Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirection, all browsers acting slowly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » March 22nd, 2011, 11:01 pm

Hello! I'm having difficulty with an infected computer and I'm not sure even where to begin describing my issues. I was browsing the net a few days ago, not hanging out on any sites that were especially seedy (no 4chan for me) but that were loaded with popups and browser redirects. I knew I shouldn't have pressed my luck but an article that promised me 10 pictures of hilarious home repair failures was too alluring to pass up. Unfortunately, as soon as I clicked it my browser closed and a "helpful" program called AntiMalwareDoctor showed up and told me I had somewhere in the ballpark of ten billion infections. Well, I knew better than to trust it - I've seen the fake antivirus card played before - so I ran MBAM to try to get rid of it. It found 7 infections but the problems still remained.

Here's a list of issues I've had:
-All the browsers I have installed - IE, Firefox, and Safari - take ages to open when first clicked, are prone to popups when open, redirect their Google search results to other pages, and have crashed back to desktop before I can get anywhere multiple times. IE once bluescreened the computer within about 20 seconds of being clicked on.
-Sometimes, when the computer reboots, it plays the Windows logon chime, but displays only a black screen. The cursor is visible but the task manager cannot be opened. Pressing Alt-Tab reveals that two windows are open, but neither can be displayed. At this point a hard reboot is necessary.
-Windows just doesn't quite look right. I still have the Windows Aero glass effect in the title bar of most windows, but internal elements (like the column headers in a window, scroll bars, and some buttons) look like they're in classic Windows 95/98 mode. The whole UI appears unpolished
-Once and only once, upon reboot I was told that my copy of windows was not genuine. That error disappeared after the next reboot.
-The machine as a whole just seems slow. I saw the post that said that slowness wasn't usually attributable to malware, but I'm listing it as a symptom because the computer seems remarkably more sluggish than it did a week ago. It's a big change in performance in just a couple of days' time.

I know the instructions asked for a DDS log but I don't seem to be able to run it. I turned it on before I left for work this morning and when I came home it still had not opened any logs for me to post. Since it says the scan should take under 3 minutes and I'd let it run 10 hours, I'm going to consider that anomalous. So, I'm sorry I haven't anything apart from an error report, but hopefully someone can help. Thank you in advance for anything anyone can do.

I also have a question about P2P software as mentioned in the Announcement. I know a lot of people use BitTorrent and the like to download illegally but my only purpose in adding BitTorrent was to download music from a site called OC Remix. I know that a torrent download could contain anything regardless of what it SAYS it contains and that I could give myself a trojan that way, but if I'm using the software to get legitimate and legal content then I'm not in any danger, right? If not, please let me know... I don't want to do anything that will damage my own macine.

Here's everything I've run in order to try to kill this thing myself:
MBAM - Multiple times, full and quick scans, in safemode and normal mode.
Avast Antivirus - Full Scan
Spybot Search and Destroy - Full Scan
SuperAntiSpyware - Full Scan

Thanks, I know that was a pretty big infodump I dropped on you all. I'm extremely grateful in advance for any help that anyone can provide!
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm
Advertisement
Register to Remove

Re: Google Redirection, all browsers acting slowly

Unread postby Carolyn » March 28th, 2011, 8:20 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please try running DDS in Safe Mode.

Boot to Safe Mode
Please print the instructions below or copy and paste to Notepad since you will not have internet access while in Safe Mode.

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, continually press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode.

Post the resulting DDS.txt and Attach.txt files.

if I'm using the software to get legitimate and legal content then I'm not in any danger, right? If not, please let me know... I don't want to do anything that will damage my own macine.


Using P2P programs for legitimate downloads does open you up to the risk of infection. You can read more about the risk here, Ask an MVP about: Home PC Security
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » March 29th, 2011, 12:09 pm

Hi, Carolyn! Thanks for your reply. I was beginning to think that nobody was going to respond, so your post means a lot to me. :)

I actually was able to get DDS to run two days ago when I ran it immediately after the computer booted, so safemode is not necessary I don't think. I'll post the log when I get home (I'm at work right now).

