Jump to content

Kirkxcrust

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

 Content Type 

Everything posted by Kirkxcrust

  1. Kirkxcrust
    MBRCheck still gives me the same issues as before. Here is the log. Thanks. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 162): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7497000 ohci1394.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF798D000 viaide.sys 0xF798F000 aliide.sys 0xF7329000 pcmcia.sys 0xF74B7000 MountMgr.sys 0xF730A000 ftdisk.sys 0xF7991000 dmload.sys 0xF72E4000 dmio.sys 0xF789B000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF74C7000 VolSnap.sys 0xF72CC000 atapi.sys 0xF71F6000 iaStor.sys 0xF74D7000 disk.sys 0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF71D6000 fltmgr.sys 0xF71C4000 sr.sys 0xF71AE000 DRVMCDB.SYS 0xF74F7000 PxHelp20.sys 0xF7197000 KSecDD.sys 0xF710A000 Ntfs.sys 0xF70DD000 NDIS.sys 0xF7507000 Serial.sys 0xF70C3000 Mup.sys 0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF7627000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7933000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF7937000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xF793B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF6041000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF602D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF5EAA000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF5E87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5E73000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF775F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xF7637000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xF5E27000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xF5DFF000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF794B000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0xF7647000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7657000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF776F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF5DCF000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF7A07000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7667000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7A09000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF7677000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7687000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF5DAC000 \SystemRoot\system32\DRIVERS\ks.sys 0xF777F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7787000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xF7697000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF7B0C000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7953000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5D95000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF778F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5D84000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7797000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF779F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5D2C000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7567000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A0B000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5CCE000 \SystemRoot\system32\DRIVERS\update.sys 0xF796F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7973000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF75E7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA63C000 \SystemRoot\system32\drivers\CHDAud.sys 0xAA618000 \SystemRoot\system32\drivers\portcls.sys 0xF618E000 \SystemRoot\system32\drivers\drmk.sys 0xAA5E5000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA4F1000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA43F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS 0xAA031000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF5CB2000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF79AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B33000 \SystemRoot\System32\Drivers\Null.SYS 0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS 0xF773F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF7737000 \SystemRoot\System32\drivers\vga.sys 0xF79B3000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79B5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF788F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF5CAA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9321000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA92C8000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA92A0000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA927A000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA9258000 \SystemRoot\System32\drivers\afd.sys 0xAA021000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAA011000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF79B7000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0xA922D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA001000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xA911D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA9FF1000 \SystemRoot\System32\Drivers\Fips.SYS 0xA90BC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xA920D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xA9D4C000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9DF7E000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x9DEA8000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA5F57000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77CF000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B2D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF021000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF043000 \SystemRoot\System32\ialmdev5.DLL 0xBF07E000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA5BFE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF7B71000 \SystemRoot\System32\DLA\DLADResN.SYS 0x9DE92000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xA5F3B000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xF7A21000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xA85BE000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x9DE7A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x9DE64000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x9DE4E000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xF617E000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xA933C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9DE11000 \SystemRoot\system32\drivers\wdmaud.sys 0x9ED22000 \SystemRoot\system32\drivers\sysaudio.sys 0xA9FD1000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xA9FE1000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9D72E000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9D5AD000 \SystemRoot\System32\Drivers\HTTP.sys 0x9D43E000 \SystemRoot\system32\DRIVERS\srv.sys 0x9D4C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9D337000 \??\C:\WINDOWS\system32\drivers\mqac.sys 0x9D265000 \??\C:\WINDOWS\system32\drivers\RMCast.sys 0x9D3D6000 \SystemRoot\system32\DRIVERS\secdrv.sys 0x9CED1000 \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 0x9C1CB000 \SystemRoot\system32\drivers\kmixer.sys 0x9F0DD000 \??\C:\DOCUME~1\SergioM\LOCALS~1\Temp\catchme.sys 0xA7B3B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA85CE000 \??\C:\DOCUME~1\SergioM\LOCALS~1\Temp\mbr.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 67): 0 System Idle Process 4 System 900 C:\WINDOWS\system32\smss.exe 960 csrss.exe 988 C:\WINDOWS\system32\winlogon.exe 1032 C:\WINDOWS\system32\services.exe 1044 C:\WINDOWS\system32\lsass.exe 1232 C:\WINDOWS\system32\svchost.exe 1324 svchost.exe 1484 C:\WINDOWS\system32\svchost.exe 1632 svchost.exe 1792 svchost.exe 2024 C:\WINDOWS\system32\spoolsv.exe 580 C:\WINDOWS\ehome\ehtray.exe 588 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe 604 C:\WINDOWS\system32\hkcmd.exe 612 C:\WINDOWS\system32\igfxpers.exe 640 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 684 C:\Program Files\HP\QuickPlay\QPService.exe 812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 932 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 1240 C:\Program Files\Microsoft IntelliPoint\point32.exe 1380 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 1424 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe 1444 C:\WINDOWS\system32\dla\DLACTRLW.EXE 1512 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE 1568 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1648 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1692 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC1.EXE 1624 C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe 1088 C:\Program Files\iTunes\iTunesHelper.exe 1820 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1920 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 1848 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 828 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe 1172 C:\Program Files\OpenOffice.org 3\program\soffice.exe 148 C:\Program Files\OpenOffice.org 3\program\soffice.bin 1720 svchost.exe 1900 msdtc.exe 1748 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 2176 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2188 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2268 C:\WINDOWS\ehome\ehrecvr.exe 2316 C:\WINDOWS\ehome\ehSched.exe 2468 C:\WINDOWS\system32\svchost.exe 2520 C:\Program Files\Java\jre6\bin\jqs.exe 2576 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2700 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2912 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 3088 svchost.exe 3156 C:\WINDOWS\system32\svchost.exe 3232 C:\Program Files\Viewpoint\Common\ViewpointService.exe 3360 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3432 mcrdsvc.exe 3524 C:\WINDOWS\system32\mqsvc.exe 3820 C:\WINDOWS\system32\mqtgsvc.exe 692 C:\WINDOWS\system32\wscntfy.exe 2344 wmiprvse.exe 3372 C:\Program Files\iPod\bin\iPodService.exe 1776 C:\WINDOWS\ehome\ehmsas.exe 3768 C:\WINDOWS\system32\dllhost.exe 2856 alg.exe 5008 wmpnetwk.exe 4668 C:\WINDOWS\explorer.exe 5788 C:\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1dbe1000 (FAT32) PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 892C Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1... Enter filename to dump to: mbrdump.datError opening disk (2)! Enter the physical disk number to dump (0-99, -1 to exit): -1 Done!
