Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Anti-malware being terminated then blocked


  • This topic is locked This topic is locked
10 replies to this topic

#1 gravejr

gravejr

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 August 2011 - 08:56 AM

Hi

OS: Window Vista Home Premium SP2 (Safe mode)
Regular start-up leading straight to blue screen error: *** STOP: 0x0000007F (0x00000008, 0x801EF000, 0x00000000, 0x00000000)

I've managed to get an infection which is terminating all the any anti-malware scans I've tried, avast, malwarebytes. I then tried running rKill but this too was terminated and I cannot reopen it. On trying to re-run these after termination an error message stating "Window's cannot access the specified file." This was acquired while trying to fix a Google redirect virus. (Using Firefox 5.0.0)

Following the malware removal request preparation guide, Defogger and DSS ran fine (log below) but when running GMER.exe this too was terminated mid scan and then on trying to rerun the program the same error message as above comes up.

Thanks in advance
Martin


DDS Log:

DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Run by Martin Perrett at 14:02:12 on 2011-08-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1479 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\3865912922:2782499353.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.8bitcollective.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Digsby Donates: {998a3c0c-8914-4d2a-ae36-bfa2e5ae6d5d} - c:\program files\digsby donates\ShoppingBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Pidgin Messanger] c:\program files\pidgin\pidgin.exe
uRun: [{A50292F0-A33C-6969-F44F-6CBE8062F794}] "c:\users\martin perrett\appdata\roaming\gizum\ehevu.exe"
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\anit-malware programs\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Wrapper] runonce
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\martin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\martin perrett\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{277E890C-B32A-43A4-96C3-3FA4C70C47A0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5C3F6D2F-6ECD-4A51-831D-D406D65A637B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F1B9C2D9-32E4-4AD2-9A77-9E6BD23FAA07} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\martin perrett\appdata\roaming\mozilla\firefox\profiles\u4s3hqb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.live.com/?rru=inbox|http://www.facebook.com/home.php?ref=home
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\martin perrett\appdata\roaming\mozilla\firefox\profiles\u4s3hqb2.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\users\martin perrett\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-10 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-10 309848]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\anit-malware programs\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\anit-malware programs\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-9-22 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-10 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-10 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\anit-malware programs\avast\AvastSvc.exe [2011-4-10 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-22 21504]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\hercules\audio\dj console series\drivers\x86\HerculesDJControlMP3.EXE [2011-2-19 17408]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-4-27 47104]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2011-2-19 153600]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-27 10976]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2011-2-19 212480]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2011-2-19 192000]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-8-18 464384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-17 20080]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-08-23 10:21:00 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38ce57f4-336e-46ba-99d3-12d10e9bbf09}\mpengine.dll
2011-08-22 17:05:51 -------- d-----w- c:\program files\STOPzilla!
2011-08-22 17:05:47 -------- d-----w- c:\program files\common files\iS3
2011-08-22 17:05:42 -------- d-----w- c:\programdata\STOPzilla!
2011-08-22 12:32:43 -------- d-----w- c:\users\martin perrett\appdata\roaming\Saak
2011-08-22 12:32:43 -------- d-----w- c:\users\martin perrett\appdata\roaming\Gizum
2011-08-18 16:44:18 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 16:44:18 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 16:44:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 16:44:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 16:44:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 16:44:16 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 16:44:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 16:44:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 16:44:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 16:44:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 16:44:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 16:44:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-15 11:18:14 -------- d-----w- c:\users\martin perrett\.idlerc
2011-08-15 11:04:02 -------- d-----w- c:\program files\Python27
2011-08-11 14:18:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-08-11 14:11:02 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-11 14:10:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-11 14:08:42 -------- d-----w- c:\programdata\Hitman Pro
2011-08-10 23:44:47 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 23:44:47 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 23:44:44 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 16:22:44 -------- d-----w- c:\users\martin perrett\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-08-09 16:22:39 -------- d-----w- c:\program files\TweetDeck
2011-08-06 13:39:41 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2011-08-23 10:12:37 119296 ----a-w- c:\windows\system32\zlib.dll
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-28 14:15:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-12 14:09:18 2206720 ----a-w- c:\windows\system32\python27.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 23:34:03 188416 ----a-w- c:\program files\Vista-ShutdownTimer.exe
2008-11-11 18:29:10 565760 ----a-w- c:\program files\recover_files.exe
.
============= FINISH: 14:03:28.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 28 August 2011 - 02:48 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gravejr

gravejr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 29 August 2011 - 04:20 PM