Also, thanks for clarifying about P2P software. I guess the safest thing to do, then, is to uninstall BT from this machine and put it on an old laptop or something... use it as a sandbox PC that does nothing but download and then, when I'm sure that machine is not infected, transfer the files to a PC that's actually "in use". Would that be safer?
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » March 29th, 2011, 8:23 pm

Here are the two logs you requested.

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 3/27/2011 5:45:12 PM (1 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 58.546 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 287.752 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 487.722 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 266.366 GiB free.
I: is FIXED (NTFS) - 1863 GiB total, 861.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
ABC Amber LIT Converter
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
BitTorrent
Black and White
BlockCAD 3.19
Bonjour
calibre
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
ConvertXtoDVD 3.8.0.193f
Cook'n & Grill'n
CPUID CPU-Z 1.55
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.18)
MSVCRT Redists
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.7
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.1
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Spybot - Search & Destroy
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
WebEx
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/27/2011 5:46:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/22/2011 8:17:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/22/2011 8:14:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/22/2011 8:14:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/22/2011 8:14:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
3/20/2011 8:32:21 PM, Error: EventLog [6008] - The previous system shutdown at 8:27:43 PM on 3/20/2011 was unexpected.
3/20/2011 8:27:43 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:15 PM on 3/20/2011 was unexpected.
3/20/2011 8:20:38 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
3/20/2011 6:06:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/20/2011 6:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/20/2011 6:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/20/2011 6:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/20/2011 6:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/20/2011 6:05:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2011 6:05:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2011 6:05:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/20/2011 6:05:08 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
3/20/2011 6:05:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/20/2011 6:04:58 PM, Error: EventLog [6008] - The previous system shutdown at 6:02:17 PM on 3/20/2011 was unexpected.
3/20/2011 5:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/20/2011 5:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/20/2011 5:35:48 PM, Error: EventLog [6008] - The previous system shutdown at 5:28:47 PM on 3/20/2011 was unexpected.
3/20/2011 3:56:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
3/20/2011 3:56:57 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2011 12:39:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
.
==== End Of File ===========================


DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alex at 18:03:45.58 on Sun 03/27/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.621 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote - e:\program files\evernote\evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - e:\program files\evernote\evernote3\enbar.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbeyond.webex.com/client/T27LC/ ... atgpc1.cab
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-26 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 42184]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-26 20328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-21 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\drivers\BLKWGDv8.sys [2006-11-18 312832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
.
=============== Created Last 30 ================
.
2011-03-21 02:05:35 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-21 02:04:54 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-21 02:04:54 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-21 02:04:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-21 02:04:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-21 02:04:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-21 02:04:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-21 02:04:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 06:36:25 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-20 06:35:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-20 06:34:57 40648 ----a-w- c:\windows\avastSS.scr
2011-03-20 06:34:53 -------- d-----w- c:\program files\AVAST Software
2011-03-20 06:34:53 -------- d-----w- c:\progra~2\AVAST Software
2011-03-17 01:05:59 -------- d-----w- c:\users\alex\Calibre Library
2011-03-17 01:05:47 -------- d-----w- c:\users\alex\appdata\roaming\calibre
2011-03-17 01:04:24 -------- d-----w- c:\program files\Calibre2
2011-03-15 02:46:25 -------- d-----w- c:\users\alex\appdata\roaming\Trillian
2011-02-28 02:53:03 176128 ----a-w- c:\windows\system32\Cw3215.dll
2011-02-28 02:53:03 -------- d-----w- c:\windows\Desktop
2011-02-28 02:52:56 28672 ----a-w- c:\windows\system32\temp.000
2011-02-28 02:52:56 -------- d-----w- c:\program files\DVO
.
==================== Find3M ====================
.
2011-03-21 02:05:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-02-12 21:17:58 154624 ----a-w- c:\windows\system32\RemoteControl.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000064
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8683B439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868417d0]; MOV EAX, [0x8684184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8228B912] -> \Device\Harddisk0\DR0[0x8619D780]
3 CLASSPNP[0x883C58B3] -> ntkrnlpa!IofCallDriver[0x8228B912] -> [0x85657850]
5 acpi[0x8060F6BC] -> ntkrnlpa!IofCallDriver[0x8228B912] -> [0x852386A0]
\Driver\nvstor32[0x864A6BE8] -> IRP_MJ_CREATE -> 0x8683B439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000063 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 18:05:59.00 ===============
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby Carolyn » March 31st, 2011, 6:26 am

