Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image error pop up *every time* I open any program


  • This topic is locked This topic is locked
8 replies to this topic

#1 Tony72

Tony72

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana, U.S.A.
  • Local time:02:20 PM

Posted 08 May 2011 - 01:22 AM

Recently, I have been getting an odd pop-up error anytime I open a program. The box appears with (for example) "firefox.exe - Bad Image" in the title bar, followed by the following message:

"C:\PROGRA-1\Google\GOOGLE-3\GO36F4-1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

This happens anytime a new program or service is started (I see one right before I enter my login password, at least 10 of these once I have logged on). However, except for the annoying pop ups, the computer and whatever I try to run (so far, anyway) works normally. The program I am trying to open runs once the pop up is closed. AVG and sfc have found nothing (The file name being mentioned makes me suspect some form of malware that AVG can't catch), and I'm open to suggestions.

I'd like to send whatever this is packing, and a big thank you in advance to whoever can point me in the right direction.

Here are my DDS (I saw at least 50 of those "Bad Image" errors during the DDS scan, which was otherwise successfully completed) and GMER logs, in that order: (I'll gladly provide any other information that I can if needed)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tony at 12:52:19.49 on Sat 05/07/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1398 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Tony\Desktop\dds(1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tony\appdata\roaming\mozilla\firefox\profiles\2ttj86sc.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-29 947528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-1-24 193840]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-1-21 30192]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-07 04:29:47 -------- d-----w- c:\users\tony\appdata\local\{B2DC8EBF-7C0A-4150-8C92-B97BFAFD7586}
2011-05-06 13:11:46 -------- d-----w- c:\users\tony\appdata\local\{048D475E-81EF-4E5A-94ED-BF843D134C90}
2011-05-06 00:48:36 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-05-06 00:40:05 -------- d-----w- C:\NVIDIA
2011-05-05 22:43:05 -------- d-----w- c:\users\tony\appdata\local\{7AA889AA-7DEB-4A70-8E55-95FE712F86AB}
2011-05-04 18:31:39 -------- d-----w- c:\users\tony\appdata\local\{6A369090-9D78-4823-B02F-1A5819022329}
2011-05-03 19:17:03 -------- d-----w- c:\users\tony\appdata\local\{EAC29480-31F2-4E48-A6EE-84A32723D73D}
2011-05-02 18:21:47 -------- d-----w- c:\users\tony\appdata\local\{6BBEB97F-AD81-422C-A592-F1549319DD02}
2011-05-01 18:59:43 -------- d-----w- c:\windows\system32\SPReview
2011-05-01 17:06:04 -------- d-----w- c:\users\tony\appdata\local\{721CBAFB-190E-46AE-BF52-14CAB60A9CDB}
2011-05-01 12:53:32 -------- d-----w- c:\windows\system32\wbem\lt-LT
2011-05-01 12:27:12 -------- d-----w- c:\windows\system32\wbem\ja-JP
2011-05-01 12:13:34 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui
2011-05-01 12:13:18 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll
2011-05-01 12:13:18 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll
2011-05-01 12:13:18 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll
2011-05-01 12:13:18 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll
2011-05-01 12:12:52 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2011-05-01 12:09:41 -------- d-----w- c:\windows\system32\wbem\lv-LV
2011-05-01 11:54:27 -------- d-----w- c:\windows\system32\wbem\el-GR
2011-05-01 11:35:29 4096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\el-gr\LXKPTPRC.DLL.mui
2011-05-01 10:18:15 -------- d-----w- c:\windows\system32\wbem\tr-TR
2011-05-01 10:08:46 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\tr-tr\LXKPTPRC.DLL.mui
2011-05-01 10:04:04 -------- d-----w- c:\windows\system32\wbem\hu-HU
2011-05-01 09:54:12 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hu-hu\LXKPTPRC.DLL.mui
2011-05-01 09:44:29 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-05-01 09:35:31 4096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-pt\LXKPTPRC.DLL.mui
