum.sys
2011/04/12 17:22:54.0319 7052 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS

\serial.sys
2011/04/12 17:22:54.0346 7052 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS

\sermouse.sys
2011/04/12 17:22:54.0387 7052 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS

\sffdisk.sys
2011/04/12 17:22:54.0410 7052 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS

\sffp_mmc.sys
2011/04/12 17:22:54.0433 7052 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS

\sffp_sd.sys
2011/04/12 17:22:54.0456 7052 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS

\sfloppy.sys
2011/04/12 17:22:54.0500 7052 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS

\sisagp.sys
2011/04/12 17:22:54.0532 7052 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS

\SiSRaid2.sys
2011/04/12 17:22:54.0557 7052 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS

\sisraid4.sys
2011/04/12 17:22:54.0592 7052 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS

\smb.sys
2011/04/12 17:22:54.0638 7052 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers

\spldr.sys
2011/04/12 17:22:54.0746 7052 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS

\srv.sys
2011/04/12 17:22:54.0781 7052 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS

\srv2.sys
2011/04/12 17:22:54.0817 7052 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS

\srvnet.sys
2011/04/12 17:22:54.0881 7052 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS

\stexstor.sys
2011/04/12 17:22:54.0933 7052 STHDA (591e0da800f1a5833a0ff6c865c395ea) C:\Windows\system32\DRIVERS

\stwrt.sys
2011/04/12 17:22:54.0977 7052 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS

\vmstorfl.sys
2011/04/12 17:22:55.0005 7052 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS

\storvsc.sys
2011/04/12 17:22:55.0031 7052 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS

\swenum.sys
2011/04/12 17:22:55.0294 7052 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers

\tcpip.sys
2011/04/12 17:22:55.0395 7052 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS

\tcpip.sys
2011/04/12 17:22:55.0442 7052 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers

\tcpipreg.sys
2011/04/12 17:22:55.0477 7052 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers

\tdpipe.sys
2011/04/12 17:22:55.0497 7052 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers

\tdtcp.sys
2011/04/12 17:22:55.0537 7052 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS

\tdx.sys
2011/04/12 17:22:55.0611 7052 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS

\termdd.sys
2011/04/12 17:22:55.0692 7052 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS

\tssecsrv.sys
2011/04/12 17:22:55.0732 7052 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS

\tunnel.sys
2011/04/12 17:22:55.0759 7052 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS

\uagp35.sys
2011/04/12 17:22:55.0791 7052 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS

\udfs.sys
2011/04/12 17:22:55.0851 7052 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS

\uliagpkx.sys
2011/04/12 17:22:55.0882 7052 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS

\umbus.sys
2011/04/12 17:22:55.0913 7052 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS

\umpass.sys
2011/04/12 17:22:55.0955 7052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers

\usbaapl.sys
2011/04/12 17:22:56.0000 7052 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers

\usbaudio.sys
2011/04/12 17:22:56.0028 7052 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS

\usbccgp.sys
2011/04/12 17:22:56.0062 7052 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS

\usbcir.sys
2011/04/12 17:22:56.0090 7052 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS

\usbehci.sys
2011/04/12 17:22:56.0131 7052 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS

\usbhub.sys
2011/04/12 17:22:56.0166 7052 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS

\usbohci.sys
2011/04/12 17:22:56.0197 7052 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS

\usbprint.sys
2011/04/12 17:22:56.0239 7052 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS

\usbscan.sys
2011/04/12 17:22:56.0265 7052 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS

\USBSTOR.SYS
2011/04/12 17:22:56.0295 7052 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS

\usbuhci.sys
2011/04/12 17:22:56.0339 7052 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS

\VClone.sys
2011/04/12 17:22:56.0382 7052 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS

\vdrvroot.sys
2011/04/12 17:22:56.0412 7052 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS

\vgapnp.sys
2011/04/12 17:22:56.0443 7052 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers

\vga.sys
2011/04/12 17:22:56.0465 7052 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS

\vhdmp.sys
2011/04/12 17:22:56.0493 7052 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS

\viaagp.sys
2011/04/12 17:22:56.0519 7052 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS

\viac7.sys
2011/04/12 17:22:56.0549 7052 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS

\viaide.sys
2011/04/12 17:22:56.0580 7052 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS

\vmbus.sys
2011/04/12 17:22:56.0602 7052 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS

\VMBusHID.sys
2011/04/12 17:22:56.0630 7052 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS

\volmgr.sys
2011/04/12 17:22:56.0665 7052 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers

\volmgrx.sys
2011/04/12 17:22:56.0693 7052 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS

\volsnap.sys
2011/04/12 17:22:56.0736 7052 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS

\vsmraid.sys
2011/04/12 17:22:56.0765 7052 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS

\vwifibus.sys
2011/04/12 17:22:56.0800 7052 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS

\vwififlt.sys
2011/04/12 17:22:56.0860 7052 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS

\wacommousefilter.sys
2011/04/12 17:22:56.0885 7052 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS

\wacompen.sys
2011/04/12 17:22:56.0933 7052 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS

\wacomvhid.sys
2011/04/12 17:22:56.0972 7052 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS

\WacomVKHid.sys
2011/04/12 17:22:57.0012 7052 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS

\wanarp.sys
2011/04/12 17:22:57.0027 7052 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS

\wanarp.sys
2011/04/12 17:22:57.0084 7052 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS

\wd.sys
2011/04/12 17:22:57.0120 7052 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers

\Wdf01000.sys
2011/04/12 17:22:57.0200 7052 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS

\wfplwf.sys
2011/04/12 17:22:57.0229 7052 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers

\wimmount.sys
2011/04/12 17:22:57.0330 7052 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS

\WinUsb.sys
2011/04/12 17:22:57.0356 7052 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS

\wmiacpi.sys
2011/04/12 17:22:57.0415 7052 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers

\ws2ifsl.sys
2011/04/12 17:22:57.0460 7052 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers

\WudfPf.sys
2011/04/12 17:22:57.0492 7052 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS

\WUDFRd.sys
2011/04/12 17:22:57.0646 7052 ================================================================================
2011/04/12 17:22:57.0646 7052 Scan finished
2011/04/12 17:22:57.0647 7052 ================================================================================

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:22 PM

Posted 13 April 2011 - 06:22 AM

OK, now let's just double check your proxy settings in Firefox.

Open Firefox > Tools > Options > Advanced > Network > Settings

If a proxy is listed here, click the "No Proxy" option.

Click OK > OK.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 paulternate

paulternate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 13 April 2011 - 07:35 PM

Ok, I checked the settings in Firefox and it was set-up to use the computers proxy settings. I clicked "No Proxy" and restarted Firefox.

It used to be that every once in a while I was able to search google and the first couple links I clicked would work no problem, then after two or so times of working properly it would go back to redirecting me to scam sites. Now, I get one of two things when clicking on a google search result; Either one of the many scam redirects, or this: http://msdn.microsoft.com/en-us/aa570318.aspx
It also seems that when clicking on a google alert feed that goes through my google reader it redirects to the MSDN page also.

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:22 PM

Posted 14 April 2011 - 05:29 AM

Just to confirm, that behaviour is still happening?

Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:22 PM

Posted 15 April 2011 - 01:46 PM

Hi there,

Just to let you know, I have asked someone to cover your topic for me for the next few days. I am out of town for a while and cannot guarantee a speedy response - so fireman4it will be helping you.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 paulternate

paulternate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 April 2011 - 11:24 AM

Thank you both for your help. I just wanted you to know that my situation got increasingly worse and Friday I was unable to use the computer at all. I reformatted and all is right with the world again. Sorry to waste your time trying to fix the google redirect problem.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:22 PM

Posted 17 April 2011 - 03:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users