Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My programs cant access save window- cant save any files! - possible malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 J_sean

J_sean

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 14 August 2011 - 11:02 PM

Running windows vista home premium 64bit service pack 2
Dell inspiron 1545
core2duo 2ghz
4 gig ram



I cant pinpoint when it started exactly but all of a sudden some of my programs could not save.

An example of this would be in firefox- I right click a photo, select "save image as" and the usual window does not open- nothing happens. Same thing with "save page as" I tried shortcuts ctrl -s nothing happens either.

another example would be in adobe flash pro, I select "save as" or "load file" in the file option, nothing happens either.

another example is also while accessing forums, emails, or any site that requires loading files- take for examle this forum, Below the posting box is a browse button in the attachments- if I click that nothing happens, no windows pops up. I cant upload anything.

Its very hard to pinpoint the exact problem because not all programs have it. Adobe photoshop works fine. Autodesk Maya works fine too.

I do not know if its related but at the same time, Internet explorer and Windows media player stopped working entirely and when I install anti-virus programs this shows up: cocreateinstance failed 0x80040154 class not registered

also in yahoo messenger news box if i try to click a link, it says catastrophic error. in utorrent if I right click a torrent and select "open containing folder" an error shows "class not registered" again I dont know if it is related in any way to the problem or a whole other can of worms altogether.

I've tried malware scans (malwarebytes) - system restore did not work either - I'm not sure if this is a virus or if something just broke in vista. Is there any solution available to me that does not require a full reinstall of vista? Any help or insight into the matter would be much appreciated. thanks

- Japheth A.

UPDATE:

I was told to repost this in the malware removal logs. Here's the DDS log. But I cant attach the "attach.txt" file because it is part of the problem detailed above. I cannot attach anything or save or load on some programs. should I just post the attach.txt here?