Hi Gringo thanks for the help

All scans worked fine had to restart for the RKUnHooker to configure

Logs

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Run by Martin Perrett at 21:44:47 on 2011-08-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1475 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\3865912922:2782499353.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.8bitcollective.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Digsby Donates: {998a3c0c-8914-4d2a-ae36-bfa2e5ae6d5d} - c:\program files\digsby donates\ShoppingBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Pidgin Messanger] c:\program files\pidgin\pidgin.exe
uRun: [{A50292F0-A33C-6969-F44F-6CBE8062F794}] "c:\users\martin perrett\appdata\roaming\gizum\ehevu.exe"
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\anit-malware programs\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Wrapper] runonce
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\martin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\martin perrett\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{277E890C-B32A-43A4-96C3-3FA4C70C47A0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5C3F6D2F-6ECD-4A51-831D-D406D65A637B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F1B9C2D9-32E4-4AD2-9A77-9E6BD23FAA07} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\martin perrett\appdata\roaming\mozilla\firefox\profiles\u4s3hqb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.live.com/?rru=inbox|http://www.facebook.com/home.php?ref=home
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\martin perrett\appdata\roaming\mozilla\firefox\profiles\u4s3hqb2.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\users\martin perrett\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-10 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-10 309848]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
S1 SASDIFSV;SASDIFSV;c:\program files\anit-malware programs\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\anit-malware programs\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-9-22 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-10 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-10 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\anit-malware programs\avast\AvastSvc.exe [2011-4-10 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-22 21504]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\hercules\audio\dj console series\drivers\x86\HerculesDJControlMP3.EXE [2011-2-19 17408]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-4-27 47104]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2011-2-19 153600]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-27 10976]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2011-2-19 212480]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2011-2-19 192000]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-8-18 464384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-17 20080]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-08-23 10:21:00 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38ce57f4-336e-46ba-99d3-12d10e9bbf09}\mpengine.dll
2011-08-22 17:05:51 -------- d-----w- c:\program files\STOPzilla!
2011-08-22 17:05:47 -------- d-----w- c:\program files\common files\iS3
2011-08-22 17:05:42 -------- d-----w- c:\programdata\STOPzilla!
2011-08-22 12:32:43 -------- d-----w- c:\users\martin perrett\appdata\roaming\Saak
2011-08-22 12:32:43 -------- d-----w- c:\users\martin perrett\appdata\roaming\Gizum
2011-08-18 16:44:18 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 16:44:18 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 16:44:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 16:44:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 16:44:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 16:44:16 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 16:44:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 16:44:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 16:44:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 16:44:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 16:44:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 16:44:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-15 11:18:14 -------- d-----w- c:\users\martin perrett\.idlerc
2011-08-15 11:04:02 -------- d-----w- c:\program files\Python27
2011-08-11 14:18:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-08-11 14:11:02 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-11 14:10:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-11 14:08:42 -------- d-----w- c:\programdata\Hitman Pro
2011-08-10 23:44:47 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 23:44:47 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 23:44:44 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 16:22:44 -------- d-----w- c:\users\martin perrett\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-08-09 16:22:39 -------- d-----w- c:\program files\TweetDeck
2011-08-06 13:39:41 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2011-08-23 10:12:37 119296 ----a-w- c:\windows\system32\zlib.dll
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-28 14:15:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-12 14:09:18 2206720 ----a-w- c:\windows\system32\python27.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 23:34:03 188416 ----a-w- c:\program files\Vista-ShutdownTimer.exe
2008-11-11 18:29:10 565760 ----a-w- c:\program files\recover_files.exe
.
============= FINISH: 21:46:01.05 ===============