  2. Kirkxcrust
    DDS log. Will do MBRCheck in a moment. DDS (Ver_10-03-17.01) - NTFSx86 Run by SergioM at 15:14:02.83 on Thu 08/05/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1291 [GMT -7:00] FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\SergioM\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://myspace.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [HPHmon03] c:\windows\system32\hphmon03.exe mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [EPSON Stylus C42 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sergiom\applic~1\mozilla\firefox\profiles\kww5uh4e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\sergiom\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-20 93320] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [2006-6-6 61952] S3 Agpstubio;Agpstubio; [x] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-8-3 18864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048] =============== Created Last 30 ================ 2010-08-05 21:48:47 0 d-sha-r- C:\cmdcons 2010-08-03 20:22:15 0 ----a-w- C:\mbrDump.dat 2010-08-03 18:52:48 80384 ----a-w- C:\MBRCheck.exe 2010-07-28 00:03:58 0 d-----w- C:\tdsskiller 2010-07-13 18:53:22 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe ==================== Find3M ==================== 2010-06-28 19:51:07 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2006-03-16 04:00:00 94784 -csh--w- c:\windows\twain.dll 2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll 2008-04-14 00:12:01 57344 -csh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:02 551936 -csh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:32 11776 -csh--w- c:\windows\system32\regsvr32.exe ============= FINISH: 15:14:13.92 ===============
  3. Kirkxcrust
    Combo fix log. Will follow-up with DDS and MBRCheck reports in the following posts. ComboFix 10-08-05.02 - SergioM 08/05/2010 15:03:59.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1415 [GMT -7:00] Running from: c:\documents and settings\SergioM\Desktop\ComboFix.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-03 20:22 . 2010-08-03 20:22 0 ----a-w- C:\mbrDump.dat 2010-08-03 18:52 . 2010-08-03 18:52 80384 ----a-w- C:\MBRCheck.exe 2010-08-02 19:40 . 2010-07-24 00:22 43008 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-08-02 19:40 . 2010-07-24 00:22 338944 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-08-02 19:40 . 2010-07-24 00:22 346112 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-08-02 19:40 . 2010-07-24 00:22 1496064 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-07-28 00:03 . 2010-07-28 01:15 -------- d-----w- C:\tdsskiller 2010-07-13 18:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 17:42 . 2009-01-01 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-08-03 17:22 . 2007-06-23 14:47 -------- dc----w- c:\program files\Pixoria 2010-07-24 16:08 . 2006-09-12 05:33 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-07-24 16:05 . 2006-12-26 09:12 -------- dc----w- c:\program files\Google 2010-07-22 16:16 . 2006-12-26 07:12 134096 ----a-w- c:\documents and settings\SergioM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-21 20:09 . 2008-12-25 18:26 -------- dc----w- c:\program files\MioNet 2010-07-04 18:34 . 2010-06-28 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-02 19:32 . 2010-07-02 19:32 -------- dc----w- c:\program files\ESET 2010-06-29 21:34 . 2010-06-29 21:34 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-06-28 19:53 . 2006-09-12 05:33 -------- dc----w- c:\program files\Common Files\Java 2010-06-28 19:51 . 2010-06-28 19:51 503808 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\msvcp71.dll 2010-06-28 19:51 . 2010-06-28 19:51 499712 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\jmc.dll 2010-06-28 19:51 . 2010-06-28 19:51 348160 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\msvcr71.dll 2010-06-28 19:51 . 2010-06-28 19:51 61440 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-407d4e90-n\decora-sse.dll 2010-06-28 19:51 . 2010-06-28 19:51 12800 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-407d4e90-n\decora-d3d.dll 2010-06-28 19:51 . 2010-06-28 19:51 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2010-06-28 19:32 . 2006-09-12 05:33 -------- dc----w- c:\program files\Java 2010-06-21 20:12 . 2009-04-07 18:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-14 14:31 . 2006-03-16 04:00 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-08 21:29 . 2008-06-04 00:51 -------- d-----w- c:\documents and settings\SergioM\Application Data\U3 2010-06-08 19:36 . 2009-02-21 22:11 1 ----a-w- c:\documents and settings\SergioM\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-28 15:04 . 2010-05-28 15:04 503808 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\msvcp71.dll 2010-05-28 15:04 . 2010-05-28 15:04 499712 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\jmc.dll 2010-05-28 15:04 . 2010-05-28 15:04 348160 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\msvcr71.dll 2010-05-17 23:19 . 2010-05-17 23:19 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-03-16 04:00 . 2006-03-16 04:00 94784 -csh--w- c:\windows\twain.dll 2008-04-14 00:12 . 2006-03-16 04:00 50688 -csh--w- c:\windows\twain_32.dll 2008-04-14 00:12 . 2006-03-16 04:00 57344 -csh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2006-03-16 04:00 551936 -csh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2006-03-16 04:00 11776 -csh--w- c:\windows\system32\regsvr32.exe . ------- Sigcheck ------- [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [7] 2006-03-16 04:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-08-04 311296] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 74240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\SergioM\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-11-4 1677464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-26 102400] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "990:TCP"= 990:TCP:open inbound TCP port "999:TCP"= 999:TCP:open inbound TCP port "5678:TCP"= 5678:TCP:open inbound TCP port "5679:UDP"= 5679:UDP:open outbound UDP port "5721:TCP"= 5721:TCP:open inbound TCP port "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0 "1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1 "1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2 "1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3 "1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4 "1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5 "1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6 "1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7 "1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8 "1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9 "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1647:TCP"= 1647:TCP:MioNet Storage Device Configuration "5432:UDP"= 5432:UDP:MioNet Storage Device Discovery "67:UDP"= 67:UDP:DHCP Discovery Service R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/20/2009 5:20 PM 93320] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/22/2008 10:40 AM 24652] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [6/6/2006 1:39 PM 61952] S3 Agpstubio;Agpstubio; [x] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [8/3/2001 7:24 PM 18864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:19 PM 50048] . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 01:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://myspace.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 15:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? T??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4668) c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-08-05 15:09:15 ComboFix-quarantined-files.txt 2010-08-05 22:09 ComboFix2.txt 2010-08-05 21:57 ComboFix3.txt 2010-06-28 19:20 ComboFix4.txt 2010-06-28 07:00 Pre-Run: 210,886,656 bytes free Post-Run: 196,046,848 bytes free - - End Of File - - 56CC54E019DC0780BE51D29781292CF8
  4. Kirkxcrust
    Hello, here is the log from the MBRCheck scan. Thanks. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 159): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7497000 ohci1394.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF798D000 viaide.sys 0xF798F000 aliide.sys 0xF7329000 pcmcia.sys 0xF74B7000 MountMgr.sys 0xF730A000 ftdisk.sys 0xF7991000 dmload.sys 0xF72E4000 dmio.sys 0xF789B000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF74C7000 VolSnap.sys 0xF72CC000 atapi.sys 0xF71F6000 iaStor.sys 0xF74D7000 disk.sys 0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF71D6000 fltmgr.sys 0xF71C4000 sr.sys 0xF71AE000 DRVMCDB.SYS 0xF74F7000 PxHelp20.sys 0xF7197000 KSecDD.sys 0xF710A000 Ntfs.sys 0xF70DD000 NDIS.sys 0xF7507000 Serial.sys 0xF70C3000 Mup.sys 0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF75D7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF6D61000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF6D5D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xF6D59000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF5F6A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF5F56000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF5F31000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF5DD3000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF7887000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF5DB0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF788F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5D9C000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF771F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xF75E7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xF5D50000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xF5D28000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF6D49000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0xF75F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7737000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7607000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF773F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF5CF8000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF79D3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7617000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF79D5000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF6AA2000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF6A92000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF5CD5000 \SystemRoot\system32\DRIVERS\ks.sys 0xF774F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7757000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xF6A82000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF7B2D000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF6A72000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5CBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF6A62000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF6A52000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF775F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5CAD000 \SystemRoot\system32\DRIVERS\psched.sys 0xF6A42000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7767000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5C7D000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF6A32000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79D7000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5C1F000 \SystemRoot\system32\DRIVERS\update.sys 0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7957000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF6A22000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA65C000 \SystemRoot\system32\drivers\CHDAud.sys 0xAA638000 \SystemRoot\system32\drivers\portcls.sys 0xF616D000 \SystemRoot\system32\drivers\drmk.sys 0xAA605000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA511000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA45F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7787000 \SystemRoot\System32\Drivers\Modem.SYS 0xF75C7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF6D69000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7A09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7AE4000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A0B000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7857000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF785F000 \SystemRoot\System32\drivers\vga.sys 0xF7A0D000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A0F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF786F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7877000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF706A000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9218000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA91BF000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA9197000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA9171000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA914F000 \SystemRoot\System32\drivers\afd.sys 0xA92FB000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA92EB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF7A11000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0xA9124000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA92DB000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xA90B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA92CB000 \SystemRoot\System32\Drivers\Fips.SYS 0xA8FF2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xA930B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xA926B000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9F1D9000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x9F103000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA90A4000 \SystemRoot\System32\drivers\Dxapi.sys 0xA64FB000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B83000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF021000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF043000 \SystemRoot\System32\ialmdev5.DLL 0xBF07E000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA6A9E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x9FEE7000 \SystemRoot\System32\DLA\DLADResN.SYS 0x9F0ED000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xA9090000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xA6492000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xA9D14000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x9F0D5000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x9F0BF000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x9F0A9000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xA6659000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xF6087000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9FE6B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0x9F044000 \SystemRoot\system32\drivers\wdmaud.sys 0xA6ABE000 \SystemRoot\system32\drivers\sysaudio.sys 0x9ECC6000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9EA51000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9E830000 \SystemRoot\System32\Drivers\HTTP.sys 0x9E6C1000 \SystemRoot\system32\DRIVERS\srv.sys 0x9E699000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9E5BA000 \??\C:\WINDOWS\system32\drivers\mqac.sys 0x9E588000 \??\C:\WINDOWS\system32\drivers\RMCast.sys 0x9E919000 \SystemRoot\system32\DRIVERS\secdrv.sys 0x9E1F0000 \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 0x9D4EF000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 896 C:\WINDOWS\system32\smss.exe 956 csrss.exe 980 C:\WINDOWS\system32\winlogon.exe 1028 C:\WINDOWS\system32\services.exe 1040 C:\WINDOWS\system32\lsass.exe 1228 C:\WINDOWS\system32\svchost.exe 1296 svchost.exe 1476 C:\WINDOWS\system32\svchost.exe 1664 svchost.exe 1824 svchost.exe 2040 C:\WINDOWS\system32\spoolsv.exe 324 C:\WINDOWS\explorer.exe 540 C:\WINDOWS\ehome\ehtray.exe 548 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe 568 C:\WINDOWS\system32\hkcmd.exe 580 C:\WINDOWS\system32\igfxpers.exe 756 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 868 C:\Program Files\HP\QuickPlay\QPService.exe 948 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 952 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 1248 C:\Program Files\Microsoft IntelliPoint\point32.exe 1260 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 1468 C:\WINDOWS\system32\hphmon03.exe 1516 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe 1532 C:\WINDOWS\system32\dla\DLACTRLW.EXE 1544 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE 1552 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1612 C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe 1672 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1728 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC1.EXE 1900 C:\Program Files\iTunes\iTunesHelper.exe 1916 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1936 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1948 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 148 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe 1772 C:\Program Files\Windows Media Player\wmpnscfg.exe 276 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 508 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe 708 C:\Program Files\OpenOffice.org 3\program\soffice.exe 480 C:\Program Files\OpenOffice.org 3\program\soffice.bin 1400 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 1172 svchost.exe 1692 msdtc.exe 2096 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2108 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 2144 C:\Program Files\Bonjour\mDNSResponder.exe 2184 C:\WINDOWS\ehome\ehrecvr.exe 2212 C:\WINDOWS\ehome\ehSched.exe 2392 C:\WINDOWS\system32\svchost.exe 2476 C:\Program Files\Java\jre6\bin\jqs.exe 2552 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2820 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2836 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 3016 svchost.exe 3092 C:\WINDOWS\system32\svchost.exe 3152 C:\Program Files\Viewpoint\Common\ViewpointService.exe 3204 wmpnetwk.exe 3252 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3312 mcrdsvc.exe 3412 C:\WINDOWS\system32\mqsvc.exe 3676 C:\WINDOWS\system32\mqtgsvc.exe 844 C:\WINDOWS\system32\wscntfy.exe 728 wmiprvse.exe 2292 C:\Program Files\iPod\bin\iPodService.exe 3352 C:\WINDOWS\system32\dllhost.exe 2588 C:\WINDOWS\ehome\ehmsas.exe 2720 alg.exe 652 C:\Program Files\Mozilla Firefox\firefox.exe 892 C:\Program Files\Mozilla Firefox\plugin-container.exe 1840 C:\Program Files\Last.fm\LastFM.exe 7948 C:\WINDOWS\system32\notepad.exe 6392 C:\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1dbe1000 (FAT32) PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 892C Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1... Enter filename to dump to: mbrDump.datError opening disk (2)! Enter the physical disk number to dump (0-99, -1 to exit): -1 Done!