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by 10676848 at 11:51:03 on 2011-08-15
.
============== Running Processes ================
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\10676848\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [QuickGammaLoader] "C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 124.106.5.2 124.106.6.2
TCP: Interfaces\{27C0878E-3FED-4420-93BB-4BFDCB6CEBB3} : DhcpNameServer = 202.138.128.50 202.138.128.54
TCP: Interfaces\{4D6E8729-1210-42E6-8F73-1159853D6424} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8114E671-9E2E-48FE-B17F-77C3CA310710} : DhcpNameServer = 124.106.5.2 124.106.6.2
TCP: Interfaces\{D7394225-3BE0-4565-A02D-CB0BD45B70BE} : DhcpNameServer = 202.138.128.50 202.138.128.54
TCP: Interfaces\{EF57D589-8CC2-4DDD-9582-20AE3251840B} : DhcpNameServer = 202.138.128.50 202.138.128.54
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\10676848\AppData\Roaming\Mozilla\Firefox\Profiles\w37aqoix.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\10676848\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? ewusbnet;HUAWEI USB-NDIS miniport
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? gupdate1c9f3885bd70b44;Google Update Service (gupdate1c9f3885bd70b44)
R? gupdatem;Google Update Service (gupdatem)
R? MpNWMon;Microsoft Malware Protection Network Driver
R? PerfHost;Performance Counter DLL Host
R? SwitchBoard;SwitchBoard
R? wacmoumonitor;Wacom Mode Helper
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? cpuz135;cpuz135
S? DCService.exe;DCService.exe
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
S? huawei_enumerator;huawei_enumerator
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit
S? mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? OA009Ufd;Creative Camera OA009 Upper Filter Driver
S? OA009Vid;Creative Camera OA009 Function Driver
S? PxHlpa64;PxHlpa64
S? StarWindServiceAE;StarWind AE Service
S? TabletServiceWacom;TabletServiceWacom
S? yksvc;Marvell Yukon Service
S? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-14 22:24:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AC5EFE8-7C96-492B-9BA8-23EA3134F72C}\mpengine.dll
2011-08-14 13:42:32 -------- d--h--w- C:\Windows\msdownld.tmp
2011-08-14 04:21:31 709968 ----a-w- C:\Windows\isRS-000.tmp
2011-08-13 08:36:30 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2011-08-12 23:56:51 -------- d-----w- C:\Users\10676848\AppData\Roaming\Uniblue
2011-08-12 23:56:43 -------- dc-h--w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-12 23:56:33 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-08-12 23:56:15 -------- d-----w- C:\Users\10676848\AppData\Local\PackageAware
2011-08-12 23:07:42 -------- d-----w- C:\Program Files\CCleaner
2011-08-11 17:44:20 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:44:01 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8675419-522E-44BA-8208-8738DEA1E50A}\gapaengine.dll
2011-08-11 00:21:59 -------- d-----w- C:\ProgramData\CELSYS
2011-08-11 00:21:55 -------- d-----w- C:\Users\10676848\AppData\Roaming\Smith Micro
2011-08-11 00:17:12 -------- d-----w- C:\Program Files (x86)\Smith Micro
2011-08-07 00:13:46 -------- d-----w- C:\Program Files (x86)\Sierra On-Line
2011-08-07 00:13:41 -------- d-----w- C:\Sierra
2011-08-06 12:20:11 -------- d-----w- C:\Program Files (x86)\Sierra
2011-08-05 21:01:44 -------- d-----w- C:\Program Files (x86)\SyQic Yoonic Engine - PLDT Watchpad
2011-08-05 20:57:06 -------- d-----w- C:\Users\10676848\AppData\Local\Deployment
2011-07-31 21:40:59 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-31 21:40:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-07-31 21:36:59 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-07-31 21:29:26 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\vi-VN
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\eu-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\ca-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\System32\eu-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\System32\ca-ES
2011-07-31 20:53:31 -------- d-----w- C:\Windows\System32\vi-VN
2011-07-31 20:44:08 -------- d-----w- C:\Windows\System32\SPReview
2011-07-31 20:05:11 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2011-07-31 20:04:34 56320 ----a-w- C:\Windows\System32\compcln.exe
2011-07-31 20:04:25 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2011-07-31 20:03:40 946688 ----a-w- C:\Windows\System32\scavenge.dll
2011-07-31 20:01:59 603136 ----a-w- C:\Windows\System32\MPSSVC.dll
2011-07-31 20:00:59 82432 ----a-w- C:\Windows\System32\davclnt.dll
2011-07-31 19:59:58 948736 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2011-07-31 19:58:59 690688 ----a-w- C:\Windows\System32\wpcao.dll
2011-07-31 19:47:24 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-31 19:47:17 -------- d-----w- C:\9ea93e8a90aee190f978699d58739e
2011-07-31 16:18:49 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-18 20:47:50 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-18 18:36:06 -------- d-----w- C:\Users\10676848\AppData\Roaming\Malwarebytes
2011-07-18 18:35:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-18 18:35:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-18 18:35:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-18 18:35:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 07:44:38 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
==================== Find3M ====================
.
2011-07-31 21:37:24 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-07-31 21:36:59 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-07-31 21:29:17 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-07-15 18:12:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-03 01:40:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-03 01:40:58 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-03 01:40:57 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-03 01:40:57 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-21 22:28:14 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-06-19 14:42:48 564776339 ----a-w- C:\Windows\DUMP729f.tmp
2009-11-19 13:08:02 3749224 ----a-w- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
2009-11-19 13:08:02 2941288 ----a-w- C:\Program Files (x86)\Common Files\adlmint.dll
.
============= FINISH: 11:51:55.41 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 19 August 2011 - 11:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414467 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 J_sean

J_sean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 20 August 2011 - 09:53 AM

Running windows vista home premium 64bit service pack 2
Dell inspiron 1545
core2duo 2ghz
4 gig ram



I cant pinpoint when it started exactly but all of a sudden some of my programs could not save.

An example of this would be in firefox- I right click a photo, select "save image as" and the usual window does not open- nothing happens. Same thing with "save page as" I tried shortcuts ctrl -s nothing happens either.

another example would be in adobe flash pro, I select "save as" or "load file" in the file option, nothing happens either.

another example is also while accessing forums, emails, or any site that requires loading files- take for examle this forum, Below the posting box is a browse button in the attachments- if I click that nothing happens, no windows pops up. I cant upload anything.

