Jump to content

freeclint

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

 Content Type 

Everything posted by freeclint

  1. freeclint
    mbam scan ok. reboot. mbam scan ok! You rock TwinHeadedEagle! Many thanks!
  2. freeclint
    Zoek results. zoek-results.txt
  3. freeclint
    Sure thing! mbam-log-2014-08-26.txt
  4. freeclint
    It did yesterday. This morning, machine had rebooted and ran scan again. Spigot was back, but just in one place (not four like before). Haven't hit quarantine yet.
  5. freeclint
    Here is the mbam log. mbam-log-2014-08-25 (13-56-10).xml
  6. freeclint
    Adw log did not attach. Added here. AdwCleanerS0.txt
  7. freeclint
    Thanks TwinHeadedEagle! (Love the avatar!) SearchMe did not uninstall Fix ran. Adw cleaner ran. Logs are attached. Fixlog.txt
  8. freeclint
    Thanks in advance for your time and expertise. I for sure have a recurring PUP.optional.Spigot.A from the SearchMe Toolbar v9.5 (I believe). It will show back up after a quarrantine, might take a day sometimes. Not sure what else I might have gotten around the same time. Here are my logs from Farbar. Thank you! Clint Addition.txt FRST.txt
  9. freeclint
    My issue has been resolved, you can close this thread. Thank you all so much. Clint
  10. freeclint
    Thank you so much for all of your help, sir! You rock. If you play rpg's and like play by post, you have a spot at my Star Wars play by post over on myth-weavers.com Thanks again! Clint freeclint@yahoo.com
  11. freeclint
    No the error hasn't been on Office to my knowledge. I've just tried to install (Windows Update) 11 high priority updates (none include Office), it actually installed this time. However, installing .NET framework 3.0 failed. Prior to this process I had removed the .NET (1.6 I think) to try and get 3.0 to install, which did not work either. MSSE did install, which might mean I'm good to go... (it is scanning now) what do you think?
  12. freeclint
    Ok, the ComboFix step is complete. I haven't noticed any differences yet, but I haven't rebooted either. Here is the log: ComboFix 11-08-09.02 - Freeman 08/09/2011 13:31:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -4:00] Running from: c:\documents and settings\Freeman\Desktop\ComboFix.exe AV: Norton Internet Security 2006 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Cache E:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 ))))))))))))))))))))))))))))))) . . 2011-08-09 16:44 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys 2011-08-09 15:38 . 2011-08-09 15:38 -------- d-----w- c:\windows\IIS Temporary Compressed Files 2011-08-09 15:36 . 2011-08-09 15:38 -------- d-----w- C:\Inetpub 2011-08-09 15:36 . 2011-08-09 15:36 -------- d-----w- c:\windows\system32\Logfiles 2011-08-09 15:27 . 2006-10-14 20:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-08-09 15:27 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll 2011-08-09 13:25 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-08-09 13:25 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-08-09 13:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-08-09 13:25 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-08-09 13:24 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-08-09 13:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-08-09 13:23 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\scripting 2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\en 2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\bits 2011-08-03 20:42 . 2011-08-03 20:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-08-03 13:48 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-03 13:40 . 2011-08-03 13:41 -------- d-----w- c:\program files\OpenOffice.org 3 2011-08-03 13:38 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-08-03 13:38 . 2011-04-26 14:11 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-08-03 13:38 . 2011-04-25 16:11 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-08-03 13:38 . 2011-04-25 16:11 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-08-03 13:38 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-08-03 13:38 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-08-03 13:38 . 2011-04-25 16:11 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-08-03 13:35 . 2011-08-04 14:02 -------- d-----w- c:\documents and settings\Freeman 2011-08-03 13:19 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2011-08-03 13:19 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll 2011-08-03 13:19 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2011-08-03 13:19 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll 2011-08-03 13:18 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-08-03 13:18 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax 2011-08-03 13:18 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-08-03 13:11 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-03 12:57 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll 2011-08-03 12:57 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll 2011-08-03 12:57 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll 2011-08-03 12:57 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll 2011-08-03 12:57 . 