  5. Kirkxcrust
    Hello, it appears that the link to the new MBRCheck is broken. Is there any other way I can get the newer MBRCheck? I have already deleted the old one.
  6. Kirkxcrust
    Hello. No, I did not have cure as an option. The only options to choose from were skip, quarantine, and delete. I figured delete was the one most related to cure. I went ahead and tried MBR dump per your previous instructions. I still receive the error message and the 0 byte file. But yes, an unknown code is still present. What else do you recommend doing? Thanks.
  7. Kirkxcrust
    My apologies. I thought that the default setting was cure. I went ahead and rescanned it. Here is the log it produced. But before that, I do want to note right before I hit the "Reboot Now" button, I got a blue error screen and then the reboot happened. It rebooted too fast before I could read what the error was. I went ahead and rescanned right now just in case, but no errors were found. Just wanted to mention that. Anyway, here is the log. Thank you. 2010/07/29 10:38:23.0968 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49 2010/07/29 10:38:23.0968 ================================================================================ 2010/07/29 10:38:23.0968 SystemInfo: 2010/07/29 10:38:23.0968 2010/07/29 10:38:23.0968 OS Version: 5.1.2600 ServicePack: 3.0 2010/07/29 10:38:23.0968 Product type: Workstation 2010/07/29 10:38:23.0968 ComputerName: SERGIO 2010/07/29 10:38:23.0968 UserName: SergioM 2010/07/29 10:38:23.0968 Windows directory: C:\WINDOWS 2010/07/29 10:38:23.0968 System windows directory: C:\WINDOWS 2010/07/29 10:38:23.0968 Processor architecture: Intel x86 2010/07/29 10:38:23.0968 Number of processors: 2 2010/07/29 10:38:23.0968 Page size: 0x1000 2010/07/29 10:38:23.0968 Boot type: Normal boot 2010/07/29 10:38:23.0968 ================================================================================ 2010/07/29 10:38:24.0171 Initialize success 2010/07/29 10:38:26.0671 ================================================================================ 2010/07/29 10:38:26.0671 Scan started 2010/07/29 10:38:26.0671 Mode: Manual; 2010/07/29 10:38:26.0671 ================================================================================ 2010/07/29 10:38:27.0718 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys 2010/07/29 10:38:27.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/07/29 10:38:27.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/07/29 10:38:27.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/07/29 10:38:27.0921 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/07/29 10:38:27.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/07/29 10:38:28.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/07/29 10:38:28.0109 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/07/29 10:38:28.0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/07/29 10:38:28.0390 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/07/29 10:38:28.0421 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/07/29 10:38:28.0437 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/07/29 10:38:28.0468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/07/29 10:38:28.0500 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/07/29 10:38:28.0515 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/07/29 10:38:28.0562 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/07/29 10:38:28.0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/07/29 10:38:28.0671 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/07/29 10:38:28.0703 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/07/29 10:38:28.0718 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/07/29 10:38:28.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/07/29 10:38:28.0890 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/07/29 10:38:28.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/07/29 10:38:29.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/07/29 10:38:29.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/07/29 10:38:29.0109 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/07/29 10:38:29.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/07/29 10:38:29.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/07/29 10:38:29.0187 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/07/29 10:38:29.0203 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/07/29 10:38:29.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/07/29 10:38:29.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/07/29 10:38:29.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/07/29 10:38:29.0625 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/07/29 10:38:29.0671 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/07/29 10:38:29.0718 Compbatt (1674f3047caa90cb85f790ba424ba377) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/07/29 10:38:29.0718 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 1674f3047caa90cb85f790ba424ba377, Fake md5: 1a00a0f7a8198c397af1515bad42ba28 2010/07/29 10:38:29.0718 Compbatt - detected Forged file (1) 2010/07/29 10:38:29.0750 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/07/29 10:38:29.0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/07/29 10:38:29.0812 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/07/29 10:38:29.0859 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/07/29 10:38:29.0937 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2010/07/29 10:38:30.0171 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/07/29 10:38:30.0218 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS 2010/07/29 10:38:30.0281 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2010/07/29 10:38:30.0312 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2010/07/29 10:38:30.0359 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2010/07/29 10:38:30.0406 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2010/07/29 10:38:30.0531 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2010/07/29 10:38:30.0687 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2010/07/29 10:38:30.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/07/29 10:38:31.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/07/29 10:38:31.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/07/29 10:38:31.0156 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/07/29 10:38:31.0296 Dot4 HPH09 (2068615663658b16192dd03ff859519f) C:\WINDOWS\system32\DRIVERS\hphid409.sys 2010/07/29 10:38:31.0359 Dot4Print HPH09 (dd5b51abff07b6b79ed87cbe1494c587) C:\WINDOWS\system32\DRIVERS\hphipr09.sys 2010/07/29 10:38:31.0390 Dot4Storage HPH09 (1f842d5b9477a97953bebf30cb75ed8e) C:\WINDOWS\system32\Drivers\hphs2k09.sys 2010/07/29 10:38:31.0421 Dot4Usb HPH09 (2d01d4e8685513be57f4eaf45756c8e8) C:\WINDOWS\system32\drivers\hphius09.sys 2010/07/29 10:38:31.0453 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/07/29 10:38:31.0484 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/07/29 10:38:31.0546 drvmcdb (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/07/29 10:38:31.0656 drvnddm (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/07/29 10:38:31.0750 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/07/29 10:38:31.0953 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 2010/07/29 10:38:31.0984 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 2010/07/29 10:38:32.0171 eeCtrl (1df3d1be3403d663827496e62d24ca4c) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/07/29 10:38:32.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/07/29 10:38:32.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/07/29 10:38:32.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/07/29 10:38:32.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/07/29 10:38:32.0687 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/07/29 10:38:32.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/07/29 10:38:32.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/07/29 10:38:32.0906 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/07/29 10:38:33.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/07/29 10:38:33.0140 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 2010/07/29 10:38:33.0187 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 2010/07/29 10:38:33.0250 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/07/29 10:38:33.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/07/29 10:38:33.0390 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/07/29 10:38:33.0468 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2010/07/29 10:38:33.0656 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2010/07/29 10:38:33.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/07/29 10:38:33.0843 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/07/29 10:38:33.0875 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/07/29 10:38:33.0968 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/07/29 10:38:34.0093 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/07/29 10:38:34.0265 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/07/29 10:38:34.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/07/29 10:38:34.0328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/07/29 10:38:34.0359 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/07/29 10:38:34.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/07/29 10:38:34.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/07/29 10:38:34.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/07/29 10:38:34.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/07/29 10:38:34.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/07/29 10:38:34.0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/07/29 10:38:34.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/07/29 10:38:34.0890 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/07/29 10:38:34.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/07/29 10:38:34.0953 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/07/29 10:38:35.0078 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys 2010/07/29 10:38:35.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/07/29 10:38:35.0406 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/07/29 10:38:35.0484 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 2010/07/29 10:38:35.0546 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/07/29 10:38:35.0593 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2010/07/29 10:38:35.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/07/29 10:38:35.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/07/29 10:38:35.0906 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2010/07/29 10:38:36.0171 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/07/29 10:38:36.0265 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/07/29 10:38:36.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/07/29 10:38:36.0890 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2010/07/29 10:38:36.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/07/29 10:38:37.0062 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/07/29 10:38:37.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/07/29 10:38:37.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/07/29 10:38:37.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/07/29 10:38:37.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/07/29 10:38:37.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/07/29 10:38:37.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/07/29 10:38:37.0718 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/07/29 10:38:37.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/07/29 10:38:37.0812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/07/29 10:38:38.0046 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/07/29 10:38:38.0093 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/07/29 10:38:38.0109 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/07/29 10:38:38.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/07/29 10:38:38.0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/07/29 10:38:38.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/07/29 10:38:38.0218 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/07/29 10:38:38.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/07/29 10:38:38.0359 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/07/29 10:38:38.0390 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/07/29 10:38:38.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/07/29 10:38:38.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/07/29 10:38:38.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/07/29 10:38:38.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/07/29 10:38:38.0765 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/07/29 10:38:38.0812 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/07/29 10:38:38.0890 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/07/29 10:38:38.0937 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/07/29 10:38:38.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/07/29 10:38:39.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/07/29 10:38:39.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/07/29 10:38:39.0281 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/07/29 10:38:39.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/07/29 10:38:39.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/07/29 10:38:39.0546 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/07/29 10:38:39.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/07/29 10:38:39.0640 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys 2010/07/29 10:38:39.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/07/29 10:38:39.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/07/29 10:38:39.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/07/29 10:38:39.0921 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/07/29 10:38:39.0968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/07/29 10:38:40.0015 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/07/29 10:38:40.0140 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/07/29 10:38:40.0187 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/07/29 10:38:40.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/07/29 10:38:40.0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/07/29 10:38:40.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/07/29 10:38:40.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/07/29 10:38:40.