Its very hard to pinpoint the exact problem because not all programs have it. Adobe photoshop works fine. Autodesk Maya works fine too.

I do not know if its related but at the same time, Internet explorer and Windows media player stopped working entirely and when I install anti-virus programs this shows up: cocreateinstance failed 0x80040154 class not registered

also in yahoo messenger news box if i try to click a link, it says catastrophic error. in utorrent if I right click a torrent and select "open containing folder" an error shows "class not registered" again I dont know if it is related in any way to the problem or a whole other can of worms altogether.

I've tried malware scans (malwarebytes) - system restore did not work either - I'm not sure if this is a virus or if something just broke in vista. Is there any solution available to me that does not require a full reinstall of vista? Any help or insight into the matter would be much appreciated. thanks

- Japheth A.

UPDATE:

I was told to repost this in the malware removal logs. Here's the DDS log. But I cant attach the "attach.txt" file because it is part of the problem detailed above. I cannot attach anything or save or load on some programs. should I just post the attach.txt here?




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by 10676848 at 11:51:03 on 2011-08-15
.
============== Running Processes ================
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\10676848\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [QuickGammaLoader] "C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 124.106.5.2 124.106.6.2
TCP: Interfaces\{27C0878E-3FED-4420-93BB-4BFDCB6CEBB3} : DhcpNameServer = 202.138.128.50 202.138.128.54
TCP: Interfaces\{4D6E8729-1210-42E6-8F73-1159853D6424} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8114E671-9E2E-48FE-B17F-77C3CA310710} : DhcpNameServer = 124.106.5.2 124.106.6.2
TCP: Interfaces\{D7394225-3BE0-4565-A02D-CB0BD45B70BE} : DhcpNameServer = 202.138.128.50 202.138.128.54
TCP: Interfaces\{EF57D589-8CC2-4DDD-9582-20AE3251840B} : DhcpNameServer = 202.138.128.50 202.138.128.54
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\10676848\AppData\Roaming\Mozilla\Firefox\Profiles\w37aqoix.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\10676848\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? ewusbnet;HUAWEI USB-NDIS miniport
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? gupdate1c9f3885bd70b44;Google Update Service (gupdate1c9f3885bd70b44)
R? gupdatem;Google Update Service (gupdatem)
R? MpNWMon;Microsoft Malware Protection Network Driver
R? PerfHost;Performance Counter DLL Host
R? SwitchBoard;SwitchBoard
R? wacmoumonitor;Wacom Mode Helper
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? cpuz135;cpuz135
S? DCService.exe;DCService.exe
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
S? huawei_enumerator;huawei_enumerator
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit
S? mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? OA009Ufd;Creative Camera OA009 Upper Filter Driver
S? OA009Vid;Creative Camera OA009 Function Driver
S? PxHlpa64;PxHlpa64
S? StarWindServiceAE;StarWind AE Service
S? TabletServiceWacom;TabletServiceWacom
S? yksvc;Marvell Yukon Service
S? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-14 22:24:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AC5EFE8-7C96-492B-9BA8-23EA3134F72C}\mpengine.dll
2011-08-14 13:42:32 -------- d--h--w- C:\Windows\msdownld.tmp
2011-08-14 04:21:31 709968 ----a-w- C:\Windows\isRS-000.tmp
2011-08-13 08:36:30 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2011-08-12 23:56:51 -------- d-----w- C:\Users\10676848\AppData\Roaming\Uniblue
2011-08-12 23:56:43 -------- dc-h--w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-12 23:56:33 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-08-12 23:56:15 -------- d-----w- C:\Users\10676848\AppData\Local\PackageAware
2011-08-12 23:07:42 -------- d-----w- C:\Program Files\CCleaner