2008-04-13 18:43 14208 ------w- c:\windows\system32\drivers\wacompen.sys 2011-08-03 12:57 . 2004-08-04 02:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2011-08-03 12:57 . 2004-08-04 02:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2011-08-03 12:57 . 2004-08-04 02:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2011-08-03 12:57 . 2004-08-04 02:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2011-08-03 12:57 . 2004-08-04 02:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys 2011-08-03 12:57 . 2004-08-04 02:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys 2011-08-03 12:55 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll 2011-08-03 12:48 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll 2011-08-03 12:48 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys 2011-08-03 12:48 . 2011-02-17 13:18 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2011-08-03 12:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-08-03 12:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2011-08-03 12:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-08-03 12:46 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-08-03 12:46 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-08-03 12:46 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll 2011-08-03 12:46 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2011-08-03 12:43 . 2011-02-16 13:22 138496 ------w- c:\windows\system32\dllcache\afd.sys 2011-08-03 12:43 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-08-03 12:43 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2011-08-03 12:43 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2011-08-03 12:42 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll 2011-08-03 01:00 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B16E9CCF-3A7E-4DCE-BDDF-8738C7EDA528}\mpengine.dll 2011-07-25 01:58 . 2011-07-25 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-25 01:58 . 2011-08-03 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 00:42 . 2011-07-20 00:41 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-17 11:49 . 2011-07-17 11:49 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-17 11:49 . 2011-07-17 11:49 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-07-11 23:55 . 2011-07-11 23:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 03:39 . 2011-05-08 12:46 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-07-17 11:49 . 2011-05-11 23:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-04-01 02:47 . 2009-02-19 18:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "nwiz"="nwiz.exe" [2006-07-20 1519616] "MsmqIntCert"="mqrt.dll" [2009-06-25 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Linksys EasyLink Advisor.lnk - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-3-28 110592] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-8 438272] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/24/2011 9:58 PM 366640] R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/3/2011 4:23 PM 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/3/2011 9:11 AM 22712] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder . 2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612672536-3481276927-3987471508-1005Core.job - c:\documents and settings\Freeman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 12:58] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612672536-3481276927-3987471508-1005UA.job - c:\documents and settings\Freeman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 12:58] . 2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864459783-1969530140-2722950199-1005Core.job - c:\documents and settings\Clint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 00:08] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864459783-1969530140-2722950199-1005UA.job - c:\documents and settings\Clint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 00:08] . 2011-07-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26] . 2011-08-06 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Freeman.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 16:13] . 2011-08-09 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-09-17 21:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.97 192.168.0.99 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 13:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . Completion time: 2011-08-09 13:41:03 ComboFix-quarantined-files.txt 2011-08-09 17:41 . Pre-Run: 977,244,160 bytes free Post-Run: 1,690,517,504 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - A29D4831A7BD7AAEFC2CE05E19108E1B Thanks again for all of your help.