2011-05-01 09:29:42 -------- d-----w- c:\windows\system32\wbem\nl-NL
2011-05-01 09:20:42 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\nl-nl\LXKPTPRC.DLL.mui
2011-05-01 09:12:29 -------- d-----w- c:\windows\system32\wbem\da-DK
2011-05-01 09:04:07 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\da-dk\LXKPTPRC.DLL.mui
2011-05-01 08:59:12 -------- d-----w- c:\windows\system32\wbem\sv-SE
2011-05-01 08:49:58 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sv-se\LXKPTPRC.DLL.mui
2011-05-01 08:45:57 -------- d-----w- c:\windows\system32\wbem\ro-RO
2011-05-01 08:33:37 -------- d-----w- c:\windows\system32\wbem\ar-SA
2011-05-01 08:23:00 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ar-sa\LXKPTPRC.DLL.mui
2011-05-01 08:18:43 -------- d-----w- c:\windows\system32\wbem\bg-BG
2011-05-01 08:00:03 -------- d-----w- c:\windows\system32\wbem\pl-PL
2011-05-01 07:45:59 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pl-pl\LXKPTPRC.DLL.mui
2011-05-01 07:39:27 -------- d-----w- c:\windows\system32\wbem\pt-BR
2011-05-01 07:29:50 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-br\LXKPTPRC.DLL.mui
2011-05-01 07:24:25 -------- d-----w- c:\windows\system32\wbem\ru-RU
2011-05-01 07:12:52 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ru-ru\LXKPTPRC.DLL.mui
2011-05-01 05:05:38 -------- d-----w- c:\users\tony\appdata\local\{AEE9DD46-6016-45D8-A989-11A0ADD0FEC3}
2011-04-30 23:09:21 -------- d-----w- c:\windows\system32\wbem\es-ES
2011-04-30 23:01:17 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\es-es\LXKPTPRC.DLL.mui
2011-04-30 22:58:40 -------- d-----w- c:\windows\system32\wbem\th-TH
2011-04-30 22:50:45 -------- d-----w- c:\windows\system32\wbem\he-IL
2011-04-30 22:43:58 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\he-il\LXKPTPRC.DLL.mui
2011-04-30 22:41:12 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2011-04-30 22:34:30 -------- d-----w- c:\windows\system32\wbem\uk-UA
2011-04-30 22:24:48 -------- d-----w- c:\windows\system32\wbem\it-IT
2011-04-30 22:19:06 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\it-it\LXKPTPRC.DLL.mui
2011-04-30 22:16:34 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-04-30 22:08:17 -------- d-----w- c:\windows\system32\wbem\zh-TW
2011-04-30 22:08:16 -------- d-----w- c:\windows\system32\wbem\zh-HK
2011-04-30 22:02:08 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2011-04-30 22:01:55 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2011-04-30 22:01:55 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2011-04-30 21:57:05 -------- d-----w- c:\windows\system32\wbem\ko-KR
2011-04-30 21:51:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui
2011-04-30 21:50:51 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll
2011-04-30 21:50:51 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll
2011-04-30 21:46:09 -------- d-----w- c:\windows\system32\wbem\fr-FR
2011-04-30 21:40:42 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui
2011-04-30 21:36:13 -------- d-----w- c:\windows\system32\wbem\cs-CZ
2011-04-30 21:31:01 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\cs-cz\LXKPTPRC.DLL.mui
2011-04-30 21:27:24 -------- d-----w- c:\windows\system32\wbem\fi-FI
2011-04-30 21:22:56 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fi-fi\LXKPTPRC.DLL.mui
2011-04-30 21:18:37 -------- d-----w- c:\windows\system32\wbem\zh-CN
2011-04-30 21:12:51 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui
2011-04-30 21:12:39 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll
2011-04-30 21:12:38 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll
2011-04-30 21:12:38 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll
2011-04-30 21:09:51 -------- d-----w- c:\windows\system32\wbem\sl-SI
2011-04-30 21:04:30 -------- d-----w- c:\windows\system32\wbem\et-EE
2011-04-30 20:58:13 -------- d-----w- c:\windows\system32\wbem\hr-HR
2011-04-30 20:51:08 -------- d-----w- c:\windows\system32\wbem\nb-NO
2011-04-30 20:46:24 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\nb-no\LXKPTPRC.DLL.mui
2011-04-30 20:41:55 -------- d-----w- c:\windows\system32\wbem\de-DE