2011-08-11 17:44:20 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:44:01 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8675419-522E-44BA-8208-8738DEA1E50A}\gapaengine.dll
2011-08-11 00:21:59 -------- d-----w- C:\ProgramData\CELSYS
2011-08-11 00:21:55 -------- d-----w- C:\Users\10676848\AppData\Roaming\Smith Micro
2011-08-11 00:17:12 -------- d-----w- C:\Program Files (x86)\Smith Micro
2011-08-07 00:13:46 -------- d-----w- C:\Program Files (x86)\Sierra On-Line
2011-08-07 00:13:41 -------- d-----w- C:\Sierra
2011-08-06 12:20:11 -------- d-----w- C:\Program Files (x86)\Sierra
2011-08-05 21:01:44 -------- d-----w- C:\Program Files (x86)\SyQic Yoonic Engine - PLDT Watchpad
2011-08-05 20:57:06 -------- d-----w- C:\Users\10676848\AppData\Local\Deployment
2011-07-31 21:40:59 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-31 21:40:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-07-31 21:36:59 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-07-31 21:29:26 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\vi-VN
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\eu-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\SysWow64\ca-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\System32\eu-ES
2011-07-31 20:53:32 -------- d-----w- C:\Windows\System32\ca-ES
2011-07-31 20:53:31 -------- d-----w- C:\Windows\System32\vi-VN
2011-07-31 20:44:08 -------- d-----w- C:\Windows\System32\SPReview
2011-07-31 20:05:11 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2011-07-31 20:04:34 56320 ----a-w- C:\Windows\System32\compcln.exe
2011-07-31 20:04:25 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2011-07-31 20:03:40 946688 ----a-w- C:\Windows\System32\scavenge.dll
2011-07-31 20:01:59 603136 ----a-w- C:\Windows\System32\MPSSVC.dll
2011-07-31 20:00:59 82432 ----a-w- C:\Windows\System32\davclnt.dll
2011-07-31 19:59:58 948736 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2011-07-31 19:58:59 690688 ----a-w- C:\Windows\System32\wpcao.dll
2011-07-31 19:47:24 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-31 19:47:17 -------- d-----w- C:\9ea93e8a90aee190f978699d58739e
2011-07-31 16:18:49 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-18 20:47:50 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-18 18:36:06 -------- d-----w- C:\Users\10676848\AppData\Roaming\Malwarebytes
2011-07-18 18:35:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-18 18:35:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-18 18:35:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-18 18:35:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 07:44:38 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
==================== Find3M ====================
.
2011-07-31 21:37:24 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-07-31 21:36:59 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-07-31 21:29:17 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-07-15 18:12:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-03 01:40:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-03 01:40:58 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-03 01:40:57 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-03 01:40:57 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-21 22:28:14 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-06-19 14:42:48 564776339 ----a-w- C:\Windows\DUMP729f.tmp
2009-11-19 13:08:02 3749224 ----a-w- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll
2009-11-19 13:08:02 2941288 ----a-w- C:\Program Files (x86)\Common Files\adlmint.dll
.
============= FINISH: 11:51:55.41 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:28 PM

Posted 21 August 2011 - 04:19 AM

Hello, my name is Elise and I'll assist you with this issue.
First lets run a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 J_sean

J_sean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 21 August 2011 - 09:17 AM

Thanks for the reply elise!

Tried it a while ago -the TDSS scan picked up no rootkit. What's the next step for me?