  13. freeclint
    Ok, completed GooredFix and tdsskiller. My PC still won't finish installing windows updates (with service pack 3, which will let me get MS Security Esentials). Here is the TDSKiller log 2011/08/09 09:09:32.0796 0608 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29 2011/08/09 09:09:32.0828 0608 ================================================================================ 2011/08/09 09:09:32.0828 0608 SystemInfo: 2011/08/09 09:09:32.0828 0608 2011/08/09 09:09:32.0828 0608 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/09 09:09:32.0828 0608 Product type: Workstation 2011/08/09 09:09:32.0828 0608 ComputerName: CLINT_HP 2011/08/09 09:09:32.0828 0608 UserName: Freeman 2011/08/09 09:09:32.0828 0608 Windows directory: C:\WINDOWS 2011/08/09 09:09:32.0828 0608 System windows directory: C:\WINDOWS 2011/08/09 09:09:32.0828 0608 Processor architecture: Intel x86 2011/08/09 09:09:32.0828 0608 Number of processors: 2 2011/08/09 09:09:32.0828 0608 Page size: 0x1000 2011/08/09 09:09:32.0828 0608 Boot type: Normal boot 2011/08/09 09:09:32.0828 0608 ================================================================================ 2011/08/09 09:09:33.0484 0608 Initialize success 2011/08/09 09:09:36.0500 1232 ================================================================================ 2011/08/09 09:09:36.0500 1232 Scan started 2011/08/09 09:09:36.0500 1232 Mode: Manual; 2011/08/09 09:09:36.0500 1232 ================================================================================ 2011/08/09 09:09:36.0875 1232 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys 2011/08/09 09:09:37.0093 1232 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/08/09 09:09:37.0156 1232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/09 09:09:37.0187 1232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/08/09 09:09:37.0234 1232 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/08/09 09:09:37.0281 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/09 09:09:37.0359 1232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/08/09 09:09:37.0390 1232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/08/09 09:09:37.0453 1232 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/08/09 09:09:37.0500 1232 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/08/09 09:09:37.0546 1232 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/08/09 09:09:37.0578 1232 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/08/09 09:09:37.0625 1232 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/08/09 09:09:37.0671 1232 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/08/09 09:09:37.0703 1232 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/08/09 09:09:37.0750 1232 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/08/09 09:09:37.0781 1232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/08/09 09:09:37.0843 1232 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/08/09 09:09:37.0890 1232 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/08/09 09:09:37.0937 1232 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/08/09 09:09:38.0031 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/09 09:09:38.0078 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/09 09:09:38.0140 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/09 09:09:38.0187 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/09 09:09:38.0218 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/09 09:09:38.0250 1232 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/08/09 09:09:38.0296 1232 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/08/09 09:09:38.0328 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/09 09:09:38.0390 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/09 09:09:38.0437 1232 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/08/09 09:09:38.0500 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/09 09:09:38.0546 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/09 09:09:38.0578 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/09 09:09:38.0640 1232 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/08/09 09:09:38.0687 1232 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/08/09 09:09:38.0718 1232 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/08/09 09:09:38.0796 1232 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/08/09 09:09:38.0843 1232 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/08/09 09:09:38.0890 1232 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/08/09 09:09:38.0953 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/09 09:09:39.0031 1232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/09 09:09:39.0125 1232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/09 09:09:39.0171 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/09 09:09:39.0203 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/09 09:09:39.0281 1232 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/08/09 09:09:39.0328 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/09 09:09:39.0375 1232 e1express (f239ec59b4a30266a4a7b081a5dee0fc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/08/09 09:09:39.0421 1232 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 2011/08/09 09:09:39.0453 1232 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 2011/08/09 09:09:39.0562 1232 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/08/09 09:09:39.0625 1232 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/08/09 09:09:39.0796 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/09 09:09:39.0843 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/08/09 09:09:39.0890 1232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/09 09:09:39.0937 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/08/09 09:09:39.0984 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/09 09:09:40.0031 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/09 09:09:40.0078 1232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/09 09:09:40.0125 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/09 09:09:40.0140 1232 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 2011/08/09 09:09:40.0203 1232 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 2011/08/09 09:09:40.0265 1232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/08/09 09:09:40.0312 1232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/08/09 09:09:40.0359 1232 