Hello again,

You have a Rootkit infection, likely from using BitTorrent. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
Restoring your backups

==========================

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

==========================

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate BitTorrent and click on the Uninstall button to uninstall it.
  3. Repeat for any other P2P programs that are installed.
  4. Close Control Panel when done.

==========================

Punkbuster warning

I see you have Punkbuster installed. (read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
  • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
  • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
  • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Please let me know what you would like to do.

==========================

Uninstall Spybot - Search & Destroy
This program must be uninstalled as it can interfere with the cleaning process.
  • Go to start > control panel > programs and features.
  • Right click on each instance of:

    Spybot - Search & Destroy

  • Click Uninstall & then follow the prompts to remove them.

==========================

Download CKScanner from here
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

==========================

Disable Avast

  • Right click on the avast! icon in system tray (looks like this: Image) and choose (Avast shield control)
  • Chose disable permanently.
  • Note: Don't forget to re-enable it after the fix.

==========================

Disable WinPatrol
Programs, like WinPatrol, can Interfere with our fix, so we'll need to temporarily, disable them.
  1. Right click on the Scotty Dog icon near the clock and select Options.... A window will open.
  2. Select the Options tab.
  3. Uncheck (untick) the box..."Automatically run Winpatrol when computer starts".
  4. Close the WinPatrol window.
  5. Right click on the Scotty Dog icon again and select Exit Program.
WinPatrol has now been disabled.

==========================

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

==========================

Please post the following in your next reply:
  • the contents of CKFiles.txt
  • the TDSSKiller log
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » March 31st, 2011, 10:35 am

Once again I'm at work, so I'll do these things when I get home tonight. As to your questions though:

1. Let's clean the system, not wipe it. The machine is used for Skype calls, gaming, and watching online video. All my banking and personal stuff is done through my laptop, so as long as it's a trust issue (not a performance issue) cleaning seems best. If you're telling me that no matter what I do the machine will crawl along and be slow until I reformat, then I might have to reconsider. The machine is indeed behind a firewall via the router, which the article said reduced some of my risk IF I had a rootkit that was only opening ports to listen. So... do we know at this point if that's the case?
2. Let's also leave PunkBuster. Worst case scenario is that I do have to reinstall it if it breaks, but if it doesn't then there seems to be no reason to me that we should put it on the chopping block. Please clarify your comment that "it is spyware" though... its job is to spy on my machine and report what it finds to another server to see if any hacks are being used, so I see how it fits that definition. But my question is, does the fact that a program is technically spyware automatically mean that it is malicious/dangerous?
3. Thanks for clarifying about P2P software. I'll remove BT tonight before I start.

Thanks so much for your informative replies!
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 1st, 2011, 1:07 am

The system is running much faster after running those scans and curing the rootkit that was found. Windows looks like it used to, and my browsers are launching in a second or two rather than 45 seconds+ (if at all). I seem to be able to search google and actually get to the results I clicked on, which is a great relief as well :). Also, one other symptom I noticed yesterday is gone. Skype would not recognize my USB webcam. It does again tonight. Not sure if that was an issue as well or just a coincidence.

