Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started with Google Redirect and turned out to be a mess


  • This topic is locked This topic is locked
51 replies to this topic

#1 anderkl

anderkl

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 04 July 2011 - 04:10 PM

Hello Again,

Moderators: This is not a duplicate post of mine, so please do not delete it. This is a different laptop and this laptop is the one which kicked off the unusual mess:(

To begin with - I started noticing the google re-directs, so though of removing the noticed spyware by running superantispyware program and it helped a little bit, atleast to run the pc. I had Mcafee antivirus, could not even open it, tried to un-install and was not successful either. So, installed AVAST anti-virus programs, removed some files but still it is in a bad shape.

Now, Joined this forum, read through the guides and following the steps. SO, i started off posting with the dds logs.Appreciate your help.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_13
Run by Pauli at 15:36:55 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1037 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nortel Networks\NvcRpcSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\rundll32.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Pauli\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101020092342.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Google Update] "c:\users\pauli\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\6.3.2348.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.de/s/v/61.18/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://myvpn.cccis.com/CSHELL/extender.cab
DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF}
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://notes-mail02.win.cccis.com/dwa7W.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F1548F88-6D87-4DD5-A6AB-05873F05EFC4} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pauli\appdata\roaming\mozilla\firefox\profiles\h344aar5.standard-benutzer\
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
FF - plugin: c:\users\pauli\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\pauli\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pauli\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-1 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-3 307928]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-12 64304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-3 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-3 42184]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-8-7 331870]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-5-6 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
R2 NvcRpcServer;Nortel CVC Service;c:\program files\nortel networks\NvcRpcSvr.exe [2009-6-16 71176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-6-16 31784]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-17 252416]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-8-7 110160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2151128]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-6-16 148232]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
.
=============== Created Last 30 ================
.
2011-07-04 03:26:45 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 03:26:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 03:25:25 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 02:48:02 -------- d-----w- c:\programdata\AVAST Software
2011-07-04 02:48:02 -------- d-----w- c:\program files\AVAST Software
2011-07-04 02:23:06 -------- d-----w- c:\program files\Perfect Uninstaller
2011-07-03 19:01:34 -------- d-----w- c:\users\pauli\appdata\roaming\SUPERAntiSpyware.com
2011-07-03 19:01:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-03 19:01:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-03 05:44:30 -------- d-sh--w- C:\found.000
2011-07-02 04:13:50 -------- d-----w- c:\users\pauli\appdata\roaming\Malwarebytes
2011-07-02 04:12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 04:12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 15:50:43 0 ---ha-w- c:\users\pauli\appdata\local\BIT6325.tmp
2011-06-17 23:49:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
.
============= FINISH: 15:53:12.20 ===============


Thanks,

Attached Files



BC AdBot (Login to Remove)

 


#2 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 06 July 2011 - 08:30 PM

Can you please take a look at this log, thanks much!

#3 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 08 July 2011 - 08:55 PM

Bump to reset order.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 09 July 2011 - 01:13 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 09 July 2011 - 02:41 PM

Gringo -

Thanks for your time and much appreciated. I started with the first step - Defogger, everything went perfectly smooth. Ran DDS and during the process, I got the blue screen of death - "Beginning Dump of Physical Memory" and the system re-started. After passing through the login screen, I get an error message: " An Unauthorized change was made to Windows", it gives me a text and also the option to close. I closed it but it doesn't go beyond that. After Several re-starts it finally worked and here are the logs you have requested.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_13
Run by Pauli at 14:23:37 on 2011-07-09
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.820 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Pauli\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Program Files\Nortel Networks\NvcRpcSvr.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101020092342.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Google Update] "c:\users\pauli\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\6.3.2348.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.de/s/v/61.18/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://myvpn.cccis.com/CSHELL/extender.cab
DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF}
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://notes-mail02.win.cccis.com/dwa7W.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pauli\appdata\roaming\mozilla\firefox\profiles\h344aar5.standard-benutzer\
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
FF - plugin: c:\users\pauli\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\pauli\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pauli\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-1 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-3 307928]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-12 64304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-3 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-3 42184]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-8-7 331870]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-5-6 88176]
R2 NvcRpcServer;Nortel CVC Service;c:\program files\nortel networks\NvcRpcSvr.exe [2009-6-16 71176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-6-16 31784]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-17 252416]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-8-7 110160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2151128]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-12 271480]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-6-16 148232]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
.
=============== Created Last 30 ================
.
2011-07-04 03:26:45 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 03:26:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 03:25:25 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 02:48:02 -------- d-----w- c:\programdata\AVAST Software
2011-07-04 02:48:02 -------- d-----w- c:\program files\AVAST Software
2011-07-04 02:23:06 -------- d-----w- c:\program files\Perfect Uninstaller
2011-07-03 19:01:34 -------- d-----w- c:\users\pauli\appdata\roaming\SUPERAntiSpyware.com
2011-07-03 19:01:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-03 19:01:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-03 05:44:30 -------- d-sh--w- C:\found.000
2011-07-02 04:13:50 -------- d-----w- c:\users\pauli\appdata\roaming\Malwarebytes
2011-07-02 04:12:40 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 04:12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 15:50:43 0 ---ha-w- c:\users\pauli\appdata\local\BIT6325.tmp
2011-06-17 23:49:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
.
============= FINISH: 14:28:16.88 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/17/2008 8:31:24 PM
System Uptime: 7/9/2011 2:21:43 PM (0 hours ago)
.
Motherboard: Intel Corporation | | SANTA ROSA CRB
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | U2E1 | 1067/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 1.507 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0016
Manufacturer: Microsoft
Name: isatap.{C3011B85-4FD2-4931-B5C7-25E48D08EABD}
PNP Device ID: ROOT\*ISATAP\0016
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4353&SUBSYS_FF101179&REV_14\4&102ADA2&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4353&SUBSYS_FF101179&REV_14\4&102ADA2&0&00E0
Service: yukonwlh
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
C309g-m
CD/DVD Drive Acoustic Silencer
Check Point SSL Network Extender
Convert Image To PDF
Destinations
DeviceDiscovery
dm-Fotowelt
DVD MovieFactory for TOSHIBA
EA Download Manager
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Prem-Web C309n-s All-in-One Driver 14.0 Rel. 6
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ICQ6.5
Intel® Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 12
Java™ 6 Update 13
JonDo
Lexmark 2500 Series
Lexmark Fax-Lösungen
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech QuickCam-Treiberpaket
Logitech Video Enumerator
Logitech® Camera Driver
MarketResearch
Marvell Miniport Driver
McAfee Internet Security
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
MyMicroBalance
Network
Nortel Networks Contivity VPN Client
OpenOffice.org 3.1
Oracle Client 10g Express Edition
Oracle Data Provider for .NET Help
Oracle JInitiator 1.3.1.21
PaperPort Image Printer
PS_AIO_06_C309g-m_SW_Min
PS_AIO_06_C309n-s_SW_Min
Quest Software Toad for Oracle Version 8.5.1
QuickTime
RealPlayer
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
RollerCoaster Tycoon
RollerCoaster Tycoon 3
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Scan
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Shop for HP Supplies
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
SPEEDLINK SL-6825 Snappy Webcam
Spelling Dictionaries Support For Adobe Reader 8
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™ 3
TIPCI
TOEFL Sample Questions
TomTom HOME 2.6.4.1641
TomTom HOME Visual Studio Merge Modules
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Yahoo! Messenger
Zipeg
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 2:22:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:20:40 PM on 7/9/2011 was