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/08/09 09:09:40.0421 1232 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/08/09 09:09:40.0515 1232 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/08/09 09:09:40.0687 1232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/09 09:09:40.0734 1232 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/08/09 09:09:40.0781 1232 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/08/09 09:09:40.0812 1232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/09 09:09:40.0890 1232 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/08/09 09:09:40.0953 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/09 09:09:41.0015 1232 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/08/09 09:09:41.0062 1232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/08/09 09:09:41.0109 1232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/09 09:09:41.0140 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/09 09:09:41.0187 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/09 09:09:41.0218 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/09 09:09:41.0250 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/09 09:09:41.0296 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/09 09:09:41.0328 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/09 09:09:41.0375 1232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/09 09:09:41.0421 1232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/09 09:09:41.0453 1232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/08/09 09:09:41.0500 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/09 09:09:41.0562 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/09 09:09:41.0656 1232 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys 2011/08/09 09:09:41.0703 1232 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/08/09 09:09:41.0734 1232 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/08/09 09:09:41.0781 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/09 09:09:41.0828 1232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/09 09:09:41.0875 1232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/09 09:09:41.0921 1232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/08/09 09:09:41.0953 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/09 09:09:42.0000 1232 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys 2011/08/09 09:09:42.0062 1232 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/08/09 09:09:42.0125 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/09 09:09:42.0171 1232 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/09 09:09:42.0203 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/09 09:09:42.0250 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/09 09:09:42.0281 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/09 09:09:42.0312 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/09 09:09:42.0359 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/09 09:09:42.0375 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/09 09:09:42.0421 1232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/09 09:09:42.0453 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/09 09:09:42.0625 1232 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110803.001\NAVENG.Sys 2011/08/09 09:09:42.0703 1232 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110803.001\NavEx15.Sys 2011/08/09 09:09:42.0859 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/09 09:09:42.0906 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/09 09:09:42.0937 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/09 09:09:42.0984 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/09 09:09:43.0015 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/09 09:09:43.0062 1232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/09 09:09:43.0093 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/09 09:09:43.0125 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/09 09:09:43.0187 1232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/08/09 09:09:43.0234 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/09 09:09:43.0296 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/09 09:09:43.0359 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/09 09:09:43.0546 1232 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/08/09 09:09:43.0750 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/09 09:09:43.0796 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/09 09:09:43.0859 1232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/08/09 09:09:43.0906 1232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/08/09 09:09:43.0953 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/09 09:09:43.0984 1232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/09 09:09:44.0015 1232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/09 09:09:44.0078 1232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/09 09:09:44.0109 1232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/08/09 09:09:44.0234 1232 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/08/09 09:09:44.0281 1232 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/08/09 09:09:44.0375 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/09 09:09:44.0421 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/09 09:09:44.0453 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/09 09:09:44.0500 1232 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/08/09 09:09:44.0531 1232 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/08/09 09:09:44.0562 1232 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/08/09 09:09:44.0593 1232 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/08/09 09:09:44.0625 1232 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/08/09 09:09:44.0671 1232 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/08/09 09:09:44.0703 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/09 09:09:44.0765 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/09 09:09:44.0796 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/09 09:09:44.0843 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/09 09:09:44.0875 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/09 09:09:44.0890 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/09 09:09:44.0953 1232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/09 09:09:45.0015 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/09 