Here are the files. TDSS Killer produced two logs, not 1, so I posted them both.

ckffiles.txt:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\doctor who - the adventure games\data\episode_1\audio\objects\ice_crack_1.ogg
c:\program files\doctor who - the adventure games\data\episode_1\audio\objects\ice_crack_2.ogg
c:\program files\doctor who - the adventure games\data\episode_1\audio\objects\ice_crack_3.ogg
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetailcrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\alex\documents\battlefield 2\mods\bf2\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrack.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackenvmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracklightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracklightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracklightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracklightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailtitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackndetailncracktitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcrackshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetailcracktitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrack.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracklightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracklightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracklightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatesttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmappointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmappointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmaptitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailtitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracktitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackpointlighttitaninterior.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\alex\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4500-11cf-bc78-5fe901c2c535}_39_3\rashaderstmbasedetaildirtcracktitaninterior.cfx
scanner sequence 3.ZZ.11
----- EOF -----


TDSSKiller.2.4.21.0_31.03.2011_22.49.03_log.txt:
2011/03/31 22:49:03.0662 5376 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 22:49:03.0976 5376 ================================================================================
2011/03/31 22:49:03.0976 5376 SystemInfo:
2011/03/31 22:49:03.0976 5376
2011/03/31 22:49:03.0976 5376 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/31 22:49:03.0976 5376 Product type: Workstation
2011/03/31 22:49:03.0977 5376 ComputerName: ALEX-PC
2011/03/31 22:49:03.0977 5376 UserName: Alex
2011/03/31 22:49:03.0977 5376 Windows directory: C:\Windows
2011/03/31 22:49:03.0977 5376 System windows directory: C:\Windows
2011/03/31 22:49:03.0977 5376 Processor architecture: Intel x86
2011/03/31 22:49:03.0977 5376 Number of processors: 2
2011/03/31 22:49:03.0977 5376 Page size: 0x1000
2011/03/31 22:49:03.0977 5376 Boot type: Normal boot
2011/03/31 22:49:03.0977 5376 ================================================================================
2011/03/31 22:49:05.0320 5376 Initialize success
2011/03/31 22:49:10.0874 1592 Deinitialize success