2011/08/21 22:11:04.0005 5720 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/21 22:11:05.0072 5720 ================================================================================
2011/08/21 22:11:05.0073 5720 SystemInfo:
2011/08/21 22:11:05.0073 5720
2011/08/21 22:11:05.0073 5720 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/21 22:11:05.0073 5720 Product type: Workstation
2011/08/21 22:11:05.0073 5720 ComputerName: 10676848-PC
2011/08/21 22:11:05.0073 5720 UserName: 10676848
2011/08/21 22:11:05.0073 5720 Windows directory: C:\Windows
2011/08/21 22:11:05.0073 5720 System windows directory: C:\Windows
2011/08/21 22:11:05.0073 5720 Running under WOW64
2011/08/21 22:11:05.0074 5720 Processor architecture: Intel x64
2011/08/21 22:11:05.0074 5720 Number of processors: 2
2011/08/21 22:11:05.0074 5720 Page size: 0x1000
2011/08/21 22:11:05.0074 5720 Boot type: Normal boot
2011/08/21 22:11:05.0074 5720 ================================================================================
2011/08/21 22:11:08.0379 5720 Initialize success
2011/08/21 22:11:10.0660 2780 ================================================================================
2011/08/21 22:11:10.0660 2780 Scan started
2011/08/21 22:11:10.0660 2780 Mode: Manual;
2011/08/21 22:11:10.0660 2780 ================================================================================
2011/08/21 22:11:15.0057 2780 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/21 22:11:15.0302 2780 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/08/21 22:11:16.0148 2780 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/21 22:11:16.0550 2780 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/21 22:11:16.0698 2780 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/21 22:11:16.0811 2780 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/21 22:11:17.0226 2780 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/08/21 22:11:17.0476 2780 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/21 22:11:17.0588 2780 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/21 22:11:17.0724 2780 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/08/21 22:11:17.0789 2780 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/21 22:11:17.0887 2780 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/08/21 22:11:17.0935 2780 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/21 22:11:18.0041 2780 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/21 22:11:18.0127 2780 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/21 22:11:18.0584 2780 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/21 22:11:18.0690 2780 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2011/08/21 22:11:18.0873 2780 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
2011/08/21 22:11:19.0058 2780 BCM43XX (b76505d76984d935214e118753bdb2cb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/21 22:11:20.0736 2780 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/21 22:11:21.0111 2780 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/21 22:11:21.0640 2780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/21 22:11:22.0027 2780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/21 22:11:22.0299 2780 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/21 22:11:22.0490 2780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/21 22:11:22.0547 2780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/21 22:11:22.0578 2780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/21 22:11:22.0631 2780 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/21 22:11:23.0134 2780 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/21 22:11:23.0676 2780 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/21 22:11:24.0153 2780 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/08/21 22:11:24.0264 2780 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/21 22:11:24.0490 2780 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/21 22:11:24.0581 2780 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/21 22:11:24.0777 2780 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/21 22:11:25.0228 2780 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/08/21 22:11:25.0316 2780 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/21 22:11:25.0723 2780 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/08/21 22:11:26.0213 2780 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/21 22:11:26.0509 2780 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/21 22:11:26.0797 2780 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/21 22:11:26.0993 2780 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/08/21 22:11:27.0056 2780 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/21 22:11:27.0153 2780 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/21 22:11:27.0290 2780 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/21 22:11:27.0395 2780 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/21 22:11:27.0498 2780 ewusbnet (28b6b0845b60540b5d2386097c52e1f7) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/08/21 22:11:27.0556 2780 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/08/21 22:11:27.0649 2780 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/21 22:11:27.0741 2780 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/21 22:11:27.0802 2780 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/21 22:11:27.0844 2780 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/21 22:11:27.0885 2780 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/21 22:11:27.0968 2780 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/21 22:11:28.0013 2780 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/21 22:11:28.0068 2780 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/21 22:11:28.0107 2780 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/21 22:11:28.0402 2780 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/21 22:11:28.0512 2780 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/21 22:11:28.0548 2780 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/08/21 22:11:28.0645 2780 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/21 22:11:28.0731 2780 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/21 22:11:28.0877 2780 HTTP (5e16d9cca86ce0e117ff1856c6649b33) C:\Windows\system32\drivers\HTTP.sys
2011/08/21 22:11:29.0062 2780 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/08/21 22:11:29.0245 2780 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/21 22:11:29.0523 2780 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/21 22:11:29.0685 2780 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/21 22:11:29.0886 2780 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