09:09:45.0046 1232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/09 09:09:45.0109 1232 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2011/08/09 09:09:45.0140 1232 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2011/08/09 09:09:45.0187 1232 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2011/08/09 09:09:45.0234 1232 RMCAST (ecff394d65671efde5a872eb9ef4f2d5) C:\WINDOWS\system32\drivers\RMCast.sys 2011/08/09 09:09:45.0296 1232 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/08/09 09:09:45.0453 1232 SAVRT (21ba125b956a513f85f6ab1dd603f917) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 2011/08/09 09:09:45.0468 1232 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 2011/08/09 09:09:45.0656 1232 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/08/09 09:09:45.0718 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/09 09:09:45.0796 1232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/08/09 09:09:45.0843 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/09 09:09:45.0968 1232 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/08/09 09:09:46.0031 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/09 09:09:46.0109 1232 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 2011/08/09 09:09:46.0171 1232 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/08/09 09:09:46.0281 1232 SPBBCDrv (16aa4657806e3ea423d7e9286e763016) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/08/09 09:09:46.0421 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/09 09:09:46.0468 1232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/09 09:09:46.0531 1232 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/09 09:09:46.0578 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/09 09:09:46.0609 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/09 09:09:46.0656 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/09 09:09:46.0718 1232 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/08/09 09:09:46.0750 1232 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/08/09 09:09:46.0796 1232 SYMDNS (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 2011/08/09 09:09:46.0890 1232 SymEvent (6db4cfcabd55c05649104f2384f2a10f) C:\Program Files\Symantec\SYMEVENT.SYS 2011/08/09 09:09:46.0921 1232 SYMFW (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS 2011/08/09 09:09:46.0968 1232 SYMIDS (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 2011/08/09 09:09:47.0093 1232 SYMIDSCO (76dcba76caa80365e6d5792afaa2adb5) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys 2011/08/09 09:09:47.0250 1232 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/08/09 09:09:47.0296 1232 SYMNDIS (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 2011/08/09 09:09:47.0328 1232 SYMREDRV (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/08/09 09:09:47.0375 1232 SYMTDI (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/08/09 09:09:47.0437 1232 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/08/09 09:09:47.0484 1232 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/08/09 09:09:47.0531 1232 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/08/09 09:09:47.0578 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/09 09:09:47.0640 1232 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/09 09:09:47.0671 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/09 09:09:47.0718 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/09 09:09:47.0750 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/09 09:09:47.0796 1232 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/08/09 09:09:47.0859 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/09 09:09:47.0921 1232 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/08/09 09:09:48.0000 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/09 09:09:48.0046 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/09 09:09:48.0078 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/09 09:09:48.0125 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/09 09:09:48.0156 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/09 09:09:48.0203 1232 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/08/09 09:09:48.0265 1232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/08/09 09:09:48.0281 1232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/09 09:09:48.0375 1232 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/08/09 09:09:48.0546 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/09 09:09:48.0593 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/09 09:09:48.0687 1232 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/08/09 09:09:48.0781 1232 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/08/09 09:09:48.0843 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/09 09:09:48.0937 1232 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0 2011/08/09 09:09:48.0937 1232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 2011/08/09 09:09:48.0953 1232 Boot (0x1200) (1669db8c38d935f8d47e105e18279380) \Device\Harddisk0\DR0\Partition0 2011/08/09 09:09:49.0000 1232 Boot (0x1200) (295132fdcdf50d284546e663f40fa5de) \Device\Harddisk0\DR0\Partition1 2011/08/09 09:09:49.0015 1232 Boot (0x1200) (e8cc5be0cf9d3dd0a25567ff7ceb9db7) \Device\Harddisk1\DR1\Partition0 2011/08/09 09:09:49.0015 1232 ================================================================================ 2011/08/09 09:09:49.0015 1232 Scan finished 2011/08/09 09:09:49.0015 1232 ================================================================================ 2011/08/09 09:09:49.0031 1664 Detected object count: 0 2011/08/09 09:09:49.0031 1664 Actual detected object count: 0 Here is the GooredFix log GooredFix by jpshortstuff (03.07.10.1) Log created at 15:05 on 08/08/2011 (Freeman) Firefox version [unable to determine] ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [23:16 11/05/2011] {AB2CE124-6272-4b12-94A9-7303C7397BD1} [00:44 21/01/2011] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [22:14 12/01/2009] {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [00:42 20/07/2011] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] (Key not found) -=E.O.F=- Thank you again, for any help.
  14. freeclint
    I went ahead and completed the rest of the scans in the instructions, listed here. My system won't let me install window's updates or update any virus definitions. Thank you for your help.