TDSSKiller.2.4.21.0_31.03.2011_22.49.16_log.txt:
2011/03/31 22:49:16.0207 5652 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 22:49:16.0466 5652 ================================================================================
2011/03/31 22:49:16.0466 5652 SystemInfo:
2011/03/31 22:49:16.0466 5652
2011/03/31 22:49:16.0466 5652 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/31 22:49:16.0466 5652 Product type: Workstation
2011/03/31 22:49:16.0466 5652 ComputerName: ALEX-PC
2011/03/31 22:49:16.0467 5652 UserName: Alex
2011/03/31 22:49:16.0467 5652 Windows directory: C:\Windows
2011/03/31 22:49:16.0467 5652 System windows directory: C:\Windows
2011/03/31 22:49:16.0467 5652 Processor architecture: Intel x86
2011/03/31 22:49:16.0467 5652 Number of processors: 2
2011/03/31 22:49:16.0467 5652 Page size: 0x1000
2011/03/31 22:49:16.0467 5652 Boot type: Normal boot
2011/03/31 22:49:16.0467 5652 ================================================================================
2011/03/31 22:49:16.0992 5652 Initialize success
2011/03/31 22:49:34.0618 4476 ================================================================================
2011/03/31 22:49:34.0619 4476 Scan started
2011/03/31 22:49:34.0619 4476 Mode: Manual;
2011/03/31 22:49:34.0619 4476 ================================================================================
2011/03/31 22:49:36.0058 4476 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/31 22:49:36.0149 4476 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/31 22:49:36.0203 4476 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/31 22:49:36.0268 4476 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/31 22:49:36.0310 4476 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/31 22:49:36.0432 4476 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/31 22:49:36.0508 4476 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/31 22:49:36.0565 4476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/31 22:49:36.0611 4476 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/31 22:49:36.0657 4476 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/31 22:49:36.0691 4476 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/31 22:49:36.0728 4476 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/31 22:49:36.0761 4476 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/31 22:49:36.0858 4476 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/31 22:49:36.0927 4476 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/31 22:49:37.0039 4476 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/31 22:49:37.0097 4476 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/31 22:49:37.0157 4476 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/03/31 22:49:37.0199 4476 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/03/31 22:49:37.0258 4476 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/03/31 22:49:37.0330 4476 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/03/31 22:49:37.0410 4476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/31 22:49:37.0454 4476 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/31 22:49:37.0563 4476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/31 22:49:37.0622 4476 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/31 22:49:37.0716 4476 BLKWGDv8 (e4074a8efc2693d5541633529ef6beeb) C:\Windows\system32\DRIVERS\BLKWGDv8.sys
2011/03/31 22:49:37.0775 4476 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/31 22:49:37.0854 4476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/31 22:49:37.0898 4476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/31 22:49:37.0963 4476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/31 22:49:38.0027 4476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/31 22:49:38.0069 4476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/31 22:49:38.0117 4476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/31 22:49:38.0173 4476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/31 22:49:38.0318 4476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/31 22:49:38.0428 4476 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/31 22:49:38.0494 4476 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/31 22:49:38.0557 4476 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/31 22:49:38.0636 4476 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/31 22:49:38.0674 4476 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/03/31 22:49:38.0747 4476 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/03/31 22:49:38.0805 4476 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/31 22:49:38.0835 4476 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/31 22:49:38.0923 4476 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/03/31 22:49:39.0012 4476 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/31 22:49:39.0083 4476 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/31 22:49:39.0165 4476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/31 22:49:39.0255 4476 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/31 22:49:39.0331 4476 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/31 22:49:39.0412 4476 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/31 22:49:39.0490 4476 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/31 22:49:39.0553 4476 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/31 22:49:39.0620 4476 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/31 22:49:39.0682 4476 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/31 22:49:39.0733 4476 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/31 22:49:39.0793 4476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/31 22:49:39.0837 4476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/31 22:49:39.0926 4476 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/31 22:49:39.0963 4476 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/31 22:49:40.0024 4476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/31 22:49:40.0074 4476 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/31 22:49:40.0127 4476 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/31 22:49:40.0226 4476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/31 22:49:40.0285 4476 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/03/31 22:49:40.0389 4476 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/03/31 22:49:40.0457 4476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/31 22:49:40.0556 4476 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/31 22:49:40.0616 4476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/31 22:49:40.0646 4476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/31 22:49:40.0706 4476 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/31 22:49:40.0738 4476 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/31 22:49:40.0789 4476 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/03/31 22:49:40.0861 4476 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/31 22:49:40.0934 4476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/31 22:49:40.0988 4476 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/31 22:49:41.0074 4476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/31 22:49:41.0223 4476 IntcAzAudAddService (4de88b49c891f45cd9ea6d83a341d3e3) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/31 22:49:41.0310 4476 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/31 22:49:41.0349 4476 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/31 22:49:41.0415 4476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/31 22:49:41.0487 4476 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/31 22:49:41.0526 4476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/31 22:49:41.0565 4476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/31 22:49:41.0608 4476 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/31 22:49:41.0666 4476 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/31 22:49:41.0707 4476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/31 22:49:41.0755 4476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/31 22:49:41.0782 4476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/31 22:49:41.0841 4476 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/31 22:49:41.0928 4476 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/31 22:49:42.0087 4476 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/31 22:49:42.0129 4476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/31 22:49:42.0223 4476 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/31 22:49:42.0273 4476 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/31 22:49:42.0317 4476 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/31 22:49:42.0353 4476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/31 22:49:42.0474 4476 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/03/31 22:49:42.0653 4476 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/03/31 22:49:42.0762 4476 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/03/31 22:49:42.0815 4476 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