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/07/29 10:38:40.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/07/29 10:38:40.0625 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/07/29 10:38:40.0734 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/07/29 10:38:40.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/07/29 10:38:40.0906 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/07/29 10:38:41.0000 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/07/29 10:38:41.0062 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/07/29 10:38:41.0125 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2010/07/29 10:38:41.0218 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2010/07/29 10:38:41.0343 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/07/29 10:38:41.0437 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/07/29 10:38:41.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/07/29 10:38:41.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/07/29 10:38:41.0687 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2010/07/29 10:38:41.0718 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2010/07/29 10:38:41.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/07/29 10:38:41.0875 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/07/29 10:38:41.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/07/29 10:38:42.0015 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 2010/07/29 10:38:42.0218 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 2010/07/29 10:38:42.0296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/07/29 10:38:42.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/07/29 10:38:42.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/07/29 10:38:42.0562 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/07/29 10:38:42.0609 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/07/29 10:38:42.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/07/29 10:38:42.0750 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/07/29 10:38:42.0796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/07/29 10:38:42.0859 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/07/29 10:38:43.0000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/07/29 10:38:43.0062 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/07/29 10:38:43.0125 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/07/29 10:38:43.0171 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/07/29 10:38:43.0265 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/07/29 10:38:43.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/07/29 10:38:43.0375 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/07/29 10:38:43.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/07/29 10:38:43.0468 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys 2010/07/29 10:38:43.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/07/29 10:38:43.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/07/29 10:38:43.0765 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/07/29 10:38:43.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/07/29 10:38:43.0968 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/07/29 10:38:44.0031 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/07/29 10:38:44.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/07/29 10:38:44.0156 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/07/29 10:38:44.0265 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/07/29 10:38:44.0343 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/07/29 10:38:44.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/07/29 10:38:44.0421 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/07/29 10:38:44.0546 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2010/07/29 10:38:44.0640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/07/29 10:38:44.0703 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/07/29 10:38:44.0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/07/29 10:38:44.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/07/29 10:38:45.0015 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2010/07/29 10:38:45.0234 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/07/29 10:38:45.0296 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/07/29 10:38:45.0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/07/29 10:38:45.0562 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/07/29 10:38:45.0703 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/07/29 10:38:45.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/07/29 10:38:46.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/07/29 10:38:46.0140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/07/29 10:38:46.0234 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys 2010/07/29 10:38:46.0265 ================================================================================ 2010/07/29 10:38:46.0265 Scan finished 2010/07/29 10:38:46.0265 ================================================================================ 2010/07/29 10:38:46.0296 Detected object count: 1 2010/07/29 10:38:53.0437 HKLM\SYSTEM\ControlSet001\services\Compbatt - will be deleted after reboot 2010/07/29 10:38:53.0437 HKLM\SYSTEM\ControlSet003\services\Compbatt - will be deleted after reboot 2010/07/29 10:38:53.0437 C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be deleted after reboot 2010/07/29 10:38:53.0437 Forged file(Compbatt) - User select action: Delete
  8. Kirkxcrust
    Results of tdsskiller scan. thank you. 2010/07/27 18:15:51.0694 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49 2010/07/27 18:15:51.0694 ================================================================================ 2010/07/27 18:15:51.0694 SystemInfo: 2010/07/27 18:15:51.0694 2010/07/27 18:15:51.0694 OS Version: 5.1.2600 ServicePack: 3.0 2010/07/27 18:15:51.0694 Product type: Workstation 2010/07/27 18:15:51.0694 ComputerName: SERGIO 2010/07/27 18:15:51.0694 UserName: SergioM 2010/07/27 18:15:51.0694 Windows directory: C:\WINDOWS 2010/07/27 18:15:51.0694 System windows directory: C:\WINDOWS 2010/07/27 18:15:51.0694 Processor architecture: Intel x86 2010/07/27 18:15:51.0694 Number of processors: 2 2010/07/27 18:15:51.0694 Page size: 0x1000 2010/07/27 18:15:51.0694 Boot type: Normal boot 2010/07/27 18:15:51.0694 ================================================================================ 2010/07/27 18:15:52.0053 Initialize success 2010/07/27 18:15:54.0850 ================================================================================ 2010/07/27 18:15:54.0850 Scan started 2010/07/27 18:15:54.0850 Mode: Manual; 2010/07/27 18:15:54.0850 ================================================================================ 2010/07/27 18:15:55.0569 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys 2010/07/27 18:15:55.0662 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/07/27 18:15:55.0741 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/07/27 18:15:55.0819 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/07/27 18:15:55.0881 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/07/27 18:15:55.0912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/07/27 18:15:55.0991 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/07/27 18:15:56.0069 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/07/27 18:15:56.0272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/07/27 18:15:56.0319 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/07/27 18:15:56.0412 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/07/27 18:15:56.0491 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/07/27 18:15:56.0537 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/07/27 18:15:56.0678 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/07/27 18:15:56.0741 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/07/27 18:15:56.0819 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/07/27 18:15:56.0881 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/07/27 18:15:56.0928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/07/27 18:15:56.0944 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/07/27 18:15:56.0975 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/07/27 18:15:56.0991 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/07/27 18:15:57.0037 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/07/27 18:15:57.0084 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/07/27 18:15:57.0116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/07/27 18:15:57.0209 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/07/27 18:15:57.0303 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/07/27 18:15:57.0444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/07/27 18:15:57.0459 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/07/27 18:15:57.0506 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/07/27 18:15:57.0522 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/07/27 18:15:57.0553 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/07/27 18:15:57.0600 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/07/27 18:15:57.0631 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/07/27 18:15:57.0709 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/07/27 18:15:57.0787 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/07/27 18:15:57.0881 Compbatt (1674f3047caa90cb85f790ba424ba377) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/07/27 18:15:57.0881 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 1674f3047caa90cb85f790ba424ba377, Fake md5: 1a00a0f7a8198c397af1515bad42ba28 2010/07/27 18:15:57.0881 Compbatt - detected Forged file (1) 2010/07/27 18:15:57.0975 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/07/27 18:15:58.0037 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/07/27 18:15:58.0053 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/07/27 18:15:58.0116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/07/27 18:15:58.0225 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2010/07/27 18:15:58.0256 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/07/27 18:15:58.0272 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS 2010/07/27 18:15:58.0334 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2010/07/27 18:15:58.0444 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2010/07/27 18:15:58.0522 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2010/07/27 18:15:58.0584 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2010/07/27 18:15:58.0616 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2010/07/27 18:15:58.0647 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2010/07/27 18:15:58.0772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/07/27 18:15:58.0850 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/07/27 18:15:59.0037 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/07/27 18:15:59.0147 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/07/27 18:15:59.0209 Dot4 HPH09 (2068615663658b16192dd03ff859519f) C:\WINDOWS\system32\DRIVERS\hphid409.sys 2010/07/27 18:15:59.0225 Dot4Print HPH09 (dd5b51abff07b6b79ed87cbe1494c587) C:\WINDOWS\system32\DRIVERS\hphipr09.sys 2010/07/27 18:15:59.0256 Dot4Storage HPH09 (1f842d5b9477a97953bebf30cb75ed8e) C:\WINDOWS\system32\Drivers\hphs2k09.sys 2010/07/27 18:15:59.0287 Dot4Usb HPH09 (2d01d4e8685513be57f4eaf45756c8e8) C:\WINDOWS\system32\drivers\hphius09.sys 2010/07/27 18:15:59.0334 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/07/27 18:15:59.0397 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/07/27 18:15:59.0491 drvmcdb (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/07/27 18:15:59.0522 drvnddm (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/07/27 18:15:59.0616 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/07/27 18:15:59.0678 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 2010/07/27 18:15:59.0709 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 2010/07/27 18:15:59.0897 eeCtrl (1df3d1be3403d663827496e62d24ca4c) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/07/27 18:16:00.0131 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/07/27 18:16:00.0194 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/07/27 18:16:00.0241 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/07/27 18:16:00.0256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/07/27 18:16:00.0319 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/07/27 18:16:00.0397 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/07/27 18:16:00.0459 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/07/27 18:16:00.0725 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/07/27 18:16:00.0803 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/07/27 18:16:00.0897 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 2010/07/27 18:16:00.0928 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 2010/07/27 18:16:01.0241 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/07/27 18:16:01.0553 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/07/27 18:16:01.0616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/07/27 18:16:01.0834 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2010/07/27 18:16:01.0897 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2010/07/27 18:16:02.0022 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/07/27 18:16:02.0069 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/07/27 18:16:02.0178 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/07/27 18:16:02.0241 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/07/27 18:16:02.0475 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/07/27 18:16:02.0600 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/07/27 18:16:02.0709 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/07/27 18:16:02.0834 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/07/27 18:16:02.0866 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/07/27 18:16:02.0991 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/07/27 18:16:03.0022 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/07/27 18:16:03.0069 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/07/27 18:16:03.0100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/07/27 18:16:03.0162 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/07/27 18:16:03.0194 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/07/27 18:16:03.0319 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/07/27 18:16:03.0459 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/07/27 