unexpected.
7/9/2011 2:14:17 PM, Error: Service Control Manager [7024] - The SL UI Notification Service service terminated

with service-specific error 3221541889 (0xC004D401).
7/9/2011 2:12:55 PM, Error: EventLog [6008] - The previous system shutdown at 2:11:23 PM on 7/9/2011 was

unexpected.
7/9/2011 2:04:00 PM, Error: EventLog [6008] - The previous system shutdown at 2:02:02 PM on 7/9/2011 was

unexpected.
7/9/2011 2:00:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.
7/9/2011 2:00:05 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.
7/9/2011 1:57:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the ShellHWDetection service.
7/4/2011 3:37:01 PM, Error: Service Control Manager [7016] - The BrSplService service has reported an invalid

current state 0.
7/4/2011 3:08:16 PM, Error: bowser [8003] - The master browser has received a server announcement from the

computer BSC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1548F88-

6D87-4DD5-A6AB-05873F0. The master browser is stopping or an election is being forced.
7/4/2011 2:19:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)

failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC mfenlfk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr

ssmdrv StarOpen Tcpip tdx Wanarpv6
7/4/2011 2:18:48 PM, Error: EventLog [6008] - The previous system shutdown at 2:16:10 PM on 7/4/2011 was

unexpected.
7/4/2011 2:15:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/4/2011 2:07:59 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a

page file on the boot partition and that is large enough to contain all physical memory.
7/3/2011 9:48:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/3/2011 8:59:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-

FD5329BA477C}
7/3/2011 8:33:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
7/3/2011 7:34:32 PM, Error: EventLog [6008] - The previous system shutdown at 7:02:48 PM on 7/3/2011 was

unexpected.
7/3/2011 2:35:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)

failed to load: AFD DfsC mfenlfk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv

StarOpen Tcpip tdx Wanarpv6
7/3/2011 12:55:15 AM, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the

Application channel and some data was erased.
7/3/2011 12:54:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:42 PM on 7/2/2011 was

unexpected.
7/3/2011 11:11:42 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address

from the network (by the DHCP Server) for the Network Card with network address 541EF5DC0214. The following error

occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on

its own from the network address (DHCP) server.
7/3/2011 10:18:05 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on

starting.
7/3/2011 10:14:29 PM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated

unexpectedly. It has done this 3 time(s).
7/3/2011 10:14:15 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated

unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.
7/3/2011 10:13:19 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.
7/3/2011 1:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/3/2011 1:23:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/3/2011 1:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/3/2011 1:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/3/2011 1:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/3/2011 1:23:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/3/2011 1:22:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/3/2011 1:21:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)

failed to load: AFD DfsC mfenlfk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv StarOpen Tcpip tdx

Wanarpv6
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends

on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device

attached to the system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client

Redirector Driver service which failed to start because of the following error: The dependency service or group

failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on

the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the

system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the

Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device

attached to the system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service

depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A

device attached to the system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The

dependency service or group failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The

dependency service or group failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends

on the NSI proxy service service which failed to start because of the following error: A device attached to the

system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on

the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the

system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the

Network Location Awareness service which failed to start because of the following error: The dependency service

or group failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy

TDI Support Driver service which failed to start because of the following error: A device attached to the system

is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary

Function Driver for Winsock service which failed to start because of the following error: A device attached to

the system is not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server

service which failed to start because of the following error: The dependency service or group failed to start.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP

Protocol Driver service which failed to start because of the following error: A device attached to the system is

not functioning.
7/3/2011 1:21:55 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the

TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the

system is not functioning.
7/3/2011 1:21:43 PM, Error: EventLog [6008] - The previous system shutdown at 12:52:13 PM on 7/3/2011 was

unexpected.
7/2/2011 12:43:43 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
7/2/2011 11:38:40 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the

following service: MfeFire. This service might not be installed.
7/2/2011 11:34:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

waiting for the McAfee Services service to connect.
7/2/2011 11:34:50 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to

the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2011 11:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start

the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
7/2/2011 11:31:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while

waiting for the lxddCATSCustConnectService service to connect.
7/2/2011 11:31:49 PM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the

following service: MfeFire. This service might not be installed.
7/2/2011 11:31:49 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service

depends the following service: MfeFire. This service might not be installed.
7/2/2011 11:31:49 PM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the

following service: MfeFire. This service might not be installed.
7/2/2011 11:31:49 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start

due to the following error: The service cannot be started, either because it is disabled or because it has no

enabled devices associated with it.
7/2/2011 11:31:49 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to

start due to the following error: The service did not respond to the start or control request in a timely

fashion.
7/2/2011 11:30:55 PM, Error: EventLog [6008] - The previous system shutdown at 2:17:20 PM on 7/2/2011 was