DDS (Attach)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/04/2008 09:40:00
System Uptime: 29/08/2011 21:39:32 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-VM
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 41 GiB total, 0.316 GiB free.
D: is FIXED (NTFS) - 192 GiB total, 56.662 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 18.164 GiB free.
F: is CDROM ()
G: is Removable
H: is FIXED (FAT32) - 149 GiB total, 6.547 GiB free.
J: is Removable
L: is Removable
M: is CDROM ()
N: is Removable
O: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart B110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description:
Device ID: ROOT\WPD\0004
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0004
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.5
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.9
AoA Audio Extractor 2.0
AP Tuner 3.08
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
ASUSUpdate
Atheros Communications Inc.® L1 Gigabit Ethernet Driver
Atheros Ethernet Utility
µTorrent
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
Audiosurf Demo
Auslogics Disk Defrag
avast! Free Antivirus
AVS4YOU Software Navigator 1.3
B110
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BTHomeHub
BufferChm
Canon Camera WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon iP4500 series
Canon iP4500 series User Registration
Canon Utilities Digital Photo Professional 2.0
Canon Utilities EOS Capture 1.5
Canon Utilities PhotoStitch 3.1
CCleaner
CD-LabelPrint
ClaroRead 2007
CNET TechTracker
Colour Explorer
Commander Keen 1: Marooned on Mars
Coupon Printer for Windows
D3DX10
Destinations
DeviceDiscovery
Digsby Donates
DivX Setup
Dropbox
EASEUS Data Recovery Wizard Free Edition 5.0.1
EncVorbis 1.1
EOS Capture 1.5
ESET Online Scanner v3
Facebook Plug-In
ffdshow [rev 1723] [2007-12-24]
foobar2000 v1.1.5
Free Music Zilla
FreeOCR 3.0
GNU Aspell 0.50-3
GnuWin32: Wget-1.11.4-1
GPBaseService2
GPL Ghostscript 8.63
GTK+ Runtime 2.14.7 rev a (remove only)
Hercules DJ Products Series drivers
HiJackThis
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Hugin 2010.4.0
i.Beat organix
ImageJ 1.41o
Inspiration 8 IE
Instantbird (1.0)
Intel® IPP Run-Time Installer 5.3 for Windows* on IA-32
Java Auto Updater
Java™ 6 Update 21
JDownloader
Junk Mail filter update
KeyTweak - Keyboard Remapper (remove only)
LADSPA_plugins-win-0.4.15
Last.fm 1.5.4.27091
Logitech Gaming Software 5.04
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.97
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Xbox 360 Accessories 1.2
MiniTool Power Data Recovery
Mozilla Firefox 6.0 (x86 en-US)
Mp3tag v2.47b
mst IsUsedBy
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
Nero 8
Network
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Olympus DSS Player
OpenAL
ParetoLogic Data Recovery
PC Connectivity Solution
PC Probe II
PDF Settings
PeerBlock 1.1 (r518)
PhotoStitch
Photosynth 2.0109.0529.1131
Pidgin
Pidgin Last.fm Plugin v0.4
Pinnacle Game Profiler
PIXMA Extended Survey Program
Plustek OpticBook 3600
Presto! ImageFolio 4
Presto! PageManager 7.10
PS_AIO_07_B110_SW_Min
PVSonyDll
Python 2.7.2
QuickTime
QuickTransfer
Rapport
Real Alternative 1.9.0
RealSpeak British Emily Voice
RealSpeak British Jane Voice
Realtek High Definition Audio Driver
Risk WarZone Client
Sansa Updater
Scan
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Shop for HP Supplies
SimpleOCR 3.1
SmartWebPrinting
Snood 4
Soft Voice SoftRing Modem with SmartSP
SolutionCenter
Sony ACID XPress 5.0a
Spotify
Startup Manager 2.4.2
Status
Steam
STOPzilla
SUPERAntiSpyware
Tag&Rename 3.5.7
Toolbox
TrayApp
TreeSize Free V2.5
TweetDeck
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.9
WarZone Client v1.0.41
WarZone Client v1.0.49
WebReg
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Wolfenstein 3D
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
29/08/2011 21:44:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
29/08/2011 21:43:06, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC is3srv NetBIOS netbt nsiproxy PSched RapportKELL RasAcd rdbss SASDIFSV SASKUTIL SBRE Smb spldr tdx Wanarpv6
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/08/2011 21:42:08, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/08/2011 21:41:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/08/2011 21:41:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/08/2011 21:41:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/08/2011 21:41:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/08/2011 21:41:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/08/2011 21:41:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/08/2011 21:41:05, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
29/08/2011 21:41:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
23/08/2011 14:00:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC is3srv NetBIOS netbt nsiproxy PSched RapportKELL RasAcd rdbss SASDIFSV SASKUTIL SBRE Smb spldr sptd tdx Wanarpv6
23/08/2011 13:57:17, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
23/08/2011 13:56:23, Error: sptd [4] - Driver detected an internal error in its data structures for .
23/08/2011 13:21:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi is3srv RapportKELL SASDIFSV SASKUTIL SBRE spldr sptd Wanarpv6
23/08/2011 12:02:46, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
23/08/2011 11:25:57, Error: EventLog [6008] - The previous system shutdown at 11:21:37 on 23/08/2011 was unexpected.
23/08/2011 11:12:44, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
23/08/2011 11:12:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv SBRE
22/08/2011 18:45:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
22/08/2011 18:45:39, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/08/2011 18:45:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/08/2011 18:42:08, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Virtual PDF Printer with shared resource name Virtual PDF Printer. Error 2114. The printer cannot be used by others on the network.
22/08/2011 10:45:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
.
==== End Of File ===========================


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x86E40000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x86E40000 PnpManager 3907584 bytes
0x86E40000 RAW 3907584 bytes
0x86E40000 WMIxWDM 3907584 bytes
0x84860000 Win32k 2113536 bytes
0x84860000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D002000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8CC72000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8CE0C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806DA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x8CF11000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CC01000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8CA0A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x80610000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x84B30000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8CB25000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CA89000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80699000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x9625E000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CF9E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CDA8000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D112000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x9634A000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x86E0D000 ACPI_HAL 208896 bytes
0x86E0D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8CBBA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9622F000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8CD7D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x962FA000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x97404000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8D16E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8CAE0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x962D2000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8D1A6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x963A2000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8CB9C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8CEF6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x97456000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x807DE000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes
0x962BA000 C:\Windows\system32\DRIVERS\mcdbus.sys 98304 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x84A70000 C:\Windows\System32\drivers\dxg.sys 94208 bytes (Microsoft Corporation, DirectX Graphics Driver)
0x97470000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x963E8000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8CFE4000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D195000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x80680000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8CBEC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CB84000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x962AA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8D15F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8CB07000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D14B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8CB16000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x963DA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8CB76000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x807BA000 C:\Windows\system32\DRIVERS\szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0x8CA7B000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9742C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x807C8000 C:\Windows\system32\drivers\szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0x9633D000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x96396000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x963C3000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x97439000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CE00000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CDE3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x963CF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9629F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8D1F0000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x96328000 C:\Windows\system32\drivers\WmXlCore.sys 45056 bytes (Logitech Inc., Logitech WingMan Translation Driver)
!!!!!!!!!!!Hidden driver: 0x96225000 2377401040 40960 bytes
0x9744C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x96333000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x807D5000 C:\Windows\System32\Drivers\BlackBox.sys 36864 bytes (RKU Driver)
0x8D1C7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9637F000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x84AA0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CACF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8CFDC000 C:\Windows\system32\DRIVERS\ASACPI.sys 32768 bytes (-, ATK0110 ACPI Utility)
0x8CB94000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80691000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x97444000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x84B20000 C:\Windows\System32\framebuf.dll 32768 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CAD8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9638F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CB6F000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80609000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x96388000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x96324000 C:\Windows\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0x962F8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x963FD000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8CDF49D0 00006788 1584 bytes
0x8CDF49D0 unknown_irp_handler 1584 bytes
==============================================
>Stealth
==============================================
0x8CDF4693 Unknown page with executable code, 2413 bytes
0x8CDF1617 Unknown page with executable code, 2537 bytes
0x8CDF553F Unknown page with executable code, 2753 bytes
0x8CDF14E6 Unknown page with executable code, 2842 bytes
0x8CDEF11D Unknown page with executable code, 3811 bytes
0x96229FC0 Unknown thread object [ ETHREAD 0x8A27F5A0 ] TID: 264, 600 bytes
0x96229FC0 Unknown thread object [ ETHREAD 0x8A283020 ] TID: 268, 600 bytes
0x8CDF6105 Unknown thread object [ ETHREAD 0x8A283D78 ] TID: 272, 600 bytes
0x8CDF6105 Unknown thread object [ ETHREAD 0x8A283AD0 ] TID: 276, 600 bytes

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 29 August 2011 - 07:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 01 September 2011 - 12:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gravejr

gravejr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 01 September 2011 - 03:52 PM

Hi sorry for the delay, you help is very much appreciated.

Ran Combofix but due having to start in safe mode and the infection couldn't find away to terminate my anit-virus programs that Combo fix said were running though task manager did not show their processes.

After Combofix first restarted windows it opened in normal mode though Stopzilla was then running and claiming to have found a virus "CatchMe" and Comdofix had the error "Windows can not find NIRKMD"

As Combofix ran serveral error messages kept occuring on most stages these where:
"NIRCMD not recognised" and "SWREG not recognised"

After the "stages" had finished Combofix repeatedly came up with these errors during the final stages:

"Windows cannot find HIDC.3XE" and "Windows cannot find NIRCMD.exe"


After this Windows now boots properly and StopZilla now runs on start up (It's unregistered though so is not quarantining anything) my other anti-malewear MalwareBytes and Avast as still being terminated when I try to start them.

Google redirecting I'm not sure of as I've had the infected machine disconnected since the infection.



Heres the log

ComboFix 11-08-31.04 - Martin Perrett 31/08/2011 17:11:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1195 [GMT 1:00]
Running from: C:\Users\Martin Perrett\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Digsby Donates\ShOPpingbho.dll
C:\ProgramData\Tarma Installer
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110606174928.log
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
C:\ProgramData\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
C:\Users\Martin Perrett\AppData\Local\{DAA4C70E-F91A-4D3E-991D-2D9762FACF12}
C:\Users\Martin Perrett\AppData\Local\{DAA4C70E-F91A-4D3E-991D-2D9762FACF12}\chrome.manifest
C:\Users\Martin Perrett\AppData\Local\{DAA4C70E-F91A-4D3E-991D-2D9762FACF12}\chrome\content\_cfg.js
C:\Users\Martin Perrett\AppData\Local\{DAA4C70E-F91A-4D3E-991D-2D9762FACF12}\chrome\content\overlay.xul
C:\Users\Martin Perrett\AppData\Local\{DAA4C70E-F91A-4D3E-991D-2D9762FACF12}\install.rdf
C:\Users\Martin Perrett\AppData\Roaming\Gizum
C:\Users\Martin Perrett\AppData\Roaming\Gizum\ehevu.exe
C:\Users\Martin Perrett\AppData\Roaming\Lyan
C:\Users\Martin Perrett\AppData\Roaming\Lyan\obehf.ano
C:\Windows\$NtUninstallKB51263$
C:\Windows\$NtUninstallKB51263$\1512467942\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
C:\Windows\$NtUninstallKB51263$\1512467942\click.tlb
C:\Windows\$NtUninstallKB51263$\1512467942\L\qnbwvoto
C:\Windows\$NtUninstallKB51263$\1512467942\loader.tlb
C:\Windows\$NtUninstallKB51263$\1512467942\U\@00000001
C:\Windows\$NtUninstallKB51263$\1512467942\U\@000000c0
C:\Windows\$NtUninstallKB51263$\1512467942\U\@000000cb
C:\Windows\$NtUninstallKB51263$\1512467942\U\@000000cf
C:\Windows\$NtUninstallKB51263$\1512467942\U\@80000000
C:\Windows\$NtUninstallKB51263$\1512467942\U\@800000c0
C:\Windows\$NtUninstallKB51263$\1512467942\U\@800000cb
C:\Windows\$NtUninstallKB51263$\1512467942\U\@800000cf
C:\Windows\$NtUninstallKB51263$\4121772272
C:\Windows\assembly\GAC_MSIL\desktop.ini
C:\Windows\system32\spool\prtprocs\w32x86\hpfpp101.dll
C:\Windows\system32\SysInfo.dll
C:\Windows\TEMP\w00xmsqc.vbt
D:\Users\Gravejr\Documents\~WRL0005.tmp

C:\Windows\system32\drivers\cdrom.sys . . . is missing!!

c:\windows\3865912922:2782499353.exe . . . is infected!!


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_5a266de6


((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))


2011-08-31 18:27:20 . 2011-08-31 18:51:14 -------- d-----w- C:\Users\Martin Perrett\AppData\Local\temp
2011-08-31 18:27:20 . 2011-08-31 18:27:20 -------- d-----w- C:\Users\Public\AppData\Local\temp
2011-08-31 18:27:20 . 2011-08-31 18:27:20 -------- d-----w- C:\Users\Mcx1\AppData\Local\temp
2011-08-31 18:27:20 . 2011-08-31 18:27:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-08-29 20:49:49 . 2011-08-29 20:49:49 35712 ----a-w- C:\Windows\system32\drivers\BlackBox.sys
2011-08-23 10:21:00 . 2011-08-12 02:44:27 7152464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38CE57F4-336E-46BA-99D3-12D10E9BBF09}\mpengine.dll
2011-08-22 17:05:51 . 2011-08-22 17:05:55 -------- d-----w- C:\Program Files\STOPzilla!
2011-08-22 17:05:47 . 2011-08-22 17:05:47 -------- d-----w- C:\Program Files\Common Files\iS3
2011-08-22 17:05:42 . 2011-08-31 19:35:37 -------- d-----w- C:\ProgramData\STOPzilla!
2011-08-22 12:32:43 . 2011-08-22 17:20:37 -------- d-----w- C:\Users\Martin Perrett\AppData\Roaming\Saak
2011-08-18 16:44:18 . 2011-08-18 16:44:18 546256 ----a-r- C:\Windows\system32\SZComp5.dll
2011-08-18 16:44:18 . 2011-08-18 16:44:18 22992 ----a-r- C:\Windows\system32\SZIO5.dll
2011-08-18 16:44:18 . 2011-08-18 16:44:18 132560 ----a-r- C:\Windows\system32\IS3HTUI5.dll
2011-08-18 16:44:16 . 2011-08-18 16:44:16 99792 ----a-r- C:\Windows\system32\IS3Svc5.dll
2011-08-18 16:44:16 . 2011-08-18 16:44:16 67024 ----a-r- C:\Windows\system32\IS3Hks5.dll
2011-08-18 16:44:16 . 2011-08-18 16:44:16 456144 ----a-r- C:\Windows\system32\SZBase5.dll
2011-08-18 16:44:16 . 2011-08-18 16:44:16 398800 ----a-r- C:\Windows\system32\IS3DBA5.dll
2011-08-18 16:44:16 . 2011-08-18 16:44:16 28624 ----a-r- C:\Windows\system32\IS3XDat5.dll
2011-08-18 16:44:14 . 2011-08-18 16:44:14 99792 ----a-r- C:\Windows\system32\IS3Inet5.dll
2011-08-18 16:44:14 . 2011-08-18 16:44:14 738768 ----a-r- C:\Windows\system32\IS3Base5.dll
2011-08-18 16:44:14 . 2011-08-18 16:44:14 390608 ----a-r- C:\Windows\system32\IS3UI5.dll
2011-08-18 16:44:14 . 2011-08-18 16:44:14 230864 ----a-r- C:\Windows\system32\IS3Win325.dll
2011-08-15 11:18:14 . 2011-08-15 11:18:17 -------- d-----w- C:\Users\Martin Perrett\.idlerc
2011-08-15 11:04:02 . 2011-08-15 11:06:28 -------- d-----w- C:\Program Files\Python27
2011-08-11 14:18:11 . 2011-08-11 14:18:11 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2011-08-11 14:11:02 . 2011-08-11 14:11:03 23624 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys
2011-08-11 14:10:51 . 2011-08-11 14:10:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-11 14:08:42 . 2011-08-11 14:18:14 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-10 23:44:47 . 2011-06-20 08:54:36 3602832 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 23:44:47 . 2011-06-20 08:54:36 3550096 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-08-10 23:44:44 . 2011-06-17 20:13:55 905104 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-08-09 16:22:44 . 2011-08-09 16:22:44 -------- d-----w- C:\Users\Martin Perrett\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-08-09 16:22:39 . 2011-08-09 16:22:40 -------- d-----w- C:\Program Files\TweetDeck
2011-08-06 13:39:41 . 2011-08-06 13:39:41 -------- d-----w- C:\Program Files\Amazon
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-31 16:09:17 . 2010-11-04 18:59:58 119296 ----a-w- C:\Windows\system32\zlib.dll
2011-07-06 18:52:42 . 2010-05-03 15:24:42 41272 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 . 2010-05-03 15:24:41 22712 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 . 2011-04-10 14:07:21 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:43:51 . 2011-04-10 14:07:21 199304 ----a-w- C:\Windows\system32\aswBoot.exe
2011-07-04 11:36:43 . 2011-04-10 14:08:00 441176 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-07-04 11:36:32 . 2011-04-10 14:08:04 309848 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-07-04 11:35:23 . 2011-04-10 14:08:01 43608 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-07-04 11:32:32 . 2011-04-10 14:08:01 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-07-04 11:32:20 . 2011-04-10 14:07:59 54104 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32:12 . 2011-04-10 14:08:04 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-06-28 14:15:18 . 2011-06-28 14:15:18 404640 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01:26 . 2011-06-22 17:01:26 53816 ----a-w- C:\Windows\system32\drivers\RapportKELL.sys
2011-06-12 14:09:18 . 2011-06-12 14:09:18 2206720 ----a-w- C:\Windows\system32\python27.dll
2010-06-10 23:34:03 . 2010-06-10 23:34:03 188416 ----a-w- C:\Program Files\Vista-ShutdownTimer.exe
2008-11-11 18:29:10 . 2008-11-11 18:29:08 565760 ----a-w- C:\Program Files\recover_files.exe
2011-08-18 03:38:38 . 2011-05-06 14:48:24 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 01 September 2011 - 04:49 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gravejr

gravejr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 01 September 2011 - 05:23 PM

2011/09/01 23:08:27.0068 3236 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/01 23:08:27.0158 3236 ================================================================================
2011/09/01 23:08:27.0158 3236 SystemInfo:
2011/09/01 23:08:27.0158 3236
2011/09/01 23:08:27.0158 3236 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/01 23:08:27.0158 3236 Product type: Workstation
2011/09/01 23:08:27.0158 3236 ComputerName: WINDOWS-P6JB3EH
2011/09/01 23:08:27.0159 3236 UserName: Martin Perrett
2011/09/01 23:08:27.0159 3236 Windows directory: C:\Windows
2011/09/01 23:08:27.0159 3236 System windows directory: C:\Windows
2011/09/01 23:08:27.0159 3236 Processor architecture: Intel x86
2011/09/01 23:08:27.0159 3236 Number of processors: 2
2011/09/01 23:08:27.0159 3236 Page size: 0x1000
2011/09/01 23:08:27.0159 3236 Boot type: Normal boot
2011/09/01 23:08:27.0159 3236 ================================================================================
2011/09/01 23:08:28.0782 3236 Initialize success
2011/09/01 23:09:21.0273 1780 ================================================================================
2011/09/01 23:09:21.0273 1780 Scan started
2011/09/01 23:09:21.0273 1780 Mode: Manual;
2011/09/01 23:09:21.0273 1780 ================================================================================
2011/09/01 23:09:21.0912 1780 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/01 23:09:21.0990 1780 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/01 23:09:22.0044 1780 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/01 23:09:22.0089 1780 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/01 23:09:22.0146 1780 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/01 23:09:22.0208 1780 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/01 23:09:22.0244 1780 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/01 23:09:22.0286 1780 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/01 23:09:22.0358 1780 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/01 23:09:22.0405 1780 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/01 23:09:22.0453 1780 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/01 23:09:22.0514 1780 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/01 23:09:22.0556 1780 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/01 23:09:22.0618 1780 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/01 23:09:22.0666 1780 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/01 23:09:22.0720 1780 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/09/01 23:09:22.0766 1780 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/09/01 23:09:22.0802 1780 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/09/01 23:09:22.0853 1780 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/09/01 23:09:22.0900 1780 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/09/01 23:09:22.0958 1780 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/09/01 23:09:23.0035 1780 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/01 23:09:23.0095 1780 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/01 23:09:23.0169 1780 AtcL001 (c480fcc90662a571f8a905369e467b2e) C:\Windows\system32\DRIVERS\l160x86.sys
2011/09/01 23:09:23.0271 1780 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/01 23:09:23.0342 1780 BlackBox (32790d68ddcf79c990622564585ca546) C:\Windows\system32\drivers\BlackBox.sys
2011/09/01 23:09:23.0457 1780 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/01 23:09:23.0501 1780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/01 23:09:23.0552 1780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/01 23:09:23.0591 1780 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/01 23:09:23.0634 1780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/01 23:09:23.0675 1780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/01 23:09:23.0696 1780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/01 23:09:23.0746 1780 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/01 23:09:23.0797 1780 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/01 23:09:23.0865 1780 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/01 23:09:23.0930 1780 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/01 23:09:24.0004 1780 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/01 23:09:24.0071 1780 Bulk (f6d764e302960a13ff6008edfd089dd8) C:\Windows\system32\Drivers\HDJBulk.sys
2011/09/01 23:09:24.0138 1780 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/01 23:09:24.0192 1780 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/01 23:09:24.0259 1780 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/01 23:09:24.0314 1780 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/01 23:09:24.0343 1780 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/09/01 23:09:24.0384 1780 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/01 23:09:24.0417 1780 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/01 23:09:24.0474 1780 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/01 23:09:24.0546 1780 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/01 23:09:24.0630 1780 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/01 23:09:24.0684 1780 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/01 23:09:24.0757 1780 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/01 23:09:24.0827 1780 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/01 23:09:24.0922 1780 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/01 23:09:25.0032 1780 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/01 23:09:25.0072 1780 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/01 23:09:25.0110 1780 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/01 23:09:25.0155 1780 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/01 23:09:25.0217 1780 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/01 23:09:25.0280 1780 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/01 23:09:25.0329 1780 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/01 23:09:25.0397 1780 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/01 23:09:25.0444 1780 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/01 23:09:25.0488 1780 ggflt (9ae4cd2acdf58325fd38b416c1decf1d) C:\Windows\system32\DRIVERS\ggflt.sys
2011/09/01 23:09:25.0532 1780 ggsemc (4b0bd44af495fc5b89477328f22f36ec) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/09/01 23:09:25.0675 1780 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/01 23:09:25.0790 1780 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/01 23:09:25.0848 1780 HDJAsioK (7317f4b64481030ffa087d39971763c4) C:\Windows\system32\Drivers\HDJAsioK.sys
2011/09/01 23:09:25.0897 1780 HDJMidi (b931ff5c9c7ef0354f50f0501b2d91dc) C:\Windows\system32\DRIVERS\HDJMidi.sys
2011/09/01 23:09:25.0954 1780 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/01 23:09:25.0987 1780 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/01 23:09:26.0031 1780 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/01 23:09:26.0089 1780 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/01 23:09:26.0196 1780 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/01 23:09:26.0243 1780 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/09/01 23:09:26.0326 1780 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/01 23:09:26.0390 1780 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/01 23:09:26.0456 1780 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/01 23:09:26.0498 1780 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/01 23:09:26.0575 1780 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/01 23:09:26.0680 1780 IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/01 23:09:26.0785 1780 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/01 23:09:26.0826 1780 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/01 23:09:26.0874 1780 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/01 23:09:27.0002 1780 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/01 23:09:27.0056 1780 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/01 23:09:27.0115 1780 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/01 23:09:27.0212 1780 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2011/09/01 23:09:27.0305 1780 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/01 23:09:27.0372 1780 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/01 23:09:27.0414 1780 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/01 23:09:27.0462 1780 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/01 23:09:27.0531 1780 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/01 23:09:27.0592 1780 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/01 23:09:27.0649 1780 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/01 23:09:27.0723 1780 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/01 23:09:27.0776 1780 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/01 23:09:27.0809 1780 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/01 23:09:27.0850 1780 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/01 23:09:27.0896 1780 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/01 23:09:27.0944 1780 mcdbus (94f2f3e27f5a43ffe5e3166035e81176) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/01 23:09:28.0016 1780 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/01 23:09:28.0046 1780 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/01 23:09:28.0123 1780 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/01 23:09:28.0168 1780 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/09/01 23:09:28.0223 1780 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/01 23:09:28.0276 1780 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/01 23:09:28.0327 1780 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/01 23:09:28.0372 1780 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/01 23:09:28.0425 1780 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/01 23:09:28.0480 1780 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/01 23:09:28.0527 1780 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/01 23:09:28.0610 1780 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/01 23:09:28.0687 1780 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/01 23:09:28.0784 1780 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/01 23:09:28.0833 1780 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/01 23:09:28.0907 1780 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/01 23:09:28.0942 1780 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/01 23:09:29.0003 1780 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/01 23:09:29.0047 1780 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/01 23:09:29.0118 1780 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/01 23:09:29.0192 1780 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/01 23:09:29.0253 1780 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/01 23:09:29.0312 1780 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/01 23:09:29.0354 1780 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/01 23:09:29.0415 1780 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/01 23:09:29.0455 1780 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/01 23:09:29.0529 1780 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/01 23:09:29.0572 1780 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/09/01 23:09:29.0644 1780 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/01 23:09:29.0714 1780 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/01 23:09:29.0772 1780 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/01 23:09:29.0819 1780 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/01 23:09:29.0863 1780 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/01 23:09:29.0912 1780 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/01 23:09:29.0987 1780 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/01 23:09:30.0046 1780 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/01 23:09:30.0120 1780 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/01 23:09:30.0220 1780 netr73 (847b64e9069946556bcfcdce638566d8) C:\Windows\system32\DRIVERS\netr73.sys
2011/09/01 23:09:30.0288 1780 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/01 23:09:30.0362 1780 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/01 23:09:30.0430 1780 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/01 23:09:30.0498 1780 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/01 23:09:30.0577 1780 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/01 23:09:30.0623 1780 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/01 23:09:30.0856 1780 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/01 23:09:31.0142 1780 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/01 23:09:31.0182 1780 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/01 23:09:31.0287 1780 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/01 23:09:31.0420 1780 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/01 23:09:31.0503 1780 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/09/01 23:09:31.0560 1780 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/01 23:09:31.0674 1780 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/01 23:09:31.0775 1780 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
2011/09/01 23:09:31.0855 1780 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/09/01 23:09:31.0900 1780 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/01 23:09:31.0943 1780 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/09/01 23:09:31.0980 1780 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/01 23:09:32.0032 1780 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/01 23:09:32.0167 1780 Ph3xIB32 (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
2011/09/01 23:09:32.0332 1780 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/01 23:09:32.0378 1780 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/01 23:09:32.0469 1780 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/01 23:09:32.0538 1780 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/01 23:09:32.0629 1780 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/01 23:09:32.0700 1780 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/01 23:09:32.0839 1780 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
2011/09/01 23:09:32.0905 1780 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/09/01 23:09:32.0968 1780 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\Windows\system32\Drivers\RapportKELL.sys
2011/09/01 23:09:33.0074 1780 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/09/01 23:09:33.0168 1780 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/01 23:09:33.0222 1780 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/01 23:09:33.0283 1780 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/01 23:09:33.0331 1780 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/01 23:09:33.0440 1780 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/01 23:09:33.0513 1780 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/01 23:09:33.0577 1780 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/01 23:09:33.0638 1780 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/01 23:09:33.0718 1780 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/01 23:09:33.0811 1780 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/01 23:09:33.0876 1780 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/01 23:09:33.0942 1780 RT73 (bf4709c002d632170dc15a282813d6b3) C:\Windows\system32\DRIVERS\rt73.sys
2011/09/01 23:09:34.0005 1780 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/09/01 23:09:34.0073 1780 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/09/01 23:09:34.0118 1780 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/09/01 23:09:34.0177 1780 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/09/01 23:09:34.0247 1780 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/09/01 23:09:34.0283 1780 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/09/01 23:09:34.0316 1780 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/09/01 23:09:34.0415 1780 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\Anit-Malware Programs\Superantispyware\SASDIFSV.SYS
2011/09/01 23:09:34.0435 1780 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\Anit-Malware Programs\Superantispyware\SASKUTIL.SYS