18:16:03.0491 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/07/27 18:16:03.0522 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/07/27 18:16:03.0631 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys 2010/07/27 18:16:03.0662 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/07/27 18:16:03.0725 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/07/27 18:16:03.0866 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 2010/07/27 18:16:03.0959 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/07/27 18:16:04.0084 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2010/07/27 18:16:04.0116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/07/27 18:16:04.0178 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/07/27 18:16:04.0287 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2010/07/27 18:16:04.0319 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/07/27 18:16:04.0381 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/07/27 18:16:04.0412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/07/27 18:16:04.0506 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2010/07/27 18:16:04.0537 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/07/27 18:16:04.0631 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/07/27 18:16:04.0725 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/07/27 18:16:04.0866 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/07/27 18:16:04.0897 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/07/27 18:16:04.0928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/07/27 18:16:04.0959 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/07/27 18:16:05.0037 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/07/27 18:16:05.0100 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/07/27 18:16:05.0194 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/07/27 18:16:05.0241 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/07/27 18:16:05.0287 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/07/27 18:16:05.0350 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/07/27 18:16:05.0428 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/07/27 18:16:05.0537 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/07/27 18:16:05.0553 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/07/27 18:16:05.0584 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/07/27 18:16:05.0647 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/07/27 18:16:05.0678 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/07/27 18:16:05.0725 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/07/27 18:16:05.0834 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/07/27 18:16:05.0975 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/07/27 18:16:06.0100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/07/27 18:16:06.0147 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/07/27 18:16:06.0162 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/07/27 18:16:06.0209 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/07/27 18:16:06.0319 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/07/27 18:16:06.0350 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/07/27 18:16:06.0475 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/07/27 18:16:06.0553 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/07/27 18:16:06.0647 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/07/27 18:16:06.0678 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/07/27 18:16:06.0756 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/07/27 18:16:06.0928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/07/27 18:16:06.0991 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/07/27 18:16:07.0116 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/07/27 18:16:07.0178 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/07/27 18:16:07.0272 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys 2010/07/27 18:16:07.0350 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/07/27 18:16:07.0412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/07/27 18:16:07.0506 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/07/27 18:16:07.0803 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/07/27 18:16:08.0037 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/07/27 18:16:08.0428 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/07/27 18:16:08.0647 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/07/27 18:16:09.0131 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/07/27 18:16:09.0600 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/07/27 18:16:10.0022 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/07/27 18:16:10.0600 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/07/27 18:16:11.0241 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/07/27 18:16:11.0662 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/07/27 18:16:11.0834 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/07/27 18:16:12.0209 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/07/27 18:16:12.0256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/07/27 18:16:12.0491 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/07/27 18:16:13.0147 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/07/27 18:16:13.0616 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/07/27 18:16:14.0131 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/07/27 18:16:14.0366 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2010/07/27 18:16:14.0522 riyumutc (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\yokfgxu.sys 2010/07/27 18:16:14.0709 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2010/07/27 18:16:15.0194 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/07/27 18:16:15.0444 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/07/27 18:16:15.0866 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/07/27 18:16:16.0100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/07/27 18:16:16.0319 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2010/07/27 18:16:16.0475 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2010/07/27 18:16:16.0850 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/07/27 18:16:17.0569 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/07/27 18:16:17.0959 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/07/27 18:16:18.0178 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 2010/07/27 18:16:18.0756 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 2010/07/27 18:16:19.0178 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/07/27 18:16:19.0444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/07/27 18:16:20.0037 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/07/27 18:16:20.0725 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/07/27 18:16:21.0631 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/07/27 18:16:22.0553 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/07/27 18:16:23.0178 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/07/27 18:16:24.0022 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/07/27 18:16:24.0569 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/07/27 18:16:25.0241 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/07/27 18:16:25.0944 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/07/27 18:16:26.0616 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/07/27 18:16:27.0256 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/07/27 18:16:28.0303 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/07/27 18:16:29.0006 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/07/27 18:16:29.0803 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/07/27 18:16:30.0678 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/07/27 18:16:31.0662 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys 2010/07/27 18:16:32.0444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/07/27 18:16:33.0116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/07/27 18:16:34.0334 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/07/27 18:16:35.0178 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/07/27 18:16:35.0991 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/07/27 18:16:36.0569 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/07/27 18:16:37.0241 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/07/27 18:16:38.0053 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/07/27 18:16:38.0569 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/07/27 18:16:38.0944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/07/27 18:16:39.0241 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/07/27 18:16:39.0584 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/07/27 18:16:39.0866 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2010/07/27 18:16:40.0272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/07/27 18:16:40.0334 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/07/27 18:16:40.0491 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/07/27 18:16:40.0944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/07/27 18:16:41.0772 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2010/07/27 18:16:42.0569 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/07/27 18:16:43.0256 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/07/27 18:16:44.0116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/07/27 18:16:44.0600 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/07/27 18:16:44.0991 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/07/27 18:16:45.0366 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/07/27 18:16:45.0959 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/07/27 18:16:46.0537 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/07/27 18:16:47.0053 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys 2010/07/27 18:16:47.0194 ================================================================================ 2010/07/27 18:16:47.0194 Scan finished 2010/07/27 18:16:47.0194 ================================================================================ 2010/07/27 18:16:47.0225 Detected object count: 1 2010/07/27 18:16:55.0850 Forged file(Compbatt) - User select action: Skip 2010/07/27 18:17:26.0772 ================================================================================ 2010/07/27 18:17:26.0772 Scan started 2010/07/27 18:17:26.0772 Mode: Manual; 2010/07/27 18:17:26.0772 ================================================================================ 2010/07/27 18:17:36.0616 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys 2010/07/27 18:17:37.0772 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/07/27 18:17:38.0366 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/07/27 18:17:38.0772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/07/27 18:17:39.0303 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/07/27 18:17:39.0725 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/07/27 18:17:40.0694 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/07/27 18:17:40.0975 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/07/27 18:17:41.0084 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/07/27 18:17:41.0162 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/07/27 18:17:41.0459 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/07/27 18:17:41.0725 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/07/27 18:17:42.0116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/07/27 18:17:42.0428 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/07/27 18:17:42.0928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/07/27 18:17:43.0162 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/07/27 18:17:43.0553 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/07/27 18:17:44.0162 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/07/27 18:17:44.0866 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/07/27 18:17:45.0350 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/07/27 18:17:45.0694 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/07/27 18:17:46.0037 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/07/27 18:17:46.0194 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/07/27 18:17:46.0709 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/07/27 18:17:47.0037 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/07/27 18:17:47.0584 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/07/27 18:17:47.0912 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/07/27 18:17:48.0741 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/07/27 18:17:49.0381 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/07/27 18:17:49.0991 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/07/27 18:17:50.0381 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/07/27 18:17:50.0881 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/07/27 18:17:51.0366 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/07/27 18:17:52.0584 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/07/27 18:17:53.0319 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/07/27 18:17:53.0850 Compbatt (1674f3047caa90cb85f790ba424ba377) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/07/27 18:17:53.0850 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 1674f3047caa90cb85f790ba424ba377, Fake md5: 1a00a0f7a8198c397af1515bad42ba28 2010/07/27 18:17:53.0850 Compbatt - detected Forged file (1) 2010/07/27 18:17:54.0428 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/07/27 18:17:55.0022 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/07/27 18:17:55.0600 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/07/27 18:17:56.0162 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/07/27 18:17:56.0412 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2010/07/27 18:17:57.0116 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/07/27 18:17:57.0350 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS 2010/07/27 18:17:57.0678 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2010/07/27 18:17:58.0178 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2010/07/27 18:17:58.0631 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2010/07/27 18:17:59.0116 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2010/07/27 18:17:59.0678 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2010/07/27 18:18:00.0131 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2010/07/27 18:18:00.0725 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/07/27 18:18:01.0241 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/07/27 18:18:01.0647 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/07/27 18:18:02.0241 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/07/27 18:18:02.0631 Dot4 HPH09 (2068615663658b16192dd03ff859519f) C:\WINDOWS\system32\DRIVERS\hphid409.sys 2010/07/27 18:18:03.0069 Dot4Print HPH09 (dd5b51abff07b6b79ed87cbe1494c587) C:\WINDOWS\system32\DRIVERS\hphipr09.sys 2010/07/27 18:18:03.0319 Dot4Storage HPH09 (1f842d5b9477a97953bebf30cb75ed8e) C:\WINDOWS\system32\Drivers\hphs2k09.sys 2010/07/27 18:18:03.0772 Dot4Usb HPH09 (2d01d4e8685513be57f4eaf45756c8e8) C:\WINDOWS\system32\drivers\hphius09.sys 2010/07/27 18:18:04.0037 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/07/27 18:18:04.0459 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/07/27 18:18:04.0991 drvmcdb (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/07/27 18:18:05.0209 drvnddm (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/07/27 18:18:05.0522 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/07/27 18:18:06.0162 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 2010/07/27 18:18:06.0600 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 2010/07/27 18:18:07.0006 eeCtrl (1df3d1be3403d663827496e62d24ca4c) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/07/27 18:18:07.0584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/07/27 18:18:08.0491 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/07/27 18:18:09.0006 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/07/27 18:18:09.0459 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/07/27 18:18:09.0897 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/07/27 18:18:10.0287 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/07/27 18:18:10.0537 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/07/27 18:18:11.0022 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/07/27 18:18:11.0287 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/07/27 18:18:11.0537 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 2010/07/27 18:18:12.0069 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 2010/07/27 18:18:12.0412 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/07/27 18:18:12.0787 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/07/27 18:18:13.0272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/07/27 18:18:13.0537 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2010/07/27 18:18:14.0178 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2010/07/27 18:18:14.0772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/07/27 18:18:15.0084 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/07/27 18:18:15.0319 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/07/27 18:18:15.0709 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/07/27 18:18:16.0631 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/07/27 18:18:17.0225 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/07/27 18:18:17.0866 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/07/27 18:18:18.0147 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/07/27 18:18:18.0584 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/07/27 18:18:19.0037 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/07/27 18:18:19.0444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/07/27 18:18:19.0928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/07/27 18:18:20.0412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/07/27 18:18:20.0975 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/07/27 18:18:21.0616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/07/27 18:18:22.0037 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/07/27 18:18:22.0866 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/07/27 18:18:23.0241 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/07/27 18:18:23.0881 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/07/27 18:18:24.0350 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys 2010/07/27 18:18:24.0991 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/07/27 18:18:25.0428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/07/27 18:18:25.0975 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 2010/07/27 18:18:26.0381 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/07/27 18:18:27.0037 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2010/07/27 18:18:27.0866 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/07/27 18:18:28.0381 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/07/27 18:18:28.0881 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2010/07/27 18:18:29.0428 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/07/27 18:18:30.0053 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/07/27 18:18:30.0522 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/07/27 18:18:31.0037 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2010/07/27 18:18:31.0412 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/07/27 18:18:32.0037 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/07/27 18:18:32.0475 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/07/27 18:18:32.0944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/07/27 18:18:33.0053 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/07/27 18:18:33.0303 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/07/27 18:18:34.0037 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/07/27 18:18:34.0506 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/07/27 18:18:34.0944 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/07/27 18:18:35.0537 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/07/27 18:18:36.0131 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/07/27 18:18:36.0631 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/07/27 18:18:37.0334 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/07/27 18:18:38.0069 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/07/27 18:18:38.0647 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/07/27 18:18:39.0350 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/07/27 18:18:39.0741 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/07/27 18:18:40.0256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/07/27 18:18:40.0772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/07/27 18:18:41.0366 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/07/27 18:18:41.0803 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/07/27 18:18:42.0866 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/07/27 18:18:43.0256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/07/27 18:18:43.0819 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/07/27 18:18:44.0069 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/07/27 18:18:44.0553 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/07/27 18:18:44.0975 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/07/27 18:18:45.0647 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/07/27 18:18:45.0991 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/07/27 18:18:46.0350 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/07/27 18:18:46.0756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/07/27 18:18:47.0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/07/27 18:18:47.0709 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/07/27 18:18:48.0819 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/07/27 18:18:49.0287 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/07/27 18:18:50.0944 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/07/27 18:18:51.0350 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/07/27 18:18:51.0975 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys 2010/07/27 18:18:52.0584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/07/27 18:18:53.0069 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/07/27 18:18:53.0491 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/07/27 18:18:54.0053 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/07/27 18:18:54.0459 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/07/27 18:18:55.0131 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/07/27 18:18:55.0553 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/07/27 18:18:55.0975 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/07/27 18:18:56.0209 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/07/27 18:18:56.0584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/07/27 18:18:57.0116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/07/27 18:18:57.0506 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/07/27 18:18:57.0944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/07/27 18:18:58.0647 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/07/27 18:18:59.0147 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/07/27 18:18:59.0881 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/07/27 18:19:00.0475 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/07/27 18:19:00.0881 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/07/27 18:19:01.0381 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/07/27 18:19:01.0803 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/07/27 18:19:01.0991 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2010/07/27 18:19:02.0537 riyumutc (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\yokfgxu.sys 2010/07/27 18:19:02.0975 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2010/07/27 18:19:03.0569 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/07/27 18:19:04.0022 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/07/27 18:19:04.0553 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/07/27 18:19:05.0022 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/07/27 18:19:05.0475 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2010/07/27 18:19:06.0037 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2010/07/27 18:19:06.0678 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/07/27 18:19:07.0678 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/07/27 18:19:08.0069 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/07/27 18:19:08.0272 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 2010/07/27 18:19:08.0756 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 2010/07/27 18:19:09.0225 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/07/27 18:19:09.0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/07/27 18:19:09.0928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/07/27 18:19:10.0428 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/07/27 18:19:10.0897 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/07/27 18:19:11.0319 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/07/27 18:19:11.0709 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/07/27 18:19:12.0209 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/07/27 18:19:12.0678 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/07/27 18:19:13.0084 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/07/27 18:19:13.0553 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/07/27 18:19:14.0131 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/07/27 18:19:14.0537 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/07/27 18:19:15.0116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/07/27 18:19:15.0694 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/07/27 18:19:16.0084 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/07/27 18:19:16.0319 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/07/27 18:19:16.0709 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys 2010/07/27 18:19:17.0131 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/07/27 18:19:17.0741 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/07/27 18:19:18.0662 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/07/27 18:19:19.0022 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/07/27 18:19:19.0319 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/07/27 18:19:19.0959 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/07/27 18:19:20.0475 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/07/27 18:19:20.0631 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/07/27 18:19:20.0803 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/07/27 18:19:21.0100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/07/27 18:19:21.0303 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/07/27 18:19:21.0584 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/07/27 18:19:21.0928 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2010/07/27 18:19:22.0459 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/07/27 18:19:22.0756 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/07/27 18:19:23.0162 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/07/27 18:19:23.0444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/07/27 18:19:24.0428 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2010/07/27 18:19:25.0069 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/07/27 18:19:25.0928 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/07/27 18:19:26.0787 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/07/27 18:19:27.0475 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/07/27 18:19:28.0162 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/07/27 18:19:28.0616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/07/27 18:19:29.0225 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/07/27 18:19:29.0725 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/07/27 18:19:30.0444 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys 2010/07/27 18:19:30.0475 ================================================================================ 2010/07/27 18:19:30.0475 Scan finished 2010/07/27 18:19:30.0475 ================================================================================ 2010/07/27 18:19:30.0491 Detected object count: 1 2010/07/27 18:20:09.0631 Forged file(Compbatt) - User select action: Skip 2010/07/27 18:20:23.0491 Deinitialize success
  9. Kirkxcrust
    Hello. The blue screen did not quite give me a clear error message, it gave me this "technical information" that I have no idea what it means but this is what it was:"***Stop:0x0000007B (0xF78D2524, 0xC0000034, 0x00000000, 0x00000000)." I don't know if that is of any help but I figure I should mention it. I went ahead and ran mbrCheck as instructed and got the same error message as previously. mbrDump.dat was 0 bytes once again. Any other suggestions? Would you like to see the most recent mbrCheck log?
  10. Kirkxcrust
    Hello. Ok, after trying CHKDSK /F, I had to reschedule to do one next time my computer reboots, because "the volume was being used by another program." So I went ahead and did a reboot. Upon logging in, a very annoying error report window kept popping up despite me sending the error report, it took me to this webpage. So, I went ahead and restarted my laptop once more and went to F8. and I tried recovery console one more time and it gave me the same blue screen as last time. The one that says I should scan for viruses, restore my computer to a previous state, or run CHKDSK /F. I don't think I have managed to make any progress, but the error report window is gone now so that doesn't seem to be a problem anymore. And those were my results. What do you think my next move should be then? Thank you.
  11. Kirkxcrust
    Hello. So after a few hours, 2 comp crashes, and lots of moving and uninstalling used programs/files, I have finished decompressing c:\ I rebooted as instructed to recovery console. it appeared to work at first and then it gave me a blue error message. It basically told me I should reboot then, scan for viruses and/or run CHKDSK /F. Do you recommend doing the latter? Also, let me know if you need more information on the blue screen and any specific detail about it. Thank you.
  12. Kirkxcrust
    "Compress Drive to save disk space" is checked. Should I uncheck it? Thanks.
  13. Kirkxcrust
    I receive a message saying "Error opening disk <2>!" But the .dat file is still created. I don't think this is correct. What is your suggestion for this? Thanks.
  14. Kirkxcrust
    File has been submitted. Let me know if there is anything else you need
  15. Kirkxcrust
    MBRCheck Log MBRCheck, version 1.1.1 © 2010, AD \\.\C: --> \\.\PhysicalDrive0 \\.\D: --> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  16. Kirkxcrust
    No, all content is still there. I can not delete any of the individual files either. I made sure the folder was not read only and tried once more to delete it, as well as the individual files, and I still have access denied. Is there any alternative to this method such as a .exe for installing the recovery console itself? Or do you need the Combofix report as well?
  17. Kirkxcrust
    hello! c:\cmdcons can not be deleted, access is denied despite me being administrator. is there a specific file I need to delete in the folder in order to continue with the process? I went ahead and downloaded a new version of combofix though, so I am good to go on that. Thanks.
  18. Kirkxcrust
    I've been attempting to follow the recommended steps and in command prompt I get "Error 123 Can't Open Physical Disk Device." And then I try to do steps 3-5 from the previous post, which do nothing. Please note Bremover folder is still in desktop, no files have been removed from it. Remover.exe runs fine by clicking it but I am not able to produce logit.txt as intended. What is your recommendation for this? Should I remover Bremover and then download it once more? My apologies if this taking long; as I've said, I have been having a hectic work schedule as of late. Thank you for your patience, it is greatly appreciated.
  19. Kirkxcrust
    Hello, when I choose to use Windows Recovery Console it gives me the message "NTLDR is Compressed. Press ctrl+alt+delete to restart" It just basically restarts the computer. Is this a necessary step, or am I missing something in order to be able to do this? Should I just start the computer in safe mode with prompt instead? Thanks.
  20. Kirkxcrust
    Logit.txt Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: b5ea3a26c2ce29f225a541a7d699387b \\.\D: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Press any key to quit...
  21. Kirkxcrust
    Finally, here is the most recent Combofix log. ComboFix 10-06-27.06 - SergioM 06/28/2010 11:56:32.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1432 [GMT -7:00] Running from: c:\documents and settings\SergioM\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\SergioM\Desktop\CFScript.txt FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\windows\system32\drivers\iqqvgx.sys" "c:\windows\system32\gvgpqyhi.tmp" "c:\windows\Ugoyiyawevanuz.dat" "c:\windows\Wpiboq.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\SergioM\Local Settings\Application Data\khxuuhlat c:\windows\system32\gvgpqyhi.tmp c:\windows\Ugoyiyawevanuz.dat c:\windows\Wpiboq.bin . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LOQHJ -------\Legacy_OGGIKYQ -------\Service_loqhj -------\Service_oggikyq ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 ))))))))))))))))))))))))))))))) . 2010-06-28 06:57 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 19:06 . 2008-10-22 23:21 -------- dc----w- c:\program files\DNA 2010-06-28 19:06 . 2008-10-22 23:21 -------- dc----w- c:\documents and settings\SergioM\Application Data\DNA 2010-06-28 06:42 . 2009-01-01 07:19 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-06-21 20:12 . 2009-04-07 18:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-14 18:52 . 2008-12-25 18:26 -------- dc----w- c:\program files\MioNet 2010-06-08 21:29 . 2008-06-04 00:51 -------- dc----w- c:\documents and settings\SergioM\Application Data\U3 2010-06-05 01:01 . 2010-04-06 07:19 -------- dc----w- c:\program files\Ask.com 2010-05-27 17:50 . 2010-05-27 17:50 -------- dc----w- c:\program files\NavNetApp 2010-05-27 17:50 . 2010-05-27 17:50 -------- dc----w- c:\documents and settings\SergioM\Application Data\NavNet Solutions 2010-05-17 23:28 . 2007-06-02 00:29 -------- dc----w- c:\program files\iTunes 2010-05-17 23:27 . 2006-12-26 08:56 -------- dc----w- c:\program files\iPod 2010-05-17 23:27 . 2007-07-19 00:22 -------- dc----w- c:\program files\Common Files\Apple 2010-05-17 23:15 . 2010-05-17 23:15 -------- dc----w- c:\program files\Bonjour 2010-05-07 17:25 . 2009-04-21 00:19 -------- dc----w- c:\program files\McAfee 2010-05-04 20:40 . 2010-05-04 20:40 -------- dc----w- c:\program files\Gmask 1.70 English 2010-05-02 05:22 . 2006-03-16 04:00 1851264 -c--a-w- c:\windows\system32\win32k.sys 2010-04-29 22:39 . 2009-04-07 18:11 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2009-04-07 18:12 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30 . 2006-03-16 04:00 285696 -c--a-w- c:\windows\system32\atmfd.dll 2010-04-16 16:09 . 2006-03-16 04:00 667136 -c--a-w- c:\windows\system32\wininet.dll 2010-04-16 16:09 . 2006-03-16 04:00 81920 -c--a-w- c:\windows\system32\ieencode.dll 2010-04-08 20:20 . 2010-04-08 20:20 91424 -c--a-w- c:\windows\system32\dnssd.dll 2010-04-08 20:20 . 2010-04-08 20:20 107808 -c--a-w- c:\windows\system32\dns-sd.exe 2010-04-03 23:40 . 2010-04-03 23:40 56 -c-ha-w- c:\windows\system32\ezsidmv.dat 2010-03-31 07:16 . 2010-03-31 07:16 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 07:10 . 2010-03-31 07:10 295264 -c--a-w- c:\windows\system32\PresentationHost.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-03-16 04:00 . 2006-03-16 04:00 94784 -csh--w- c:\windows\twain.dll 2008-04-14 00:12 . 2006-03-16 04:00 50688 -csh--w- c:\windows\twain_32.dll 2008-04-14 00:12 . 2006-03-16 04:00 57344 -csh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2006-03-16 04:00 551936 -csh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2006-03-16 04:00 11776 -csh--w- c:\windows\system32\regsvr32.exe . ------- Sigcheck ------- [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [7] 2006-03-16 04:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 22:23 1385864 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-19 323392] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-08-04 311296] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2009-09-30 32768] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 74240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] c:\documents and settings\SergioM\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-11-4 1677464] Yahoo! Widget Engine.lnk - c:\program files\Pixoria\Konfabulator\YahooWidgetEngine.exe [2007-7-20 2913584] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-26 102400] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] WD Anywhere Backup Launcher.lnk - c:\windows\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-12-25 9662] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\MioNet\\MioNetManager.exe"= "c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "990:TCP"= 990:TCP:open inbound TCP port "999:TCP"= 999:TCP:open inbound TCP port "5678:TCP"= 5678:TCP:open inbound TCP port "5679:UDP"= 5679:UDP:open outbound UDP port "5721:TCP"= 5721:TCP:open inbound TCP port "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0 "1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1 "1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2 "1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3 "1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4 "1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5 "1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6 "1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7 "1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8 "1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9 "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1647:TCP"= 1647:TCP:MioNet Storage Device Configuration "5432:UDP"= 5432:UDP:MioNet Storage Device Discovery "67:UDP"= 67:UDP:DHCP Discovery Service R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/20/2009 5:20 PM 93320] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/22/2008 10:40 AM 24652] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632] S2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 3:14 PM 139264] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [6/6/2006 1:39 PM 61952] S3 Agpstubio;Agpstubio; [x] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [8/3/2001 7:24 PM 18864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:19 PM 50048] . Contents of the 'Scheduled Tasks' folder 2010-06-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 01:34] 2010-06-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://myspace.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\SergioM\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-28 12:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? T??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5864) c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\mqsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\mqtgsvc.exe c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\eHome\ehmsas.exe c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe . ************************************************************************** . Completion time: 2010-06-28 12:20:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-28 19:20 ComboFix2.txt 2010-06-28 07:00 Pre-Run: 683,651,072 bytes free Post-Run: 790,323,200 bytes free - - End Of File - - 851F2F938AD80C0C2BC6AE710EFD0005