unexpected.
.
==== End Of File ===========================

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8D3C9000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6516736 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82400000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x82400000 PnpManager 3805184 bytes
0x82400000 RAW 3805184 bytes
0x82400000 WMIxWDM 3805184 bytes
0x94A00000 Win32k 2097152 bytes
0x94A00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8DA51000 C:\Windows\system32\drivers\RTKVHDA.sys 1765376 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8DCE4000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x82894000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x80603000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xB4F22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E32B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8D32C000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xAAD72000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x8DC74000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8282A000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xADA4D000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8026B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB0C55000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x82B7F000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x8E266000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8077E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DE29000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8E5BA000 C:\Windows\system32\DRIVERS\RTL8187B.sys 286720 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D233000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C0A8000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021F000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E2F0000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB0CDC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8299C000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA68C2000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x82BCA000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x827A1000 ACPI_HAL 212992 bytes
0x827A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8CCFC000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8DC42000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x80726000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CCBF000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8D2CF000 C:\Windows\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8D273000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x829D5000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xAAD07000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C6AC000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x807C8000 C:\Windows\system32\DRIVERS\pcmcia.sys 172032 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA6C95000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8CC9A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82B4B000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8043C000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB0CA6000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C7DD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C78D000 C:\Windows\system32\DRIVERS\ipsecw2k.sys 139264 bytes (Nortel Networks NA, Inc., Contivity VPN Client Adapter)
0x82B19000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8CC39000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB0D33000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x80760000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xB0D15000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA68FA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xADB25000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x8C7AF000 C:\Windows\system32\DRIVERS\vna.sys 110592 bytes (Check Point Software Technologies, -)
0xB0DA7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8CC00000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D2AC000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DC18000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8D211000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB1007000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DA12000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8DA3C000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xB11EB000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xB0D53000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DA28000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D307000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C7CA000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAACF4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DC2F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D31A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xB0CCA000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xA6C44000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA6CE2000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82B3A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x80716000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x88A18000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80410000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x88A98000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x80707000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x8E45B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82B70000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8280E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x88B6C000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C766000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8042D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xA5E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x88E03000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8DE70000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8DE7E000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D29E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C09A000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8CD64000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CD30000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8C775000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C003000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80212000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8C600000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8DF50000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D2FC000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D2C4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C782000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D206000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DFC9000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D228000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88E11000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C0E5000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C616000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x80420000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8C63E000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88E1C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C652000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C620000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8C698000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C727000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x82805000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C730000 C:\Windows\System32\Drivers\dump_msahci.sys 36864 bytes
0x8C6DF000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x80757000 C:\Windows\system32\drivers\msahci.sys 36864 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x80262000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C6E8000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA5E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C07B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80209000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80401000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8025A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88F20000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x80201000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88EC7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88E4F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8281D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C1E4000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8C1BA000 C:\Windows\system32\DRIVERS\eacfilt.sys 28672 bytes (Nortel Networks, NDIS Filter Intermediate Driver)
0x80409000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8C1B3000 C:\Users\Pauli\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C1DD000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8C184000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8C178000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8C172000 C:\Windows\System32\Drivers\StarOpen.SYS 24576 bytes
0x8C033000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8C02E000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x82825000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8C10C000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8C0F4000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x88EF4000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8042A000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x85FCF000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x88F34000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x88FAD000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 09 July 2011 - 02:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 09 July 2011 - 04:47 PM

Gringo -

When I was running the combofix, after a while, the blue screen appeared and it has re-started the laptop. After entering the password at the login screen, it throws me an error - "An unauthorized change was made to windows", I closed the window, it says logging off.....and then the process repeats. Any help is appreciated.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 09 July 2011 - 09:15 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 09 July 2011 - 10:06 PM

Here is the report!!!

Sat Jul 9 21:53:57 UTC 2011
Driver report for /mnt/sda2/Qoobox/Quarantine/C/Windows/system32/Drivers

Driver report for /mnt/sda2/Windows/System32/drivers
306521935042fc0a6988d528643619b3 StarOpen.sys has NO Company Name!
103435e46af2af92253bf674b598934d taishop.sys has NO Company Name!

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

84fc6df81212d16be5c4f441682feccc acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

5d24caf8efd924a875698ff28384db8b afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

ce91b158fa490cf4c4d487a4130f4660 AGRSM.sys
Agere Systems

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

0ca0071da4315b00fc1328ca86b425da amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

7f08d9c504b015d81a8abd75c80028c5 aswFsBlk.sys
tH`%@@VS_VERSION_INFOe?baStringFileInfo|B>CompanyNameAVASTSoftware|*FileDescriptionavast!FileSystemAccessBlockingDrivervFileVersion...:rInternalNameaswFsBlk.sysr'LegalCopyrightCopyright©-AVASTSoftwareBrOriginalFilenameaswFsBlk.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$Translationt

9bdc8e9ce17b773f69d2c6696c768c4f aswMonFlt.sys
tH``XXVS_VERSION_INFOe?baStringFileInfoB>CompanyNameAVASTSoftwareFileDescriptionavast!FileSystemMinifilterforWindows/VistavFileVersion...<InternalNameaswMonFlt.sysr'LegalCopyrightCopyright©-AVASTSoftwareDOriginalFilenameaswMonFlt.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$Translationt*

ac48bdd4cd5d44af33087c06d6e9511c aswRdr.sys
tHVS_VERSION_INFOe?bStringFileInfolB>CompanyNameAVASTSoftwareTFileDescriptionavast!TDIRDRDriverXFileVersion...builtby:WinDDKvInternalNameaswRdr.sysr'LegalCopyrightCopyright©-AVASTSoftware>vOriginalFilenameaswRdr.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$Translationt

b64134316fcd1f20e0f10ef3e65bd522 aswSnx.sys
tH``VS_VERSION_INFOe?baStringFileInfoB>CompanyNameAVASTSoftwarebFileDescriptionavast!VirtualizationDrivervFileVersion...vInternalNameaswSnx.sysr'LegalCopyrightCopyright©-AVASTSoftware>vOriginalFilenameaswSnx.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$Translationt

d6788e3211afa9951ed7a4d617f68a4f aswSP.sys
tHWVS_VERSION_INFOe?baxStringFileInfoTB>CompanyNameAVASTSoftwaredFileDescriptionavast!selfprotectionmodulevFileVersion...nInternalNameaswSP.sysr'LegalCopyrightCopyright©-AVASTSoftware<nOriginalFilenameaswSP.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$TranslationtZgy