2011/08/21 22:11:30.0080 2780 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/21 22:11:31.0028 2780 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/21 22:11:31.0800 2780 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/21 22:11:32.0032 2780 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/21 22:11:32.0202 2780 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/21 22:11:32.0391 2780 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/21 22:11:32.0721 2780 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/21 22:11:32.0804 2780 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/21 22:11:32.0910 2780 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/21 22:11:32.0974 2780 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/21 22:11:33.0132 2780 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/21 22:11:33.0292 2780 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/21 22:11:33.0466 2780 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/21 22:11:33.0894 2780 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/21 22:11:34.0402 2780 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/21 22:11:34.0878 2780 KSecDD (fb88b233af3d6204f19d85934c102ba7) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/21 22:11:35.0334 2780 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/21 22:11:35.0514 2780 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/21 22:11:35.0777 2780 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/21 22:11:36.0394 2780 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/21 22:11:36.0796 2780 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/21 22:11:37.0257 2780 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/21 22:11:37.0357 2780 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/21 22:11:37.0880 2780 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/21 22:11:38.0163 2780 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/21 22:11:38.0244 2780 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/21 22:11:38.0558 2780 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/21 22:11:38.0748 2780 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/21 22:11:38.0800 2780 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/21 22:11:38.0868 2780 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/21 22:11:39.0224 2780 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/21 22:11:39.0549 2780 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/21 22:11:39.0722 2780 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/21 22:11:39.0860 2780 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/21 22:11:39.0928 2780 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/21 22:11:40.0108 2780 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/21 22:11:40.0217 2780 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/21 22:11:40.0399 2780 mrxsmb (a6c23405a24c0c48a246d4f23f0a387d) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/21 22:11:40.0518 2780 mrxsmb10 (d35768909607b7b4f827b2105dd6b6cf) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/21 22:11:40.0666 2780 mrxsmb20 (37abc27460f9d532efdcc0116b7e5e48) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/21 22:11:40.0759 2780 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/08/21 22:11:40.0875 2780 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/21 22:11:41.0255 2780 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/21 22:11:41.0306 2780 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/21 22:11:41.0377 2780 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/21 22:11:41.0440 2780 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/21 22:11:41.0549 2780 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/21 22:11:41.0606 2780 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/21 22:11:41.0653 2780 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/21 22:11:41.0694 2780 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/21 22:11:41.0745 2780 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/21 22:11:41.0851 2780 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/21 22:11:41.0914 2780 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/21 22:11:42.0006 2780 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/21 22:11:42.0035 2780 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/21 22:11:42.0171 2780 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/21 22:11:42.0251 2780 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/21 22:11:42.0407 2780 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/21 22:11:42.0539 2780 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/21 22:11:43.0124 2780 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/21 22:11:43.0417 2780 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/21 22:11:43.0840 2780 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/21 22:11:44.0113 2780 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/21 22:11:44.0741 2780 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/21 22:11:45.0271 2780 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/21 22:11:45.0472 2780 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/21 22:11:45.0553 2780 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/21 22:11:45.0603 2780 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/21 22:11:45.0740 2780 OA009Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/08/21 22:11:45.0812 2780 OA009Vid (4bb946d5a9bc62b45d58108d29ae2e7d) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/08/21 22:11:45.0890 2780 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/08/21 22:11:46.0444 2780 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/21 22:11:46.0578 2780 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/21 22:11:46.0693 2780 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/21 22:11:46.0763 2780 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/08/21 22:11:46.0832 2780 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/21 22:11:46.0889 2780 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/21 22:11:47.0231 2780 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/21 22:11:47.0292 2780 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/08/21 22:11:47.0416 2780 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/21 22:11:47.0523 2780 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/21 22:11:47.0767 2780 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/21 22:11:48.0182 2780 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/21 22:11:48.0313 2780 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/21 22:11:48.0674 2780 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/21 22:11:48.0963 2780 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/21 22:11:49.0107 2780 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/21 22:11:49.0229 2780 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/21 22:11:49.0458 2780 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/21 22:11:49.0632 2780 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/21 22:11:49.0730 2780 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/21 22:11:49.0851 2780 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/21 22:11:49.0937 2780 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/21 22:11:50.0158 2780 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/21 22:11:50.0619 2780 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/21 22:11:50.0787 2780 RTSTOR (ba9306c027a92a7ed685f7c6e2d2b00b) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/08/21 22:11:51.0017 2780 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/21 22:11:51.0390 2780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/21 22:11:51.0636 2780 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/08/21 22:11:51.0731 2780 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/08/21 22:11:51.0778 2780 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/21 22:11:51.0906 2780 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/21 22:11:52.0112 2780 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/21 22:11:52.0267 2780 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/21 22:11:52.0442 2780 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/21 22:11:52.0561 2780 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/21 22:11:52.0618 2780 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/21 22:11:52.0765 2780 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/21 22:11:53.0018 2780 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/21 22:11:53.0563 2780 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/08/21 22:11:54.0080 2780 srv (08d8358006d13b61aa3d25efa558f101) C:\Windows\system32\DRIVERS\srv.sys
2011/08/21 22:11:54.0285 2780 srv2 (efca77e9f9fdab1de37cc473066dc715) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/21 22:11:54.0392 2780 srvnet (54f34ef396760ec51abf85e12cc72acf) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/21 22:11:54.0689 2780 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/21 22:11:54.0902 2780 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/21 22:11:55.0270 2780 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/21 22:11:55.0545 2780 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/21 22:11:55.0668 2780 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/21 22:11:55.0984 2780 Tcpip (150c1a66a7094f84560519261a309bc6) C:\Windows\system32\drivers\tcpip.sys
2011/08/21 22:11:56.0562 2780 Tcpip6 (150c1a66a7094f84560519261a309bc6) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/21 22:11:57.0032 2780 tcpipreg (1d7197179da7de1091c422a51ca3b7c5) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/21 22:11:57.0323 2780 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/21 22:11:57.0633 2780 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/21 22:11:57.0792 2780 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/21 22:11:57.0909 2780 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/21 22:11:58.0092 2780 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/21 22:11:58.0209 2780 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/21 22:11:58.0464 2780 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/21 22:11:58.0560 2780 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/21 22:11:58.0885 2780 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/21 22:11:59.0502 2780 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/21 22:11:59.0959 2780 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/21 22:12:00.0157 2780 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/21 22:12:00.0204 2780 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/21 22:12:00.0245 2780 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/21 22:12:00.0483 2780 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/21 22:12:00.0566 2780 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/21 22:12:00.0655 2780 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/21 22:12:00.0854 2780 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/21 22:12:01.0366 2780 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/08/21 22:12:01.0654 2780 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/08/21 22:12:01.0818 2780 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/21 22:12:01.0936 2780 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/21 22:12:02.0267 2780 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/21 22:12:02.0392 2780 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/21 22:12:02.0478 2780 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/21 22:12:02.0538 2780 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/21 22:12:02.0706 2780 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/21 22:12:03.0089 2780 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/21 22:12:03.0398 2780 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/21 22:12:03.0562 2780 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/08/21 22:12:03.0620 2780 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/21 22:12:03.0995 2780 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 22:12:04.0024 2780 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 22:12:04.0321 2780 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/21 22:12:04.0496 2780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/21 22:12:04.0927 2780 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/21 22:12:05.0241 2780 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/21 22:12:05.0429 2780 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/21 22:12:05.0843 2780 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/08/21 22:12:06.0042 2780 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/08/21 22:12:06.0091 2780 Boot (0x1200) (a3e5cedfa0512034b9ffe0baf6b27230) \Device\Harddisk0\DR0\Partition0
2011/08/21 22:12:06.0144 2780 Boot (0x1200) (97594d834d1845b0bb62a43eea88cbd0) \Device\Harddisk0\DR0\Partition1
2011/08/21 22:12:06.0152 2780 ================================================================================
2011/08/21 22:12:06.0152 2780 Scan finished
2011/08/21 22:12:06.0152 2780 ================================================================================
2011/08/21 22:12:06.0172 4000 Detected object count: 0
2011/08/21 22:12:06.0172 4000 Actual detected object count: 0

Edited by J_sean, 21 August 2011 - 09:18 AM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:28 PM

Posted 21 August 2011 - 09:48 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,093 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:28 PM

Posted 28 August 2011 - 04:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users