  22. Kirkxcrust
    Fresh DDS log. Will post latest Combofix log in a sec. DDS (Ver_10-03-17.01) - NTFSx86 Run by SergioM at 13:16:55.07 on Sun 07/04/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1401 [GMT -7:00] FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\hphmon03.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe svchost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\SergioM\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://myspace.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [HPHmon03] c:\windows\system32\hphmon03.exe mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [EPSON Stylus C42 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\pixoria\konfabulator\YahooWidgetEngine.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sergiom\applic~1\mozilla\firefox\profiles\kww5uh4e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\sergiom\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-20 93320] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-1-14 139264] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [2006-6-6 61952] S3 Agpstubio;Agpstubio; [x] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-8-3 18864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048] =============== Created Last 30 ================ 2010-07-02 19:32:16 0 dc----w- c:\program files\ESET 2010-06-28 19:51:34 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2010-06-28 19:51:34 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2010-06-28 06:57:34 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-06-28 06:06:57 0 dcsha-r- C:\cmdcons 2010-06-28 06:00:57 98816 -c--a-w- c:\windows\sed.exe 2010-06-28 06:00:57 77312 -c--a-w- c:\windows\MBR.exe 2010-06-28 06:00:57 256512 -c--a-w- c:\windows\PEV.exe 2010-06-28 06:00:57 161792 -c--a-w- c:\windows\SWREG.exe ==================== Find3M ==================== 2010-05-02 05:22:50 1851264 -c--a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 -c--a-w- c:\windows\system32\atmfd.dll 2010-04-16 16:09:09 667136 -c--a-w- c:\windows\system32\wininet.dll 2010-04-16 16:09:05 81920 -c--a-w- c:\windows\system32\ieencode.dll 2010-04-08 20:20:02 91424 -c--a-w- c:\windows\system32\dnssd.dll 2010-04-08 20:20:02 107808 -c--a-w- c:\windows\system32\dns-sd.exe 2006-03-16 04:00:00 94784 -csh--w- c:\windows\twain.dll 2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll 2008-04-14 00:12:01 57344 -csh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:02 551936 -csh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:32 11776 -csh--w- c:\windows\system32\regsvr32.exe ============= FINISH: 13:17:13.32 ===============
  23. Kirkxcrust
    I apologize for taking long, my work schedule has been rather hectic lately. Here is the ESeT scan log. Will post the latest combofix and dds.com logs asap. C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe probably a variant of Win32/Agent trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-31fedb2f Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-3a9d8b3b Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-459a1c5d Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-501d03cd Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-5d3b8f9c Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-5f3940ea Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-5f5f4897 Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-657af93f Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-68c21850 Win32/TrojanDownloader.Unruy.BP trojan C:\Documents and Settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-693e388a Win32/TrojanDownloader.Unruy.BP trojan C:\Program Files\Mozilla Firefox\0.9118712332371249.exe Win32/TrojanDownloader.Unruy.BP trojan C:\Qoobox\Quarantine\C\Documents and Settings\SergioM\Local Settings\Application Data\{E7B50D0C-095D-4BE6-A5A9-CCB380ED3F32}\chrome\content\overlay.xul.vir JS/Gord.A trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\ajbqggeq.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\akkypjct.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\bkkkywjm.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ddflusnp.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\edyxiebx.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\elubiqud.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\eynbvpqd.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\gvgpqyhi.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\gvgpqyhi.tmp.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\hwbtkdsl.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\knmfacek.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ljqjypwb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\mmsfhcqs.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\mtkypdow.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ndsitfna.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\onlsjtwf.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\pukeygqt.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ricfcwxv.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\taygneam.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\tmeusjyy.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\umkwkyoc.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\upvrnbsr.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\vplhapgk.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\wddxfsyx.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\wrquvupb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ybuykxoc.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\yyFOonmp.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\yyFOonmp.ini2.vir Win32/Adware.Virtumonde.NEO application C:\System Volume Information\Microsoft\services.exe a variant of Win32/TrojanDownloader.Unruy.BV trojan C:\System Volume Information\Microsoft\smss.exe a variant of Win32/TrojanDownloader.Unruy.BV trojan C:\WINDOWS\system32\gloihbuh.dll Win32/Adware.Virtumonde application C:\WINDOWS\system32\lbnrwfbp.dll Win32/Adware.Virtumonde application C:\WINDOWS\system32\mbffbdva.dll Win32/Adware.Virtumonde application C:\WINDOWS\system32\mtohsaoc.dll Win32/Adware.Virtumonde application C:\WINDOWS\system32\oxvcbmxk.dll a variant of Win32/Adware.Virtumonde application C:\WINDOWS\system32\srscryug.dll a variant of Win32/Adware.Virtumonde application
  24. Kirkxcrust
    Java has been updated, Macromedia has been uninstalled. I have been having issues with Kapersky. At about 75% way through the scan my computer overheats and it crashes completely. This has happened 4 times all of yesterday, about 2 hours into the scans. From what the scans were saying, I had 6 threats found and 17 files infected. If there is any alternative to this step, please let me know.
  25. Kirkxcrust
    New DDS log in normal mode. I hope I did this right; so correct me if I'm wrong but I rescanned using DDS.com and here is the DDS.txt log it produced. DDS (Ver_10-03-17.01) - NTFSx86 Run by SergioM at 1:57:43.92 on Mon 06/28/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.915 [GMT -7:00] FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxpers.exe svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\hphmon03.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\SergioM\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://myspace.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [HPHmon03] c:\windows\system32\hphmon03.exe mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [EPSON Stylus C42 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\pixoria\konfabulator\YahooWidgetEngine.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sergiom\applic~1\mozilla\firefox\profiles\kww5uh4e.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\sergiom\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-20 93320] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S0 loqhj;loqhj; [x] S0 oggikyq;oggikyq;c:\windows\system32\drivers\iqqvgx.sys --> c:\windows\system32\drivers\iqqvgx.sys [?] S2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-1-14 139264] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [2006-6-6 61952] S3 Agpstubio;Agpstubio; [x] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-8-3 18864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048] =============== Created Last 30 ================ 2010-06-28 06:06:57 0 dcsha-r- C:\cmdcons 2010-06-28 06:00:57 98816 -c--a-w- c:\windows\sed.exe 2010-06-28 06:00:57 77312 -c--a-w- c:\windows\MBR.exe 2010-06-28 06:00:57 256512 -c--a-w- c:\windows\PEV.exe 2010-06-28 06:00:57 161792 -c--a-w- c:\windows\SWREG.exe ==================== Find3M ==================== 2010-06-22 05:03:53 2520 -c--a-w- c:\windows\Ugoyiyawevanuz.dat 2010-04-29 22:39:38 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-04-08 20:20:02 91424 -c--a-w- c:\windows\system32\dnssd.dll 2010-04-08 20:20:02 107808 -c--a-w- c:\windows\system32\dns-sd.exe 2006-03-16 04:00:00 94784 -csh--w- c:\windows\twain.dll 2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll 2008-04-14 00:12:01 57344 -csh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:02 551936 -csh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:32 11776 -csh--w- c:\windows\system32\regsvr32.exe ============= FINISH: 1:58:02.47 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.