4d100c45517809439c7b6dd98997fa00 aswTdi.sys
tHVS_VERSION_INFOe?bStringFileInfotB>CompanyNameAVASTSoftwareZFileDescriptionavast!TDIFilterDriverXFileVersion...builtby:WinDDKvInternalNameaswTdi.sysr'LegalCopyrightCopyright©-AVASTSoftware>vOriginalFilenameaswTdi.sysPProductNameavast!AntivirusSystem,ProductVersion.DVarFileInfo$Translationt*

e86cf7ce67d5de898f27ef884dc357d8 asyncmac.sys
Microsoft Corporation

b35cfcef838382ab6490b321c87edf17 atapi.sys
Microsoft Corporation

a928bbca9235ac328953b34ca0c1f5a0 ataport.sys
Microsoft Corporation

c8739c95cf801c8bc35735e012230770 battc.sys
Microsoft Corporation

7e1a145a316da06d339df644dee86c4c bdasup.sys
Microsoft Corporation

ac3dd1708b22761ebd7cbe14dcc3b5d7 beep.sys
Microsoft Corporation

913cd06fbe9105ce6077e90fd4418561 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

2ac8f5b88771c31c4211a11be6bffe14 bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

6c3a437fc873c6f6a4fc620b6888cb86 cdfs.sys
Microsoft Corporation

8d1866e61af096ae8b582454f5e4d303 cdrom.sys
Microsoft Corporation

da8e0afc7baa226c538ef53ac2f90897 circlass.sys
Microsoft Corporation

d1d2b10698d97df0fc95bc8c108f09c1 Classpnp.sys
Microsoft Corporation

ed97ad3df1b9005989eaf149bf06c821 CmBatt.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

722936afb75a7f509662b69b5632f48a compbatt.sys
Microsoft Corporation

3596cb9ea8a12e6e858107912973ebfb crashdmp.sys
Microsoft Corporation

2a213ae086bbec5e937553c7d9a2b22c crcdisk.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

a7179de59ae269ab70345527894ccd7c dfsc.sys
Microsoft Corporation

f2e3834562c0b1b577ab4b5c405e6c5b Diskdump.sys
Microsoft Corporation

841af4c4d41d3e3b2f244e976b0f7963 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

ee472cd2c01f6f8e8aa1fa06ffef61b6 drmkaud.sys
Microsoft Corporation

1660613337e5ebe07b4dd78c1a55c5c0 drmk.sys
Microsoft Corporation

5d975cd05fc673794501e3ce37aea6e0 Dumpata.sys
Microsoft Corporation

a253aa14ca560a4b8ba6e9d1f78ef10e dxapi.sys
Microsoft Corporation

334988883de69adb27e2cf9f9715bbdb dxgkrnl.sys
Microsoft Corporation

61d4d58d09357f0598a04d1192a4b76c dxg.sys
Microsoft Corporation

f88fb26547fd2ce6d0a5af2985892c48 E1G60I32.sys
Intel Corporation

47d1b4dc8da75742f023ae21e0d057a2 eacfilt.sys
ttZWVS_VERSION_INFOaa?StringFileInfobComments@CompanyNameNortelNetworkshFileDescriptionNDISFilterIntermediateDriverbFileVersion,,,bInternalNameEACFILT.SYS`LegalCopyrightCopyright©NortelNetworks(LegalTrademarks@bOriginalFilenameEACFILT.SYSPrivateBuildLProductNameFilterDriverforCVC<bProductVersion,,,SpecialBuildDVarFileInfo$Translationt@@a@b@h

0efc7531b936ee57fdb4e837664c509f ecache.sys
Microsoft Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

84a317cb0b3954d3768cdcd018dbf670 fastfat.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

65773d6115c037ffd7ef8280ae85eb9d fileinfo.sys
Microsoft Corporation

c226dd0de060745f3e042f58dcf78402 filetrace.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

a6a8da7ae4d53394ab22ac3ab6d3f5d3 fltMgr.sys
Microsoft Corporation

66a078591208baa210c7634b11eb392c fs_rec.sys
Microsoft Corporation

cbc22823628544735625b280665e434e FwLnk.sys
Toshiba Corporation

e216cf8c8605e546981098484b78d08b FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

0db613a7e427b5663563677796fd5258 hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

a12d2195fe89d70bf5e712046d272496 hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

1eb4b94fde655628f09423574b2aeb81 hidparse.sys
Microsoft Corporation

01e7971e9f4bd6ac6a08db52d0ea0418 hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

ea24fe637d974a8a31bc650f478e3533 http.sys
Microsoft Corporation

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

1c9ee072baa3abb460b91d7ee9152660 i8042prt.sys
Microsoft Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

038815297078d236d8cc064c295a74c6 igdkmd32.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

988981c840084f480ba9e3319cebde1b intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

880c6f86cc3f551b8fea2c11141268c0 ipfltdrv.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

10077c35845101548037df04fd1a420b ipnat.sys
Microsoft Corporation

c8f7d3fe794f5f681d3316fa0958d5e4 ipsecw2k.sys
tHTTVS_VERSION_INFOaa?StringFileInfoBRCompanyNameNortelNetworksNA,Inc.bFileDescriptionContivityVPNClientAdapterbFileVersion,,,:rInternalNameIPSECWK.SYS.LegalCopyrightCopyright-NortelNetworksNA,Inc.BrOriginalFilenameIPSECWK.SYSJProductNameContivityVPNClient<bProductVersion,,,DVarFileInfo$Translationt

f11a90fb3f44f37ad10a4893bb690065 irda.sys
Microsoft Corporation

a82f328f4792304184642d6d397bb1e3 irenum.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