2011-04-30 20:35:41 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\de-de\LXKPTPRC.DLL.mui
2011-04-30 17:34:08 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-30 17:11:06 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-04-30 17:11:06 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-04-30 17:10:52 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-04-30 17:10:51 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-30 17:10:12 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-30 15:40:25 -------- d-----w- c:\windows\CheckSur
2011-04-30 14:51:48 -------- d-----w- C:\e8aed6439c53c2d04a
2011-04-30 05:13:47 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-30 05:13:47 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-30 05:13:46 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-30 05:13:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-30 05:13:45 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-30 05:13:45 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-30 05:13:44 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-30 05:13:44 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-30 05:13:43 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-30 05:10:01 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-30 05:06:21 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-30 05:02:38 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-04-30 05:01:59 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-04-30 05:00:58 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-30 05:00:58 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-30 05:00:57 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-30 05:00:55 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-30 05:00:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-30 05:00:48 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-04-30 05:00:45 224256 ----a-w- c:\windows\system32\schannel.dll
2011-04-30 05:00:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-04-30 04:58:42 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-04-30 04:57:59 314368 ----a-w- c:\windows\system32\webio.dll
2011-04-30 04:57:57 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-30 04:57:54 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-30 04:57:53 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-30 04:57:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-30 04:57:52 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-30 04:57:51 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-04-30 04:57:48 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-30 04:57:46 34816 ----a-w- c:\windows\system32\msasn1.dll
2011-04-30 04:57:45 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-04-30 04:57:43 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-04-30 04:45:22 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-30 04:45:22 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-30 04:45:21 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-30 03:32:42 -------- d-----w- c:\users\tony\appdata\roaming\AVG10
2011-04-30 03:22:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-30 03:04:11 -------- d-----w- c:\users\tony\appdata\local\{D1300AE8-4D88-468F-917D-964D50F8FD49}
2011-04-30 01:54:36 -------- d-----w- c:\windows\Panther
2011-04-30 01:24:53 -------- d--h--w- C:\$WINDOWS.~Q
2011-04-30 01:18:15 -------- d--h--w- C:\$INPLACE.~TR
2011-04-30 00:42:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-04-30 00:41:38 132608 ----a-w- c:\windows\system32\cabview.dll
2011-04-30 00:40:36 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-30 00:40:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-30 00:40:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-30 00:40:36 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-30 00:40:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-30 00:39:32 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-29 23:00:07 -------- d-----w- c:\program files\Synaptics
2011-04-29 22:59:53 584296 ----a-w- c:\windows\system32\nvuninst.exe
2011-04-29 22:59:15 -------- d-----w- c:\program files\Motorola
2011-04-29 22:58:53 -------- d-----w- c:\windows\system32\RTCOM