  15. freeclint
    Here is my DDS, attached is the mbam log, attach and ARK files as requested. Thank you in advance for any help.attach.zip . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Freeman at 19:58:52 on 2011-08-05 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1350 [GMT -4:00] . AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection *Disabled* FW: Norton Internet Security 2006 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe svchost.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [Google Update] "c:\documents and settings\freeman\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] nwiz.exe /installquiet /nodetect mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 205.152.37.23 192.168.1.1 TCP: Interfaces\{DADD97DB-541E-4D09-8ACB-CB46B2B3A490} : DhcpNameServer = 192.168.0.1 205.152.37.23 192.168.1.1 . ============= SERVICES / DRIVERS =============== . R? SAVScan;Symantec AVScan S? 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam S? ccEvtMgr;Symantec Event Manager S? ccProxy;Symantec Network Proxy S? ccSetMgr;Symantec Settings Manager S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService S? McrdSvc;Media Center Extender Service S? navapsvc;Norton AntiVirus Auto-Protect Service S? NAVENG;NAVENG S? NAVEX15;NAVEX15 S? SAVRT;SAVRT S? SAVRTPEL;SAVRTPEL S? Symantec Core LC;Symantec Core LC . =============== Created Last 30 ================ . 2011-08-03 14:44:33 -------- d-----w- c:\windows\system32\appmgmt 2011-08-03 13:57:01 -------- d-sh--w- c:\documents and settings\freeman\PrivacIE 2011-08-03 13:56:34 -------- d-----w- c:\documents and settings\freeman\local settings\application data\PCHealth 2011-08-03 13:51:19 -------- d-sh--w- c:\documents and settings\freeman\IETldCache 2011-08-03 13:49:03 -------- d-----w- c:\documents and settings\freeman\application data\Malwarebytes 2011-08-03 13:48:57 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-03 13:40:58 -------- d-----w- c:\program files\OpenOffice.org 3 2011-08-03 13:38:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-08-03 13:38:39 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-08-03 13:38:39 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-08-03 13:38:39 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-08-03 13:38:39 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-08-03 13:38:39 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-08-03 13:38:39 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-08-03 13:37:36 -------- d-sh--w- c:\documents and settings\freeman\Temporary Internet Files 2011-08-03 13:37:36 -------- d-sh--w- c:\documents and settings\freeman\History 2011-08-03 13:33:31 294912 ------w- c:\windows\system32\dllcache\msctf.dll 2011-08-03 13:32:14 -------- d-----w- c:\windows\system32\SoftwareDistribution 2011-08-03 13:19:08 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2011-08-03 13:19:08 5632 ----a-w- c:\windows\system32\kbdusa.dll 2011-08-03 13:19:08 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2011-08-03 13:19:08 10752 ----a-w- c:\windows\system32\c_iscii.dll 2011-08-03 13:18:44 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-08-03 13:18:42 20992 ----a-w- c:\windows\system32\dshowext.ax 2011-08-03 13:18:37 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-08-03 13:11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-03 12:58:40 -------- d-----w- c:\documents and settings\freeman\local settings\application data\Google 2011-08-03 12:49:32 -------- d-----w- c:\windows\system32\CatRoot_bak 2011-08-03 12:48:29 352640 ------w- c:\windows\system32\dllcache\srv.sys 2011-08-03 12:48:19 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2011-08-03 12:48:13 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-08-03 12:46:38 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-08-03 12:46:38 272128 ------w- c:\windows\system32\dllcache\bthport.sys 2011-08-03 12:46:14 82432 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-08-03 12:46:05 58880 ------w- c:\windows\system32\dllcache\atl.dll 2011-08-03 12:46:04 8454656 ------w- c:\windows\system32\dllcache\shell32.dll 2011-08-03 12:44:44 -------- d-----w- c:\windows\system32\PreInstall 2011-08-03 12:44:24 -------- d-sh--w- c:\documents and settings\freeman\UserData 2011-08-03 12:43:21 470528 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-08-03 12:43:05 202752 ------w- c:\windows\system32\dllcache\rmcast.sys 2011-08-03 12:43:00 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2011-08-03 12:42:49 85504 ------w- c:\windows\system32\dllcache\cabview.dll 2011-08-03 01:00:14 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b16e9ccf-3a7e-4dce-bddf-8738c7eda528}\mpengine.dll 2011-07-25 01:58:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-07-25 01:58:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-20 00:42:06 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-07-17 11:49:45 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-17 11:49:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll . ==================== Find3M ==================== . . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver 1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x89E04AB8] 3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008f[0x89DC6A28] 5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Ide\IAAStorageDevice-0[0x898D1030] kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; } user != kernel MBR !!! . ============= FINISH: 20:02:13.68 ===============
  16. freeclint
    Following the steps here: http://forums.malwarebytes.org/index.php?showtopic=9573 The defogger did not ask me to reboot or throw an error. Not sure if I should continue or not... Log says: defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:02 on 04/08/2011 (Freeman) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Thank you for the help! Clint
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.