b076b2ab806b3f696dab21375389101c kbdclass.sys
Microsoft Corporation

d2600cb17b7408b4a83f231dc9a11ac3 kbdhid.sys
Microsoft Corporation

5e61fc7e1e7274c8bdc86b76507c8181 KOBKNUSB.sys
tHVS_VERSION_INFOnabnab?bLStringFileInfo(bCommentsPCSCDriverforUSBSerialConverterandUSBTWIN/Kaan<CompanyNameKOBILSystems<FileDescriptionPCSCUSBDeviceDriverforUSBConverterK+KaanX/USBTwin@FileVersion,,,:rInternalNamekobknusb.sys`LegalCopyright©KOBILSystems-(LegalTrademarksBrOriginalFilenamekobknusb.sysBPrivateBuildPCSCDriverforUSBConverterserialKOBILKaanReaders,USBTWINZProductNameKOBILPCSCUSBDeviceDriverDProductVersion,,,SpecialBuildDVarFileInfo$Translationt

e8ca038f51f7761bd6e3a3b0b8014263 KR10I.sys
HIVS_VERSION_INFOara?a"StringFileInfobHCompanyNameTOSHIBACORPORATIONPFileDescriptionTOSHIBARAIDDrivernFileVersion..t(LegalCopyrightCOPYRIGHT-TOSHIBACORPORATION<nOriginalFilenameKRI.sys:rProductNameTOSHIBARAID.ProductVersion.DVarFileInfo$Translationt*

6a4adb9186dd0e114e623daf57e42b31 KR10N.sys
H)VS_VERSION_INFOara?a"StringFileInfobHCompanyNameTOSHIBACORPORATIONPFileDescriptionTOSHIBARAIDDrivernFileVersion..t(LegalCopyrightCOPYRIGHT-TOSHIBACORPORATION<nOriginalFilenameKRN.sys:rProductNameTOSHIBARAID.ProductVersion.DVarFileInfo$Translationt*

485e005cd51ff502fb16483eb4b69c17 kr3npxp.sys
H?aVS_VERSION_INFOH?a.StringFileInfonbHCompanyNameTOSHIBACORPORATIONPFileDescriptionTOSHIBARAIDDrivernFileVersion..z+LegalCopyrightCOPYRIGHT©-TOSHIBACORPORATION@bOriginalFilenamekrnpxp.sys:rProductNameTOSHIBARAID.ProductVersion.DVarFileInfo$Translationt

0a829977b078dea11641fc2af87ceade ksecdd.sys
Microsoft Corporation

05932874c6349f4e49e4f8968874c65c ks.sys
Microsoft Corporation

b7c19ec8b0dd7efa58ad41ffeb8b8cda Lbd.sys
Lavasoft

fd015b4f95daa2b712f0e372a116fbad lltdio.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

42885bb44b6e065b8575a8dd6c430c52 luafv.sys
Microsoft Corporation

cebefeae6156f4fee41f56be89ea9c96 LV302AV.SYS
Logitech

8113133ec42dd6c566908008ce913edd Lvckap.sys
Logitech

0dd5b8af4917a2821047450195c511b3 LVMVdrv.sys
Logitech

e1158b0cb852db0573922c92e6e564de lvpopflt.sys
Logitech

406b1d186f75b4b4832d6237859e1b00 LVPr2Mon.sys
Logitech

93418cd2c3b544847c3cdf7db66f1921 LVSVF2.sys
Logitech

be5e104be263921d6842c555db6a5c23 LVUSBSta.sys
Logitech

eacd1eb2d82ed2adc753afeee1d4d660 lvuvc.sys
Logitech

0447888a6feb655068bd1696d1c16a5b mcd.sys
Microsoft Corporation

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

e920bfd5837aed4aef903cf1c7d3949e mfenlfk.sys
McAfee

21755967298a46fb6adfec9db6012211 modem.sys
Microsoft Corporation

7446e104a5fe5987ca9e4983fbac4f97 monitor.sys
Microsoft Corporation

5fba13c1a1841b0885d316ed3589489d mouclass.sys
Microsoft Corporation

b569b5c5d3bde545df3a6af512cccdba mouhid.sys
Microsoft Corporation

01f1e5a3e4877c931cbb31613fec16a6 mountmgr.sys
Microsoft Corporation

583a41f26278d9e0ea548163d6139397 mpio.sys
Microsoft Corporation

6e7a7f0c1193ee5648443fe2d4b789ec mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

1d8828b98ee309d65e006f0829e280e5 mrxdav.sys
Microsoft Corporation

47e13ab23371be3279eef22bbfa2c1be mrxsmb10.sys
Microsoft Corporation

90b3fc7bd6b3d7ee7635debba2187f66 mrxsmb20.sys
Microsoft Corporation

8af705ce1bb907932157fab821170f27 mrxsmb.sys
Microsoft Corporation

b2efb263600314babcf9dadb1cbba994 msahci.sys
Microsoft Corporation

3fc82a2ae4cc149165a94699183d3028 msdsm.sys
Microsoft Corporation

729eafefd4e7417165f353a18dbe947d msfs.sys
Microsoft Corporation

5f454a16a5146cd91a176d70f0cfa3ec msisadrv.sys
Microsoft Corporation

4dca456d4d5723f8fa9c6760d240b0df msiscsi.sys
Microsoft Corporation

892cedefa7e0ffe7be8da651b651d047 mskssrv.sys
Microsoft Corporation

ae2cb1da69b2676b4cee2a501af5871c mspclock.sys
Microsoft Corporation

f910da84fa90c44a3addb7cd874463fd mspqm.sys
Microsoft Corporation

84571c0ae07647ba38d493f5f0015df7 msrpc.sys
Microsoft Corporation

4385c80ede885e25492d408cad91bd6f mssmbios.sys
Microsoft Corporation

c826dd1373f38afd9ca46ec3c436a14e mstee.sys
Microsoft Corporation

fa7aa70050cf5e2d15de00941e5665e5 mup.sys
Microsoft Corporation

fffe00134c554e113ee186eeddb0ff30 ndis.sys
Microsoft Corporation

81659cdcbd0f9a9e07e6878ad8c78d3f ndistapi.sys
Microsoft Corporation

5de5ee546bf40838ebe0e01cb629df64 ndisuio.sys
Microsoft Corporation

397402adcbb8946223a1950101f6cd94 ndiswan.sys
Microsoft Corporation

1b24fa907af283199a81b3bb37e5e526 ndproxy.sys
Microsoft Corporation

356dbb9f98e8dc1028dd3092fceeb877 netbios.sys
Microsoft Corporation

e3a168912e7eefc3bd3b814720d68b41 netbt.sys
Microsoft Corporation

325d94481d81b7e909681de1f6a10cd7 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

4f9832beb9fafd8ceb0e541f1323b26e npfs.sys
Microsoft Corporation

b488dfec274de1fc9d653870ef2587be nsiproxy.sys
Microsoft Corporation

37430aa7a66d7a63407adc2c0d05e9f6 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

ec5efb3c60f1b624648344a328bce596 null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

6da4a0fc7c0e83df0cb3cfd0a514c3bc nwifi.sys
Microsoft Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

81a0921e2a3fdcf840e43af64bf96ea2 PAC7302.SYS
HVS_VERSION_INFO?@StringFileInfobHCompanyNamePixArtImagingInc.bFileDescriptionPACbFileVersion,,,bInternalNamePACFLegalCopyrightCopyrightc@bOriginalFilenamePAC.SYSXProductNamePixArtImagingInc.PAC<bProductVersion,,,DVarFileInfo$Translation

2c8bae55247c4e09352e870292e4d1ab pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

555a5b2c8022983bc7467bc925b222ee partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

3b1901e401473e03eb8c874271e50c26 pciide.sys
Microsoft Corporation

406d01679063768e1a033b6afe2551b3 pciidex.sys
Microsoft Corporation

1085d75657807e0e8b32f9e19a1647c3 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

9a23e21eca1246950e440e158de50750 portcls.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

d2b3e2b7426dc23e185fbc73c8936c12 qwavedrv.sys
Microsoft Corporation

bd7b30f55b3649506dd8b3d38f571d2a rasacd.sys
Microsoft Corporation

68b0019fee429ec49d29017af937e482 rasl2tp.sys
Microsoft Corporation

ccf4e9c6cbbac81437f88cb2ae0b6c96 raspppoe.sys
Microsoft Corporation

c04dec5ace67c5247b150c4223970bb7 raspptp.sys
Microsoft Corporation

54129c5d9581bbec8bd1ebd3ba813f47 rdbss.sys
Microsoft Corporation

794585276b5d7fca9f3fc15543f9f0b9 RDPCDD.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

980b56e2e273e19d3a9d72d5c420f008 RDPENCDD.sys
Microsoft Corporation

8830e790a74a96605faba74f9665bb3c rdpwd.sys
Microsoft Corporation

8804bcb4383859f66ffd51f049a1d744 rmcast.sys
Microsoft Corporation

09de72fcfc9c7ff59d6da1d5ae70a48f RNDISMP.sys
Microsoft Corporation

d49d61312b273de069584d48c81c8b1d rootmdm.sys
Microsoft Corporation

97e939d2128fec5d5a3e6e79b290a2f4 rspndr.sys
Microsoft Corporation

b84732d9f8459abf6323d28a3270dc19 RTKVHDA.sys
Realtek Semiconductor

67e7822975985016fdce01635fbdbbf9 rtl8187B.sys
Realtek Semiconductor

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

c1ae5d1f53285d79a0b73a62af20734f SBREDrv.sys
m?nStringFileInfoeBCompanyNameSunbeltSoftwarePFileDescriptionAnti-RootkitEnginetFileVersion..tInternalNameSBRE.sys=LegalCopyrightCopyright-SunbeltSoftware.Allrightsreserved.LegalTrademarksSUNBELTSOFTWAREandthe"S"logoareregisteredtrademarksofSunbeltSoftware.CounterSpySDKisatrademarkofSunbeltSoftware.:tOriginalFilenameSBRE.sysvProductNameCounterSpytProductVersion..VProductBuildDate//::AMDVarFileInfo$TranslationtPADDINGXXPAD

f5dbd29fbdb39bf49af7bb81a4d9561d scsiport.sys
Microsoft Corporation

bcca63a3d143938273a3158757389dc7 sdbus.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

450accd77ec5cea720c1cdb9e26b953b sermouse.sys
Microsoft Corporation

7a95b5deb594616f1693486b8161411e serscan.sys
Microsoft Corporation

103b79418da647736ee95645f305f68a sffdisk.sys
Microsoft Corporation

8fd08a310645fe872eeec6e08c6bf3ee sffp_mmc.sys
Microsoft Corporation

9cfa05fcfcb7124e69cfc812b72f9614 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

ac0d90738adb51a6fd12ff00874a2162 smb.sys
Microsoft Corporation

4e7bb783f21efba4b563f1b8f79e5c98 smclib.sys
Microsoft Corporation

426f9b029aa9162ceccf65369457d046 spldr.sys
Microsoft Corporation

297ed36343de583013757975af58da84 spsys.sys
Microsoft Corporation

6971a757af8cb5e2cbcbb76cc530db6c srv2.sys
Microsoft Corporation

9e1a4603b874eebce0298113951abefb srvnet.sys
Microsoft Corporation

038579c35f7cad4a4bbf735dbf83277d srv.sys
Microsoft Corporation

d6870895fe46a464a19141440eb6cc1e sscdbus.sys
MCCI SAMSUNG

38ba174e60fda4219efc917d514c2e28 sscdcmnt.sys
MCCI SAMSUNG

38ba174e60fda4219efc917d514c2e28 sscdcm.sys
MCCI SAMSUNG

0fe167362e4689b716cdc8d93adedda8 sscdmdfl.sys
MCCI SAMSUNG

55a15707e32b6709242ad127e62ca55a sscdmdm.sys
MCCI SAMSUNG

f85b5ba4753c3e6b2b5bfca410a458a4 sscdwhnt.sys
MCCI SAMSUNG

f85b5ba4753c3e6b2b5bfca410a458a4 sscdwh.sys
MCCI SAMSUNG

3d2829fde1c52fc64da5413889ce4dee ssmdrv.sys
Avira Gmb

306521935042fc0a6988d528643619b3 StarOpen.sys

ed386e31d263448b2ed36d4839f2ca04 Storport.sys
Microsoft Corporation

c13b3688451d86e8557ba9486ddbb2d1 stream.sys
Microsoft Corporation

1379bdb336f8158c176a465e30759f57 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

11f730bf0d0aa4fe7de7138a32a52422 SynTP.sys
Synaptics

103435e46af2af92253bf674b598934d taishop.sys

c92e9f3e4154415ceebeb80250e32d19 tape.sys
Microsoft Corporation

5ce0c4a7b12d0067dad527d72b68c726 tcpipreg.sys
Microsoft Corporation

4a82fa8f0df67aa354580c3faaf8bde3 tcpip.sys
Microsoft Corporation

1825bceb47bf41c5a9f0e44de82fc27a tdcmdpst.sys
Toshiba Corporation

bbe07d2766fb165bdf1f49107dabce85 tdi.sys
Microsoft Corporation

964248aef49c31fa6a93201a73ffaf50 tdpipe.sys
Microsoft Corporation

7d2c1ae1648a60fce4aa0f7982e419d3 tdtcp.sys
Microsoft Corporation

ab4fde8af4a0270a46a001c08cbce1c2 tdx.sys
Microsoft Corporation

2c549bd9dd091fbfaa0a2a48e82ec2fb termdd.sys
Microsoft Corporation

e4c85c291ddb3dc5e4a2f227ca465ba6 tifm21.sys
Texas Instruments

1ea5f27c29405bf49799feca77186da9 tos_sps32.sys
Toshiba Corporation

29f0eca726f0d51f7e048bdb0b372f29 tssecsrv.sys
Microsoft Corporation

65e953bc0084d44498b51f59784d2a82 TUNMP.SYS
Microsoft Corporation

4a39bda5e0fd30bdf4884f9d33ae6105 tunnel.sys
Microsoft Corporation

521c5f39829875adf5466dd94c6282c7 TVALZ_O.SYS
Toshiba Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

6348da98707ceda8a0dfb05820e17732 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

3fb78f1d1dd86d87bececd9dffa24dd9 umbus.sys
Microsoft Corporation

08ea9c0247f391af4d4a16885a1c159d umpass.sys
Microsoft Corporation

b930b3e1f15824cee12b5838ed8ee40b usb8023.sys
Microsoft Corporation

e8c1b9ebac65288e1b51e8a987d98af6 usbaapl.sys
Apple

f6bf998ae33e3fb6c7d27f0560f1173f USBAUDIO.sys
Microsoft Corporation

d2f0639163b12f791f81b52dc1155863 USBCAMD2.sys
Microsoft Corporation

391e74f5c8c5b3c41c360b71798e2801 USBCAMD.sys
Microsoft Corporation

51480458e6e9863f856ebf35aae801b4 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

278f3d126c2baffa66df732fc52e9b1d usbd.sys
Microsoft Corporation

11fa3acbf0de0286829c69e01fe705e4 usbehci.sys
Microsoft Corporation

6a7858a38b5105731e219e7c6a238730 usbhub.sys
Microsoft Corporation

38dbc7dd6cc5a72011f187425384388b usbohci.sys
Microsoft Corporation

70084149cb7a072fd1d53677c91a16b8 usbport.sys
Microsoft Corporation

b51e52acf758be00ef3a58ea452fe360 usbprint.sys
Microsoft Corporation

b1f95285c08ddfe00c0b955462637ec7 usbscan.sys
Microsoft Corporation

7887ce56934e7f104e98c975f47353c5 USBSTOR.SYS
Microsoft Corporation

4013315fed70a2d293b998cbba4022ee usbuhci.sys
Microsoft Corporation

0a6b81f01bc86399482e27e6fda7b33b usbvideo.sys
Microsoft Corporation

7d92be0028ecdedec74617009084b5ef vgapnp.sys
Microsoft Corporation

17a8f877314e4067f8c8172cc6d9101c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

d1fa901e4878b7011fe8a8c2890e90c7 videoprt.sys
Microsoft Corporation

6588080a0872c772df85689df18cfe42 vna.sys
nVS_VERSION_INFOFbn?StringFileInfobCommentsd"CompanyNameCheckPointSoftwareTechnologies(FileDescription:rFileVersion,,,(InternalNamevnaLegalCopyrightCopyrightCheckPointSoftwareTechnologiesLtd(LegalTrademarks(OriginalFilenamePrivateBuild(ProductNamevna,ProductVersion.SpecialBuildDVarFileInfo$Translationt"*

103e84c95832d0ed93507997cc7b54e8 volmgr.sys
Microsoft Corporation

294da8d3f965f6a8db934a83c7b461ff volmgrx.sys
Microsoft Corporation

80dc0c9bcb579ed9815001a4d37cbfd5 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

6798c1209a53b5a0ded8d437c45145ff wanarp.sys
Microsoft Corporation

3a1f38a6fb749fc7a57a2826f6f8fb01 watchdog.sys
Microsoft Corporation

7b5f66e4a2219c7d9daf9e738480e534 Wdf01000.sys
Microsoft Corporation

7bfdaa4b0b327d13c0ff60d00cf4f113 WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

701a9f884a294327e9141d73746ee279 wmiacpi.sys
Microsoft Corporation

20b05e362bb678cf51d610673c9a12e7 wmilib.sys
Microsoft Corporation

2d27171b16a577ef14c1273668753485 WpdUsb.sys
Microsoft Corporation

84620aecdcfd2a7a14e6263927d8c0ed ws2ifsl.sys
Microsoft Corporation

3d80328aa84d9fe130d869cf83923d74 WUDFPf.sys
Microsoft Corporation

a2aafcc8a204736296d937c7c545b53f WUDFRd.sys
Microsoft Corporation

1dd951cf8a69fa2bea82f3e3a811fa95 yk60x86.sys
Marvell

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 10 July 2011 - 08:39 AM

  • Boot the computer with the USB drive again.
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    explorer.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    wininit.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    winlogon.exe

  • Press Enter
  • After the search is completed type Exit
  • After it has finished a report will be located in the USB drive as filefind.txt
  • Please post it for my review

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 10 July 2011 - 10:03 AM

A file with name filefind was created in the usb drive and here it is for your review.