2011-04-29 13:10:20 -------- d-----w- c:\users\tony\appdata\local\{0A50A5A6-82A9-48E6-B38A-9035B5EBF359}
2011-04-28 20:27:26 -------- d-----w- c:\users\tony\appdata\local\{1290C4C1-DB87-4F56-9F3B-BC5434CBC8DC}
2011-04-27 18:11:30 -------- d-----w- c:\users\tony\appdata\local\{CD335113-95B4-462F-B145-EEC075F233D3}
2011-04-27 03:31:26 -------- d-----w- c:\program files\BitTorrent
2011-04-26 19:48:11 -------- d-----w- c:\windows\system32\EventProviders
2011-04-26 17:59:42 -------- d-----w- c:\program files\Microsoft Easy Assist
2011-04-26 17:56:47 -------- d-----w- c:\progra~2\Applications
2011-04-26 17:09:06 -------- d-----w- c:\users\tony\appdata\local\{BC430EF4-142A-455F-B724-3E2761BD847D}
2011-04-26 04:10:14 -------- d-----w- c:\users\tony\appdata\local\{8010B076-9231-4892-A1C2-D04CC5301928}
2011-04-25 14:54:55 -------- d-----w- c:\users\tony\appdata\local\{0AEEB7F7-FB5A-402D-A21C-0D841DA1C26C}
2011-04-24 15:44:47 -------- d-----w- c:\users\tony\appdata\local\{8D985EA9-644C-4BEB-86EF-93F4946AE7F1}
2011-04-24 13:51:14 -------- d-----w- C:\MGADiagToolOutput
2011-04-23 22:18:43 -------- d-----w- c:\users\tony\appdata\local\{0822A082-FD38-4029-AEF3-C7AC73737998}
2011-04-22 13:32:26 -------- d-----w- c:\users\tony\appdata\local\{3EDC6E98-3505-438A-B3FF-276DE47FDEE2}
2011-04-21 15:28:53 -------- d-----w- c:\users\tony\appdata\local\{5A5A1B72-D2A1-43C8-A91B-0807D83DBE4B}
2011-04-20 15:14:26 -------- d-----w- c:\users\tony\appdata\local\{59D1B2E7-2CEC-4240-BBFD-619BDE9EE4A2}
2011-04-19 15:54:10 -------- d-----w- c:\users\tony\appdata\local\{F753F1C4-37F1-42B0-A03A-51B631C9F3DA}
2011-04-19 15:26:38 -------- d-----w- c:\users\tony\appdata\local\{65AD3424-60C1-483A-B41C-AD753820ED4A}
2011-04-18 18:23:57 -------- d-----w- c:\users\tony\appdata\local\{E653077A-E816-488C-817B-01BE2C7D4DCB}
2011-04-17 17:50:18 -------- d-----w- c:\users\tony\appdata\local\{0FEBA89F-17C4-4C8E-85A8-BC4EAB56007B}
2011-04-17 05:32:20 -------- d-----w- c:\users\tony\appdata\local\{DABB6838-328C-4DEE-ADA6-15BC816F463E}
2011-04-16 17:20:02 -------- d-----w- c:\users\tony\appdata\local\{33791A23-A6D5-418B-BE44-468673AA3B73}
2011-04-16 03:09:46 -------- d-----w- c:\users\tony\appdata\local\{FF78CDF7-984B-444F-88AB-526B4E3232FD}
2011-04-15 12:57:57 -------- d-----w- c:\users\tony\appdata\local\{B4542065-2F31-48FB-8FE5-591F81C52123}
2011-04-14 21:57:26 -------- d-----w- c:\users\tony\appdata\local\{686F4360-6D24-41E6-8992-3A9C596C92B1}
2011-04-13 21:11:58 -------- d-----w- c:\users\tony\appdata\local\{61F1BD8A-32A7-499C-9E77-5F5BC9327930}
2011-04-13 18:27:34 -------- d-----w- c:\users\tony\appdata\local\{A0B2BE47-0F16-41C0-B0F9-A5C312ACB3B5}
2011-04-12 19:47:20 -------- d-----w- c:\users\tony\appdata\local\{D58F78C1-F87F-45BF-9089-EEA262521202}
2011-04-12 03:04:26 -------- d-----w- c:\program files\SpeedFan
2011-04-11 15:32:11 -------- d-----w- c:\users\tony\appdata\local\{40F5F47B-DBC4-4BB0-AE74-46C54F070207}
2011-04-10 16:42:30 -------- d-----w- c:\users\tony\appdata\local\{3205F2DF-EBD6-43BA-8170-B049577345CA}
2011-04-10 06:50:26 -------- d--h--w- C:\$AVG
2011-04-10 05:15:20 -------- d-----w- c:\users\tony\appdata\local\AVG Security Toolbar
2011-04-10 04:45:28 -------- d--h--w- c:\progra~2\Common Files
2011-04-10 04:45:18 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-04-10 04:43:53 -------- d-----w- c:\progra~2\AVG10
2011-04-10 04:42:12 -------- d-----w- c:\program files\AVG
2011-04-10 04:35:14 -------- d-----w- c:\progra~2\MFAData
2011-04-10 03:53:00 -------- d-----w- c:\users\tony\appdata\local\{084175B7-2D7D-415F-8688-8238A6F5CEF3}
2011-04-09 23:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 23:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 13:55:21 -------- d-----w- c:\users\tony\appdata\local\{3E167FEA-B055-4366-AD51-D162273424E6}
2011-04-08 18:10:25 -------- d-----w- c:\users\tony\appdata\local\{5ECDEE2C-31AD-49D1-BA24-48514EF47F13}
2011-04-08 04:00:32 -------- d-----w- c:\users\tony\appdata\local\{9824CF74-24AD-47B1-9B53-C42B47E6D507}
.
==================== Find3M ====================
.
2011-03-23 19:54:51 12580112 ----a-w- c:\users\tony\Firefox Setup 4.0.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe
.
============= FINISH: 13:04:36.74 ===============


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-08 00:51:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Tony\AppData\Local\Temp\ufldqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9CBBC7A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9CBBC848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9CBBC8E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9CBBC980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4B589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E70092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82E77AF8 4 Bytes [A0, C7, BB, 9C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82E77DC8 8 Bytes [48, C8, BB, 9C, E4, C8, BB, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82E77E3C 4 Bytes [80, C9, BB, 9C] {OR CL, 0xbb; PUSHF }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3912] ntdll.dll!LdrLoadDll 771BF5B5 5 Bytes JMP 00DF1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Update, for anyone keeping score at home:

I ran system restore (really should have thought of that earlier...*facepalm*) to a restore point dated a couple of weeks ago. So far, no annoying "bad image" pop-ups (*fingers crossed*). However, if anyone out there knows what causes this sort of thing, let me know.

EDIT: Posts merged ~Budapest

Edited by Budapest, 12 May 2011 - 04:50 PM.

"To err is human, but to really foul things up requires a computer." - Farmers' Almanac, 1978

HP Pavilion dv6780se Notebook, Windows 7 Ultimate, protected by AVG Free, mainly used for controlling the zombie population.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 17 May 2011 - 07:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Tony72

Tony72
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana, U.S.A.
  • Local time:02:20 PM

Posted 17 May 2011 - 10:40 PM

I'm still here. Thanks for the reply.
"To err is human, but to really foul things up requires a computer." - Farmers' Almanac, 1978

HP Pavilion dv6780se Notebook, Windows 7 Ultimate, protected by AVG Free, mainly used for controlling the zombie population.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 18 May 2011 - 11:54 AM

First start with TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Tony72

Tony72
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana, U.S.A.
  • Local time:02:20 PM

Posted 18 May 2011 - 11:15 PM

m0le:

I have run both scans successfully, and here are the results. Let me know if I need to do anything else:

TDSSKiller:
2011/05/18 23:07:46.0213 5500 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 23:07:46.0821 5500 ================================================================================
2011/05/18 23:07:46.0821 5500 SystemInfo:
2011/05/18 23:07:46.0821 5500
2011/05/18 23:07:46.0821 5500 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/18 23:07:46.0821 5500 Product type: Workstation
2011/05/18 23:07:46.0821 5500 ComputerName: COPPERDRAGON
2011/05/18 23:07:46.0821 5500 UserName: Tony
2011/05/18 23:07:46.0821 5500 Windows directory: C:\Windows
2011/05/18 23:07:46.0821 5500 System windows directory: C:\Windows
2011/05/18 23:07:46.0821 5500 Processor architecture: Intel x86
2011/05/18 23:07:46.0821 5500 Number of processors: 2
2011/05/18 23:07:46.0821 5500 Page size: 0x1000
2011/05/18 23:07:46.0821 5500 Boot type: Normal boot
2011/05/18 23:07:46.0821 5500 ================================================================================
2011/05/18 23:07:48.0288 5500 Initialize success
2011/05/18 23:07:55.0011 4764 ================================================================================
2011/05/18 23:07:55.0011 4764 Scan started
2011/05/18 23:07:55.0011 4764 Mode: Manual;
2011/05/18 23:07:55.0011 4764 ================================================================================
2011/05/18 23:07:57.0960 4764 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/18 23:07:58.0038 4764 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/18 23:07:58.0116 4764 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/18 23:07:58.0194 4764 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/18 23:07:58.0240 4764 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/18 23:07:58.0287 4764 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/18 23:07:58.0396 4764 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/18 23:07:58.0428 4764 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/18 23:07:58.0474 4764 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/18 23:07:58.0537 4764 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/18 23:07:58.0568 4764 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/18 23:07:58.0584 4764 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/18 23:07:58.0630 4764 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/18 23:07:58.0662 4764 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/18 23:07:58.0693 4764 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/18 23:07:58.0724 4764 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/18 23:07:58.0755 4764 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/18 23:07:58.0833 4764 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/18 23:07:58.0880 4764 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/18 23:07:58.0911 4764 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/18 23:07:58.0989 4764 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 23:07:59.0052 4764 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/18 23:07:59.0161 4764 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/18 23:07:59.0208 4764 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/18 23:07:59.0223 4764 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/18 23:07:59.0254 4764 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/05/18 23:07:59.0301 4764 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/18 23:07:59.0332 4764 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/18 23:07:59.0395 4764 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/18 23:07:59.0457 4764 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/05/18 23:07:59.0582 4764 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/18 23:07:59.0644 4764 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/18 23:07:59.0722 4764 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/18 23:07:59.0785 4764 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/18 23:07:59.0847 4764 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 23:07:59.0878 4764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/18 23:07:59.0910 4764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/18 23:07:59.0956 4764 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/18 23:07:59.0988 4764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/18 23:08:00.0019 4764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/18 23:08:00.0050 4764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/18 23:08:00.0081 4764 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/18 23:08:00.0144 4764 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 23:08:00.0175 4764 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 23:08:00.0222 4764 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/18 23:08:00.0268 4764 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/18 23:08:00.0346 4764 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/18 23:08:00.0362 4764 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/18 23:08:00.0409 4764 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/18 23:08:00.0440 4764 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/18 23:08:00.0487 4764 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/18 23:08:00.0549 4764 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/18 23:08:00.0643 4764 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/18 23:08:00.0721 4764 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 23:08:00.0752 4764 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/18 23:08:00.0814 4764 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/18 23:08:00.0892 4764 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 23:08:00.0970 4764 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 23:08:01.0158 4764 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/18 23:08:01.0345 4764 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/18 23:08:01.0376 4764 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/18 23:08:01.0470 4764 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/18 23:08:01.0501 4764 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 23:08:01.0610 4764 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 23:08:01.0657 4764 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 23:08:01.0688 4764 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 23:08:01.0719 4764 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 23:08:01.0782 4764 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 23:08:01.0828 4764 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/18 23:08:01.0844 4764 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 23:08:01.0922 4764 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/18 23:08:01.0969 4764 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/18 23:08:02.0031 4764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/18 23:08:02.0125 4764 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 23:08:02.0140 4764 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/18 23:08:02.0172 4764 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/18 23:08:02.0218 4764 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/18 23:08:02.0250 4764 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 23:08:02.0312 4764 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/18 23:08:02.0343 4764 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/05/18 23:08:02.0390 4764 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/18 23:08:02.0452 4764 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 23:08:02.0499 4764 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/18 23:08:02.0546 4764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 23:08:02.0593 4764 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/18 23:08:02.0624 4764 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/18 23:08:02.0796 4764 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/18 23:08:03.0076 4764 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/18 23:08:03.0139 4764 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 23:08:03.0186 4764 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 23:08:03.0232 4764 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/18 23:08:03.0264 4764 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/18 23:08:03.0310 4764 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/18 23:08:03.0342 4764 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/18 23:08:03.0404 4764 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 23:08:03.0451 4764 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 23:08:03.0482 4764 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/18 23:08:03.0529 4764 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 23:08:03.0576 4764 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/18 23:08:03.0638 4764 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/18 23:08:03.0716 4764 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 23:08:03.0763 4764 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/18 23:08:03.0810 4764 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/18 23:08:03.0825 4764 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/18 23:08:03.0856 4764 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/18 23:08:03.0888 4764 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/18 23:08:03.0950 4764 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/18 23:08:03.0966 4764 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/18 23:08:03.0997 4764 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/18 23:08:04.0059 4764 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/18 23:08:04.0122 4764 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/18 23:08:04.0153 4764 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/18 23:08:04.0184 4764 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 23:08:04.0246 4764 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 23:08:04.0278 4764 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 23:08:04.0309 4764 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 23:08:04.0356 4764 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/18 23:08:04.0480 4764 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 23:08:04.0512 4764 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 23:08:04.0574 4764 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 23:08:04.0636 4764 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 23:08:04.0683 4764 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 23:08:04.0730 4764 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/18 23:08:04.0761 4764 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/18 23:08:04.0839 4764 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 23:08:04.0886 4764 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/18 