2011/03/31 22:49:42.0875 4476 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/31 22:49:42.0949 4476 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/31 22:49:43.0029 4476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/31 22:49:43.0088 4476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/31 22:49:43.0116 4476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 22:49:43.0148 4476 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/31 22:49:43.0179 4476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/31 22:49:43.0239 4476 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/31 22:49:43.0279 4476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/31 22:49:43.0338 4476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/31 22:49:43.0381 4476 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/31 22:49:43.0411 4476 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/31 22:49:43.0455 4476 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/31 22:49:43.0482 4476 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/31 22:49:43.0525 4476 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/31 22:49:43.0571 4476 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/31 22:49:43.0622 4476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/31 22:49:43.0649 4476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/31 22:49:43.0713 4476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/31 22:49:43.0741 4476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/31 22:49:43.0781 4476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/31 22:49:43.0847 4476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/31 22:49:43.0887 4476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/31 22:49:43.0925 4476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/31 22:49:43.0974 4476 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/31 22:49:44.0088 4476 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/31 22:49:44.0143 4476 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/31 22:49:44.0179 4476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/31 22:49:44.0221 4476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/31 22:49:44.0321 4476 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/31 22:49:44.0369 4476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/31 22:49:44.0422 4476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/31 22:49:44.0462 4476 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/31 22:49:44.0549 4476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/31 22:49:44.0590 4476 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/31 22:49:44.0644 4476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/31 22:49:44.0721 4476 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/31 22:49:44.0793 4476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/31 22:49:44.0825 4476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/31 22:49:44.0928 4476 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/03/31 22:49:45.0268 4476 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/31 22:49:45.0548 4476 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/31 22:49:45.0588 4476 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/31 22:49:45.0642 4476 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/03/31 22:49:45.0692 4476 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/31 22:49:45.0798 4476 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/31 22:49:45.0916 4476 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/03/31 22:49:45.0964 4476 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/31 22:49:45.0997 4476 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/31 22:49:46.0058 4476 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/31 22:49:46.0152 4476 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/03/31 22:49:46.0207 4476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/31 22:49:46.0278 4476 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/03/31 22:49:46.0357 4476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/31 22:49:46.0533 4476 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/03/31 22:49:46.0694 4476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/31 22:49:46.0738 4476 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/31 22:49:46.0803 4476 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/31 22:49:46.0867 4476 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/31 22:49:46.0948 4476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/31 22:49:46.0995 4476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/31 22:49:47.0027 4476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/31 22:49:47.0079 4476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/31 22:49:47.0141 4476 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/31 22:49:47.0175 4476 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/31 22:49:47.0207 4476 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/31 22:49:47.0243 4476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/31 22:49:47.0304 4476 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/03/31 22:49:47.0334 4476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/31 22:49:47.0407 4476 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/31 22:49:47.0481 4476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/31 22:49:47.0553 4476 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/31 22:49:47.0607 4476 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/03/31 22:49:47.0644 4476 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/03/31 22:49:47.0696 4476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/31 22:49:47.0768 4476 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/31 22:49:47.0827 4476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/31 22:49:47.0892 4476 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/31 22:49:47.0923 4476 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/03/31 22:49:47.0957 4476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/31 22:49:48.0030 4476 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/31 22:49:48.0076 4476 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/31 22:49:48.0138 4476 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/31 22:49:48.0183 4476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/31 22:49:48.0270 4476 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/31 22:49:48.0335 4476 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/31 22:49:48.0399 4476 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/31 22:49:48.0484 4476 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/31 22:49:48.0547 4476 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/03/31 22:49:48.0584 4476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/31 22:49:48.0708 4476 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
2011/03/31 22:49:48.0708 4476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2011/03/31 22:49:48.0717 4476 sptd - detected Locked file (1)
2011/03/31 22:49:48.0761 4476 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
2011/03/31 22:49:48.0819 4476 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/31 22:49:48.0856 4476 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/31 22:49:48.0955 4476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/31 22:49:49.0018 4476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/31 22:49:49.0074 4476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/31 22:49:49.0128 4476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/31 22:49:49.0274 4476 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
2011/03/31 22:49:49.0349 4476 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/31 22:49:49.0427 4476 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/31 22:49:49.0477 4476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/31 22:49:49.0522 4476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/31 22:49:49.0590 4476 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/31 22:49:49.0657 4476 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/31 22:49:49.0731 4476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/31 22:49:49.0777 4476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/31 22:49:49.0813 4476 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/31 22:49:49.0867 4476 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/31 22:49:49.0917 4476 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/31 22:49:49.0995 4476 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/31 22:49:50.0054 4476 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/31 22:49:50.0127 4476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/31 22:49:50.0189 4476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/31 22:49:50.0220 4476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/31 22:49:50.0303 4476 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/31 22:49:50.0399 4476 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/31 22:49:50.0449 4476 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/31 22:49:50.0486 4476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/31 22:49:50.0577 4476 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/31 22:49:50.0656 4476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/31 22:49:50.0717 4476 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/31 22:49:50.0762 4476 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/31 22:49:50.0809 4476 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/31 22:49:50.0869 4476 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/31 22:49:50.0950 4476 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/31 22:49:51.0008 4476 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/31 22:49:51.0080 4476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/31 22:49:51.0133 4476 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/31 22:49:51.0184 4476 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/31 22:49:51.0229 4476 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/31 22:49:51.0280 4476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/31 22:49:51.0351 4476 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/31 22:49:51.0426 4476 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/31 22:49:51.0486 4476 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/31 22:49:51.0547 4476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/31 22:49:51.0595 4476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 22:49:51.0614 4476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 22:49:51.0685 4476 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/31 22:49:51.0740 4476 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/31 22:49:51.0902 4476 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/31 22:49:52.0023 4476 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/31 22:49:52.0054 4476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/31 22:49:52.0148 4476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/31 22:49:52.0243 4476 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/31 22:49:52.0317 4476 ================================================================================
2011/03/31 22:49:52.0317 4476 Scan finished
2011/03/31 22:49:52.0317 4476 ================================================================================
2011/03/31 22:49:52.0334 4964 Detected object count: 2
2011/03/31 22:50:53.0321 4964 Locked file(sptd) - User select action: Skip
2011/03/31 22:50:53.0399 4964 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/31 22:50:53.0399 4964 \HardDisk1 - ok
2011/03/31 22:50:53.0400 4964 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/03/31 22:51:04.0689 5116 Deinitialize success
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby Gary R » April 1st, 2011, 4:48 pm