Search results for explorer.exe

37440d09deae0b672a04dccf7abf06be /mnt/sda2/Windows/explorer.exe
2.8M Oct 29 2008

fd8c53fb002217f6f888bcf6f5d7084d /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb/explorer.exe
2.8M Nov 2 2006

6d06cd98d954fe87fb2db8108793b399 /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a/explorer.exe
2.8M Aug 27 2007

37440d09deae0b672a04dccf7abf06be /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3/explorer.exe
2.8M Oct 29 2008

bd06f0bf753bc704b653c3a50f89d362 /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf/explorer.exe
2.8M Aug 27 2007

e7156b0b74762d9de0e66bdcde06e5fb /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b/explorer.exe
2.8M Oct 28 2008

4f554999d7d5f05daaebba7b5ba1089d /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8/explorer.exe
2.8M Oct 29 2008

50ba5850147410cde89c523ad3bc606e /mnt/sda2/Windows/winsxs/x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1/explorer.exe
2.8M Oct 30 2008


Search results for wininit.exe

d4385b03e8cccee6f0ee249f827c1f3e /mnt/sda2/Windows/System32/wininit.exe
93.5K Nov 2 2006

d4385b03e8cccee6f0ee249f827c1f3e /mnt/sda2/Windows/winsxs/x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce/wininit.exe
93.5K Nov 2 2006


Search results for winlogon.exe

9f75392b9128a91abafb044ea350baad /mnt/sda2/Windows/System32/winlogon.exe
301.0K Nov 2 2006

9f75392b9128a91abafb044ea350baad /mnt/sda2/Windows/winsxs/x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21/winlogon.exe
301.0K Nov 2 2006

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 11 July 2011 - 08:13 AM

can you boot into safe mode?


Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 11 July 2011 - 10:24 PM

Gringo -

I'm out of town and i'll perform the test and post the report on thursday. I've a question - If i can boot the latop in safe mode, should i run the combofix and post the log for you? So far, how does the logs look like, anything really bad?

Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:10 PM

Posted 12 July 2011 - 11:56 AM

yes if you can boot into safe mode do run combofix again


I don't see anything bad that should have you recieve that error


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 anderkl

anderkl
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 14 July 2011 - 09:24 PM

Gringo -

I was able to start the laptop in the safe mode with no issues, however, I received this message

current date is 2011-07-014. combofix has expired.
click "yes" to run in reduced functionality mode.
click "no" to exit.

I did continue to run it and here is the log file it has generated!!!

ComboFix 11-07-09.02 - Pauli 07/14/2011 20:49:48.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1530 [GMT -5:00]
Running from: c:\users\Pauli\Desktop\ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-15 01:54 . 2011-07-15 01:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-15 01:54 . 2011-07-15 01:56 -------- d-----w- c:\users\Pauli\AppData\Local\temp
2011-07-15 01:54 . 2011-07-15 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-15 01:46 . 2011-07-15 01:47 -------- d-----w- C:\32788R22FWJFW
2011-07-04 03:27 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-04 03:26 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 03:26 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 03:26 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 03:26 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 03:26 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 03:25 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 03:25 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 02:48 . 2011-07-04 02:48 -------- d-----w- c:\programdata\AVAST Software
2011-07-04 02:48 . 2011-07-04 02:48 -------- d-----w- c:\program files\AVAST Software
2011-07-04 02:23 . 2011-07-04 02:23 -------- d-----w- c:\program files\Perfect Uninstaller
2011-07-03 19:01 . 2011-07-03 19:01 -------- d-----w- c:\users\Pauli\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 19:01 . 2011-07-03 19:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-03 19:01 . 2011-07-03 19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-03 05:44 . 2011-07-03 05:44 -------- d-----w- C:\found.000
2011-07-02 04:13 . 2011-07-02 04:13 -------- d-----w- c:\users\Pauli\AppData\Roaming\Malwarebytes
2011-07-02 04:12 . 2011-07-02 04:12 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 04:12 . 2011-07-02 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 15:50 . 2011-06-28 15:50 0 ---ha-w- c:\users\Pauli\AppData\Local\BIT6325.tmp
2011-06-17 23:49 . 2011-06-17 23:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:03 . 2011-05-20 12:03 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-24 19:57 . 2010-10-13 03:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-14 00:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-11 1193848]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardManagementTool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CardManagementTool.lnk
backup=c:\windows\pss\CardManagementTool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Pauli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Pauli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-23 00:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1040749826]
2007-03-19 20:59 65603 ----a-w- c:\program files\Toshiba Registration\Registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-18 21:59 133104 ----atw- c:\users\Pauli\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-20 19:07 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-20 19:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 19:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-09-11 02:59 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 18:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 19:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-20 19:07 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 11:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-25 19:14 4444160 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-21 23:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-08-15 23:31 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-12 17:33 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 18:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-11-06 21:24 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1728715910-1682720068-2937159828-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2007-08-07 331870]
R2 CWMonitor;Symantec Crimeware Protection Driver;c:\program files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 NvcRpcServer;Nortel CVC Service;c:\program files\Nortel Networks\NvcRpcSvr.exe [2007-04-09 71176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-04-09 31784]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-04-09 148232]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys [x]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2007-08-07 110160]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a16892-9f7d-11df-adf7-80c5efbf4a42}]
\shell\AutoRun\command - E:\Menu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35da1cbd-adf2-11df-9167-929d9f30667d}]
\shell\AutoRun\command - E:\Menu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55820029-7a00-11de-8417-444553544200}]
\shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 16:01]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 16:01]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728715910-1682720068-2937159828-1000Core.job
- c:\users\Pauli\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-18 21:59]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728715910-1682720068-2937159828-1000UA.job
- c:\users\Pauli\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-18 21:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pauli\AppData\Roaming\Mozilla\Firefox\Profiles\h344aar5.Standard-Benutzer\
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-NDSTray - NDSTray.exe
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 20:56
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????e??o| ??? O???O?@?O?X?O?p?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-14 21:02:14
ComboFix-quarantined-files.txt 2011-07-15 02:02
.
Pre-Run: 24,074,313,728 bytes free
Post-Run: 25,717,624,832 bytes free
.
- - End Of File - - 3691EA5F96AC5AD69B7C6E9AEF78E5C1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users