23:08:04.0902 4764 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/18 23:08:04.0995 4764 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 23:08:05.0058 4764 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 23:08:05.0089 4764 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 23:08:05.0120 4764 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 23:08:05.0151 4764 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 23:08:05.0198 4764 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 23:08:05.0245 4764 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/18 23:08:05.0276 4764 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/18 23:08:05.0354 4764 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 23:08:05.0416 4764 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/18 23:08:05.0479 4764 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/18 23:08:05.0510 4764 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 23:08:05.0541 4764 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 23:08:05.0572 4764 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 23:08:05.0604 4764 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 23:08:05.0650 4764 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 23:08:05.0682 4764 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 23:08:05.0931 4764 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/05/18 23:08:06.0118 4764 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/18 23:08:06.0165 4764 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 23:08:06.0196 4764 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 23:08:06.0290 4764 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 23:08:06.0352 4764 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/18 23:08:06.0774 4764 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/18 23:08:07.0148 4764 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/18 23:08:07.0179 4764 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/18 23:08:07.0242 4764 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/18 23:08:07.0273 4764 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/18 23:08:07.0335 4764 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/18 23:08:07.0382 4764 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 23:08:07.0413 4764 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/18 23:08:07.0460 4764 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/18 23:08:07.0476 4764 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/18 23:08:07.0507 4764 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/18 23:08:07.0538 4764 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/18 23:08:07.0600 4764 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/18 23:08:07.0741 4764 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 23:08:07.0772 4764 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/18 23:08:07.0834 4764 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 23:08:07.0928 4764 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/18 23:08:08.0006 4764 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/18 23:08:08.0053 4764 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 23:08:08.0068 4764 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 23:08:08.0146 4764 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/18 23:08:08.0193 4764 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 23:08:08.0240 4764 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 23:08:08.0271 4764 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 23:08:08.0302 4764 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 23:08:08.0334 4764 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/18 23:08:08.0380 4764 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 23:08:08.0443 4764 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/18 23:08:08.0521 4764 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 23:08:08.0552 4764 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/18 23:08:08.0583 4764 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 23:08:08.0630 4764 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/18 23:08:08.0692 4764 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/18 23:08:08.0755 4764 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/18 23:08:08.0786 4764 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/18 23:08:08.0848 4764 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 23:08:08.0880 4764 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/18 23:08:08.0942 4764 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/18 23:08:09.0036 4764 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/18 23:08:09.0067 4764 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/18 23:08:09.0176 4764 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/18 23:08:09.0238 4764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 23:08:09.0285 4764 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/18 23:08:09.0316 4764 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/18 23:08:09.0363 4764 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/18 23:08:09.0457 4764 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/18 23:08:09.0488 4764 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/18 23:08:09.0535 4764 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/18 23:08:09.0550 4764 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/18 23:08:09.0597 4764 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/18 23:08:09.0628 4764 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/18 23:08:09.0660 4764 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/18 23:08:09.0706 4764 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 23:08:09.0800 4764 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/18 23:08:09.0909 4764 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/18 23:08:09.0987 4764 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 23:08:10.0034 4764 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 23:08:10.0065 4764 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 23:08:10.0159 4764 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/18 23:08:10.0237 4764 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/18 23:08:10.0252 4764 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/18 23:08:10.0284 4764 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 23:08:10.0315 4764 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/18 23:08:10.0455 4764 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 23:08:10.0564 4764 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 23:08:10.0627 4764 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 23:08:10.0658 4764 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 23:08:10.0689 4764 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 23:08:10.0736 4764 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 23:08:10.0767 4764 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 23:08:10.0861 4764 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 23:08:10.0908 4764 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 23:08:10.0970 4764 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/18 23:08:11.0017 4764 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 23:08:11.0079 4764 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/18 23:08:11.0110 4764 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 23:08:11.0142 4764 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/18 23:08:11.0188 4764 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 23:08:11.0220 4764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/18 23:08:11.0251 4764 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 23:08:11.0313 4764 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 23:08:11.0344 4764 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/18 23:08:11.0360 4764 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/18 23:08:11.0391 4764 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/18 23:08:11.0422 4764 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 23:08:11.0516 4764 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/18 23:08:11.0563 4764 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/18 23:08:11.0594 4764 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 23:08:11.0625 4764 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/18 23:08:11.0688 4764 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/18 23:08:11.0734 4764 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/18 23:08:11.0766 4764 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/18 23:08:11.0797 4764 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/18 23:08:11.0828 4764 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/18 23:08:11.0844 4764 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/18 23:08:11.0875 4764 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/18 23:08:11.0906 4764 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 23:08:11.0953 4764 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/18 23:08:12.0000 4764 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/18 23:08:12.0046 4764 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/18 23:08:12.0093 4764 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/18 23:08:12.0124 4764 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 23:08:12.0140 4764 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 23:08:12.0234 4764 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/18 23:08:12.0296 4764 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 23:08:12.0390 4764 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/18 23:08:12.0421 4764 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/18 23:08:12.0546 4764 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\Windows\system32\drivers\WmBEnum.sys
2011/05/18 23:08:12.0702 4764 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\Windows\system32\drivers\WmFilter.sys
2011/05/18 23:08:12.0811 4764 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/18 23:08:12.0858 4764 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\Windows\system32\drivers\WmVirHid.sys
2011/05/18 23:08:12.0889 4764 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\Windows\system32\drivers\WmXlCore.sys
2011/05/18 23:08:12.0951 4764 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 23:08:13.0014 4764 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/18 23:08:13.0123 4764 ================================================================================
2011/05/18 23:08:13.0123 4764 Scan finished
2011/05/18 23:08:13.0123 4764 ================================================================================