Carolyn will not be available over the weekend, so if it's OK with you I'll take over helping you with your problem.

It'll take me a while to read through what your problem is and what you've done so far to resolve it, so I'll get back to you as soon as I'm up to speed with things.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 1st, 2011, 5:04 pm

Yes, that'll be perfectly fine. Thank you so much!
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby Gary R » April 1st, 2011, 5:19 pm

Looks like TDSSKiller has taken care of the TDL Rootkit you had on your computer, however I'd like to run some further scans to make sure we've got everything.

First

If you haven't already done so, please reboot your computer.

Next

Since you have Malwarebytes Anti-malware installed ......

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Next

Run a new DDS scan for me please ....

Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both to your Desktop.
  • Copy/Paste the contents of both into your next reply please.

Summary of the logs I need from you in your next post:
  • MBAM log
  • E-Set log
  • DDS.txt
  • Attach.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 3rd, 2011, 2:42 am

MBAM Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6249

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/2/2011 2:43:57 PM
mbam-log-2011-04-02 (14-43-57).txt

Scan type: Quick scan
Objects scanned: 195561
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 3rd, 2011, 2:42 am

ESET Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7309b0c408dd88478ac0cff5fff36509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-03 12:08:43
# local_time=2011-04-02 06:08:43 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 3964034 138385875 0 0
# compatibility_mode=8192 67108863 100 0 36036456 36036456 0 0
# scanned=530630
# found=8
# cleaned=0
# scan_time=11102
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\0AA35AA340E408D76C950D7A0C838F79\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Alex\AppData\Roaming\0AA35AA340E408D76C950D7A0C838F79\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\cspiena.dll a variant of Win32/Cimag.GG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\temp\rnewaomsxc.exe a variant of Win32/Cimag.GG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-6632dd0d probably a variant of Java/Agent.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\hxn0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\02092011_074510\C_Users\Alex\AppData\Roaming\BC3FC61EBD2390BE003660698B68EBA6\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\02092011_074510\C_Users\Alex\AppData\Roaming\BC3FC61EBD2390BE003660698B68EBA6\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 3rd, 2011, 2:43 am