2011/09/01 23:09:34.0517 1780 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/01 23:09:34.0646 1780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/01 23:09:34.0707 1780 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/01 23:09:34.0759 1780 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/09/01 23:09:34.0828 1780 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/01 23:09:34.0947 1780 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/01 23:09:34.0986 1780 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/01 23:09:35.0076 1780 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/01 23:09:35.0120 1780 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/01 23:09:35.0207 1780 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/01 23:09:35.0274 1780 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/01 23:09:35.0329 1780 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/01 23:09:35.0398 1780 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/01 23:09:35.0507 1780 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/01 23:09:35.0590 1780 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/09/01 23:09:35.0693 1780 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/01 23:09:35.0739 1780 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/01 23:09:35.0787 1780 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/01 23:09:35.0878 1780 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/09/01 23:09:35.0942 1780 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/01 23:09:36.0028 1780 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/01 23:09:36.0084 1780 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/01 23:09:36.0142 1780 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/01 23:09:36.0255 1780 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2011/09/01 23:09:36.0311 1780 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2011/09/01 23:09:36.0429 1780 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/01 23:09:36.0512 1780 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/01 23:09:36.0580 1780 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/01 23:09:36.0624 1780 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/01 23:09:36.0692 1780 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/01 23:09:36.0753 1780 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/01 23:09:36.0818 1780 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/01 23:09:36.0922 1780 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/01 23:09:36.0973 1780 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/01 23:09:37.0058 1780 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/01 23:09:37.0120 1780 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/01 23:09:37.0202 1780 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/01 23:09:37.0276 1780 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/01 23:09:37.0350 1780 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/01 23:09:37.0386 1780 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/01 23:09:37.0454 1780 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/01 23:09:37.0511 1780 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/01 23:09:37.0607 1780 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/01 23:09:37.0738 1780 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/01 23:09:37.0783 1780 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/01 23:09:37.0833 1780 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/01 23:09:37.0902 1780 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/01 23:09:37.0967 1780 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/01 23:09:38.0026 1780 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/01 23:09:38.0079 1780 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/01 23:09:38.0138 1780 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/01 23:09:38.0202 1780 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/01 23:09:38.0265 1780 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/01 23:09:38.0334 1780 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/01 23:09:38.0406 1780 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/01 23:09:38.0459 1780 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/01 23:09:38.0498 1780 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/01 23:09:38.0561 1780 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/01 23:09:38.0601 1780 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/01 23:09:38.0675 1780 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/01 23:09:38.0736 1780 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/01 23:09:38.0789 1780 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/01 23:09:38.0868 1780 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/01 23:09:38.0949 1780 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/01 23:09:39.0019 1780 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 23:09:39.0052 1780 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 23:09:39.0128 1780 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/01 23:09:39.0201 1780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/01 23:09:39.0347 1780 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/01 23:09:39.0508 1780 WmBEnum (59c90bc8317bd3f6e5559a4deaf35090) C:\Windows\system32\drivers\WmBEnum.sys
2011/09/01 23:09:39.0549 1780 WmFilter (999a4539ad634a741afd357e290bd461) C:\Windows\system32\drivers\WmFilter.sys
2011/09/01 23:09:39.0595 1780 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/01 23:09:39.0687 1780 WmVirHid (0b8c64b13776f17537f0705fe62799c6) C:\Windows\system32\drivers\WmVirHid.sys
2011/09/01 23:09:39.0740 1780 WmXlCore (8d388aeb1a12c1192aa9b4ebceabcba6) C:\Windows\system32\drivers\WmXlCore.sys
2011/09/01 23:09:39.0831 1780 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/01 23:09:39.0884 1780 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/01 23:09:39.0970 1780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/01 23:09:40.0017 1780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/01 23:09:40.0070 1780 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/01 23:09:40.0191 1780 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/09/01 23:09:40.0237 1780 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/09/01 23:09:40.0333 1780 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
2011/09/01 23:09:40.0537 1780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/01 23:09:40.0641 1780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/01 23:09:40.0676 1780 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk3\DR3
2011/09/01 23:09:40.0747 1780 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk4\DR9
2011/09/01 23:09:40.0759 1780 Boot (0x1200) (3e43a1098640b535623512db2f36375f) \Device\Harddisk2\DR2\Partition0
2011/09/01 23:09:40.0771 1780 Boot (0x1200) (5d4e2921c57be202a189bec291496017) \Device\Harddisk0\DR0\Partition0
2011/09/01 23:09:40.0810 1780 Boot (0x1200) (0c22509c065f2a6902cb54a798b1ac93) \Device\Harddisk0\DR0\Partition1
2011/09/01 23:09:40.0818 1780 Boot (0x1200) (0fb114df86f2e4b02eef88ff965fa534) \Device\Harddisk1\DR1\Partition0
2011/09/01 23:09:40.0831 1780 Boot (0x1200) (84a6758c34626abdb5b558d2f1fb50e3) \Device\Harddisk3\DR3\Partition0
2011/09/01 23:09:40.0844 1780 Boot (0x1200) (6dc20a6050fa2bad9dd6a76b7fbaa00e) \Device\Harddisk4\DR9\Partition0
2011/09/01 23:09:40.0851 1780 ================================================================================
2011/09/01 23:09:40.0851 1780 Scan finished
2011/09/01 23:09:40.0851 1780 ================================================================================
2011/09/01 23:09:40.0861 3428 Detected object count: 0
2011/09/01 23:09:40.0862 3428 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 01 September 2011 - 05:44 PM

Hello


I need you to let me know about the redirects now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 03 September 2011 - 11:33 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 AM

Posted 07 September 2011 - 01:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users