aswMBR:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-18 23:08:57
-----------------------------
23:08:57.521 OS Version: Windows 6.1.7600
23:08:57.521 Number of processors: 2 586 0xF0D
23:08:57.536 ComputerName: COPPERDRAGON UserName: Tony
23:09:04.088 Initialize success
23:09:11.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
23:09:11.046 Disk 0 Vendor: Size: 0MB BusType: 0
23:09:11.046 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000090
23:09:11.061 Disk 1 Vendor: Size: 0MB BusType: 0
23:09:13.121 Disk 0 MBR read successfully
23:09:13.121 Disk 0 MBR scan
23:09:13.121 Disk 0 Windows 7 default MBR code
23:09:13.121 Disk 0 MBR hidden
23:09:13.136 Disk 0 scanning C:\Windows\system32\drivers
23:09:25.679 Service scanning
23:09:26.942 Disk 0 trace - called modules:
23:09:26.973 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85900c08]<<
23:09:26.973 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86198920]
23:09:26.973 Scan finished successfully
23:09:47.113 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
23:09:47.129 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"
"To err is human, but to really foul things up requires a computer." - Farmers' Almanac, 1978

HP Pavilion dv6780se Notebook, Windows 7 Ultimate, protected by AVG Free, mainly used for controlling the zombie population.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 19 May 2011 - 02:33 PM

Okay, nothing to worry about there. Please take a look at the Microsoft forum reply from one of their support team here and see if the recommendations deal with the problem. If not, then we will continue looking for malware.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 21 May 2011 - 08:06 PM

How is that going, Tony72?
Posted Image
m0le is a proud member of UNITE

#8 Tony72

Tony72
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana, U.S.A.
  • Local time:02:20 PM

Posted 22 May 2011 - 12:57 AM

m0le:

Sorry I haven't replied in so long. I believe it worked. I did a system restore (probably should have thought of that sooner. *facepalm*) and then reinstalled everything Google related on my computer. So far so good. No dozens of popups upon startup and when I try to open a program. I'll be ready if it happens again. Thanks for the help.

Tony72
"To err is human, but to really foul things up requires a computer." - Farmers' Almanac, 1978

HP Pavilion dv6780se Notebook, Windows 7 Ultimate, protected by AVG Free, mainly used for controlling the zombie population.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 22 May 2011 - 08:38 AM

No problem at all :)

-----------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users