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 3/31/2011 10:53:58 PM (50 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 58.415 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 287.752 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 487.722 GiB free.
G: is CDROM ()
I: is FIXED (NTFS) - 1863 GiB total, 861.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
ABC Amber LIT Converter
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
Black and White
BlockCAD 3.19
Bonjour
calibre
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
ConvertXtoDVD 3.8.0.193f
Cook'n & Grill'n
CPUID CPU-Z 1.55
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Livestream Procaster
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.18)
MSVCRT Redists
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.7
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.1
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
WebEx
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 10:00:08 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/31/2011 10:55:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/29/2011 7:51:48 AM, Error: EventLog [6008] - The previous system shutdown at 7:38:44 AM on 3/29/2011 was unexpected.
3/29/2011 2:38:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
3/27/2011 9:56:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:28 PM on 3/27/2011 was unexpected.
.
==== End Of File ===========================
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 3rd, 2011, 2:43 am

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 3/31/2011 10:53:58 PM (50 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 58.415 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 287.752 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 487.722 GiB free.
G: is CDROM ()
I: is FIXED (NTFS) - 1863 GiB total, 861.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
ABC Amber LIT Converter
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
Black and White
BlockCAD 3.19
Bonjour
calibre
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
ConvertXtoDVD 3.8.0.193f
Cook'n & Grill'n
CPUID CPU-Z 1.55
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Livestream Procaster
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.18)
MSVCRT Redists
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.7
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.1
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
WebEx
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 10:00:08 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/31/2011 10:55:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/29/2011 7:51:48 AM, Error: EventLog [6008] - The previous system shutdown at 7:38:44 AM on 3/29/2011 was unexpected.
3/29/2011 2:38:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 2:35:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
3/27/2011 9:56:48 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:28 PM on 3/27/2011 was unexpected.
.
==== End Of File ===========================
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, all browsers acting slowly

Unread postby AlexG2490 » April 3rd, 2011, 2:43 am

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alex at 0:12:19.83 on Sun 04/03/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.926 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Pamela\Pamela.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Alex\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote - e:\program files\evernote\evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - e:\program files\evernote\evernote3\enbar.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbeyond.webex.com/client/T27LC/ ... atgpc1.cab
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-26 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 42184]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-26 20328]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\drivers\BLKWGDv8.sys [2006-11-18 312832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
.
=============== Created Last 30 ================
.
2011-04-02 05:21:42 -------- d-----w- c:\users\alex\appdata\local\CrashRpt
2011-04-02 05:21:31 -------- d-----w- c:\users\alex\appdata\local\Procaster
2011-04-02 05:21:31 -------- d-----w- c:\program files\Livestream Procaster
2011-03-21 02:05:35 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-21 02:04:54 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-21 02:04:54 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-21 02:04:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-21 02:04:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-21 02:04:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-21 02:04:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-21 02:04:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 06:36:25 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-20 06:35:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-20 06:34:57 40648 ----a-w- c:\windows\avastSS.scr
2011-03-20 06:34:53 -------- d-----w- c:\program files\AVAST Software
2011-03-20 06:34:53 -------- d-----w- c:\progra~2\AVAST Software
2011-03-17 01:05:59 -------- d-----w- c:\users\alex\Calibre Library
2011-03-17 01:05:47 -------- d-----w- c:\users\alex\appdata\roaming\calibre
2011-03-17 01:04:24 -------- d-----w- c:\program files\Calibre2
2011-03-15 02:46:25 -------- d-----w- c:\users\alex\appdata\roaming\Trillian
.
==================== Find3M ====================
.
2011-03-21 02:05:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-02-12 21:17:58 154624 ----a-w- c:\windows\system32\RemoteControl.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000066
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8501F1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8501f008; MOV EAX, 0x8801f1ea; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x82253912] -> \Device\Harddisk0\DR0[0x860B7550]
3 CLASSPNP[0x889C88B3] -> ntkrnlpa!IofCallDriver[0x82253912] -> [0x854DEB68]
5 acpi[0x881406BC] -> ntkrnlpa!IofCallDriver[0x82253912] -> \Device\00000065[0x850BE030]
\Driver\nvstor32[0x850A9B70] -> IRP_MJ_CREATE -> 0x8501F1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x8501d1f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 0:13:25.10 ===============
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware