freeclint
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by freeclint
-
-
-
-
It did yesterday. This morning, machine had rebooted and ran scan again. Spigot was back, but just in one place (not four like before).
Haven't hit quarantine yet.
-
Here is the mbam log.
-
Adw log did not attach. Added here.
-
Thanks TwinHeadedEagle! (Love the avatar!)
SearchMe did not uninstall
Fix ran.
Adw cleaner ran.
Logs are attached.
-
Thanks in advance for your time and expertise.
I for sure have a recurring PUP.optional.Spigot.A from the SearchMe Toolbar v9.5 (I believe). It will show back up after a quarrantine, might take a day sometimes. Not sure what else I might have gotten around the same time.
Here are my logs from Farbar.
Thank you!
Clint
-
My issue has been resolved, you can close this thread.
Thank you all so much.
Clint
-
Thank you so much for all of your help, sir! You rock.
If you play rpg's and like play by post, you have a spot at my Star Wars play by post over on myth-weavers.com
Thanks again!
Clint
freeclint@yahoo.com
-
No the error hasn't been on Office to my knowledge.
I've just tried to install (Windows Update) 11 high priority updates (none include Office), it actually installed this time.
However, installing .NET framework 3.0 failed.
Prior to this process I had removed the .NET (1.6 I think) to try and get 3.0 to install, which did not work either.
MSSE did install, which might mean I'm good to go... (it is scanning now)
what do you think?
-
Ok, the ComboFix step is complete. I haven't noticed any differences yet, but I haven't rebooted either.
Here is the log:
ComboFix 11-08-09.02 - Freeman 08/09/2011 13:31:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -4:00]
Running from: c:\documents and settings\Freeman\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 16:44 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-08-09 15:38 . 2011-08-09 15:38 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-08-09 15:36 . 2011-08-09 15:38 -------- d-----w- C:\Inetpub
2011-08-09 15:36 . 2011-08-09 15:36 -------- d-----w- c:\windows\system32\Logfiles
2011-08-09 15:27 . 2006-10-14 20:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-08-09 15:27 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-08-09 13:25 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-08-09 13:25 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-08-09 13:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-08-09 13:25 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-08-09 13:24 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-09 13:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-08-09 13:23 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\scripting
2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\en
2011-08-08 20:07 . 2011-08-08 20:07 -------- d-----w- c:\windows\system32\bits
2011-08-03 20:42 . 2011-08-03 20:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-03 13:48 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 13:40 . 2011-08-03 13:41 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-03 13:38 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-08-03 13:38 . 2011-04-26 14:11 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-08-03 13:38 . 2011-04-25 16:11 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-03 13:38 . 2011-04-25 16:11 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-03 13:38 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-03 13:38 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-03 13:38 . 2011-04-25 16:11 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-08-03 13:35 . 2011-08-04 14:02 -------- d-----w- c:\documents and settings\Freeman
2011-08-03 13:19 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2011-08-03 13:19 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2011-08-03 13:19 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2011-08-03 13:19 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2011-08-03 13:18 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-08-03 13:18 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-08-03 13:18 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-08-03 13:11 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 12:57 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2011-08-03 12:57 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2011-08-03 12:57 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2011-08-03 12:57 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2011-08-03 12:57 . 2008-04-13 18:43 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2011-08-03 12:57 . 2004-08-04 02:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2011-08-03 12:57 . 2004-08-04 02:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2011-08-03 12:57 . 2004-08-04 02:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2011-08-03 12:57 . 2004-08-04 02:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2011-08-03 12:57 . 2004-08-04 02:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2011-08-03 12:57 . 2004-08-04 02:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2011-08-03 12:55 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2011-08-03 12:48 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-08-03 12:48 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-08-03 12:48 . 2011-02-17 13:18 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-08-03 12:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-08-03 12:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-08-03 12:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-08-03 12:46 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-08-03 12:46 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-08-03 12:46 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2011-08-03 12:46 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2011-08-03 12:43 . 2011-02-16 13:22 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-08-03 12:43 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-08-03 12:43 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-08-03 12:43 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-08-03 12:42 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2011-08-03 01:00 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B16E9CCF-3A7E-4DCE-BDDF-8738C7EDA528}\mpengine.dll
2011-07-25 01:58 . 2011-07-25 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-25 01:58 . 2011-08-03 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 00:42 . 2011-07-20 00:41 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-17 11:49 . 2011-07-17 11:49 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-17 11:49 . 2011-07-17 11:49 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-11 23:55 . 2011-07-11 23:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2011-05-08 12:46 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-07-17 11:49 . 2011-05-11 23:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2009-02-19 18:04 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Linksys EasyLink Advisor.lnk - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-3-28 110592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-8 438272]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/24/2011 9:58 PM 366640]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/3/2011 4:23 PM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/3/2011 9:11 AM 22712]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612672536-3481276927-3987471508-1005Core.job
- c:\documents and settings\Freeman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 12:58]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612672536-3481276927-3987471508-1005UA.job
- c:\documents and settings\Freeman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-03 12:58]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864459783-1969530140-2722950199-1005Core.job
- c:\documents and settings\Clint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 00:08]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864459783-1969530140-2722950199-1005UA.job
- c:\documents and settings\Clint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 00:08]
.
2011-07-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-08-06 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Freeman.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 16:13]
.
2011-08-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-09-17 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.97 192.168.0.99
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
Completion time: 2011-08-09 13:41:03
ComboFix-quarantined-files.txt 2011-08-09 17:41
.
Pre-Run: 977,244,160 bytes free
Post-Run: 1,690,517,504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A29D4831A7BD7AAEFC2CE05E19108E1B
Thanks again for all of your help.
-
Ok, completed GooredFix and tdsskiller.
My PC still won't finish installing windows updates (with service pack 3, which will let me get MS Security Esentials).
Here is the TDSKiller log
2011/08/09 09:09:32.0796 0608 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/09 09:09:32.0828 0608 ================================================================================
2011/08/09 09:09:32.0828 0608 SystemInfo:
2011/08/09 09:09:32.0828 0608
2011/08/09 09:09:32.0828 0608 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/09 09:09:32.0828 0608 Product type: Workstation
2011/08/09 09:09:32.0828 0608 ComputerName: CLINT_HP
2011/08/09 09:09:32.0828 0608 UserName: Freeman
2011/08/09 09:09:32.0828 0608 Windows directory: C:\WINDOWS
2011/08/09 09:09:32.0828 0608 System windows directory: C:\WINDOWS
2011/08/09 09:09:32.0828 0608 Processor architecture: Intel x86
2011/08/09 09:09:32.0828 0608 Number of processors: 2
2011/08/09 09:09:32.0828 0608 Page size: 0x1000
2011/08/09 09:09:32.0828 0608 Boot type: Normal boot
2011/08/09 09:09:32.0828 0608 ================================================================================
2011/08/09 09:09:33.0484 0608 Initialize success
2011/08/09 09:09:36.0500 1232 ================================================================================
2011/08/09 09:09:36.0500 1232 Scan started
2011/08/09 09:09:36.0500 1232 Mode: Manual;
2011/08/09 09:09:36.0500 1232 ================================================================================
2011/08/09 09:09:36.0875 1232 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
2011/08/09 09:09:37.0093 1232 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/09 09:09:37.0156 1232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/09 09:09:37.0187 1232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/09 09:09:37.0234 1232 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/09 09:09:37.0281 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/09 09:09:37.0359 1232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/09 09:09:37.0390 1232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/09 09:09:37.0453 1232 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/09 09:09:37.0500 1232 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/09 09:09:37.0546 1232 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/09 09:09:37.0578 1232 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/09 09:09:37.0625 1232 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/09 09:09:37.0671 1232 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/09 09:09:37.0703 1232 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/09 09:09:37.0750 1232 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/09 09:09:37.0781 1232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/09 09:09:37.0843 1232 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/09 09:09:37.0890 1232 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/09 09:09:37.0937 1232 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/09 09:09:38.0031 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/09 09:09:38.0078 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/09 09:09:38.0140 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/09 09:09:38.0187 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/09 09:09:38.0218 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/09 09:09:38.0250 1232 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/09 09:09:38.0296 1232 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/09 09:09:38.0328 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/09 09:09:38.0390 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/09 09:09:38.0437 1232 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/09 09:09:38.0500 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/09 09:09:38.0546 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/09 09:09:38.0578 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/09 09:09:38.0640 1232 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/09 09:09:38.0687 1232 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/09 09:09:38.0718 1232 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/09 09:09:38.0796 1232 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/09 09:09:38.0843 1232 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/09 09:09:38.0890 1232 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/09 09:09:38.0953 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/09 09:09:39.0031 1232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/09 09:09:39.0125 1232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/09 09:09:39.0171 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/09 09:09:39.0203 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/09 09:09:39.0281 1232 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/09 09:09:39.0328 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/09 09:09:39.0375 1232 e1express (f239ec59b4a30266a4a7b081a5dee0fc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/08/09 09:09:39.0421 1232 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/08/09 09:09:39.0453 1232 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/08/09 09:09:39.0562 1232 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/09 09:09:39.0625 1232 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/09 09:09:39.0796 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/09 09:09:39.0843 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/09 09:09:39.0890 1232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/09 09:09:39.0937 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/09 09:09:39.0984 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/09 09:09:40.0031 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/09 09:09:40.0078 1232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/09 09:09:40.0125 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/09 09:09:40.0140 1232 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/08/09 09:09:40.0203 1232 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/08/09 09:09:40.0265 1232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/09 09:09:40.0312 1232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/09 09:09:40.0359 1232 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/09 09:09:40.0421 1232 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/08/09 09:09:40.0515 1232 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/09 09:09:40.0687 1232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/09 09:09:40.0734 1232 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/09 09:09:40.0781 1232 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/09 09:09:40.0812 1232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/09 09:09:40.0890 1232 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/09 09:09:40.0953 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/09 09:09:41.0015 1232 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/09 09:09:41.0062 1232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/09 09:09:41.0109 1232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/09 09:09:41.0140 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/09 09:09:41.0187 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/09 09:09:41.0218 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/09 09:09:41.0250 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/09 09:09:41.0296 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/09 09:09:41.0328 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/09 09:09:41.0375 1232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/09 09:09:41.0421 1232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/09 09:09:41.0453 1232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/09 09:09:41.0500 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/09 09:09:41.0562 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/09 09:09:41.0656 1232 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/09 09:09:41.0703 1232 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/09 09:09:41.0734 1232 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/09 09:09:41.0781 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/09 09:09:41.0828 1232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/09 09:09:41.0875 1232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/09 09:09:41.0921 1232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/09 09:09:41.0953 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/09 09:09:42.0000 1232 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
2011/08/09 09:09:42.0062 1232 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/09 09:09:42.0125 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/09 09:09:42.0171 1232 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/09 09:09:42.0203 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/09 09:09:42.0250 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/09 09:09:42.0281 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/09 09:09:42.0312 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/09 09:09:42.0359 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/09 09:09:42.0375 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/09 09:09:42.0421 1232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/09 09:09:42.0453 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/09 09:09:42.0625 1232 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110803.001\NAVENG.Sys
2011/08/09 09:09:42.0703 1232 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110803.001\NavEx15.Sys
2011/08/09 09:09:42.0859 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/09 09:09:42.0906 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/09 09:09:42.0937 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/09 09:09:42.0984 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/09 09:09:43.0015 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/09 09:09:43.0062 1232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/09 09:09:43.0093 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/09 09:09:43.0125 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/09 09:09:43.0187 1232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/09 09:09:43.0234 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/09 09:09:43.0296 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/09 09:09:43.0359 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/09 09:09:43.0546 1232 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/09 09:09:43.0750 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/09 09:09:43.0796 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/09 09:09:43.0859 1232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/09 09:09:43.0906 1232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/09 09:09:43.0953 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/09 09:09:43.0984 1232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/09 09:09:44.0015 1232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/09 09:09:44.0078 1232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/09 09:09:44.0109 1232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/09 09:09:44.0234 1232 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/09 09:09:44.0281 1232 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/09 09:09:44.0375 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/09 09:09:44.0421 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/09 09:09:44.0453 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/09 09:09:44.0500 1232 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/09 09:09:44.0531 1232 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/09 09:09:44.0562 1232 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/09 09:09:44.0593 1232 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/09 09:09:44.0625 1232 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/09 09:09:44.0671 1232 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/09 09:09:44.0703 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/09 09:09:44.0765 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/09 09:09:44.0796 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/09 09:09:44.0843 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/09 09:09:44.0875 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/09 09:09:44.0890 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/09 09:09:44.0953 1232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/09 09:09:45.0015 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/09 09:09:45.0046 1232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/09 09:09:45.0109 1232 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/08/09 09:09:45.0140 1232 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/08/09 09:09:45.0187 1232 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/08/09 09:09:45.0234 1232 RMCAST (ecff394d65671efde5a872eb9ef4f2d5) C:\WINDOWS\system32\drivers\RMCast.sys
2011/08/09 09:09:45.0296 1232 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/09 09:09:45.0453 1232 SAVRT (21ba125b956a513f85f6ab1dd603f917) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
2011/08/09 09:09:45.0468 1232 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
2011/08/09 09:09:45.0656 1232 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/09 09:09:45.0718 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/09 09:09:45.0796 1232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/09 09:09:45.0843 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/09 09:09:45.0968 1232 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/09 09:09:46.0031 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/09 09:09:46.0109 1232 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/08/09 09:09:46.0171 1232 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/09 09:09:46.0281 1232 SPBBCDrv (16aa4657806e3ea423d7e9286e763016) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/08/09 09:09:46.0421 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/09 09:09:46.0468 1232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/09 09:09:46.0531 1232 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/09 09:09:46.0578 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/09 09:09:46.0609 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/09 09:09:46.0656 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/09 09:09:46.0718 1232 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/09 09:09:46.0750 1232 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/09 09:09:46.0796 1232 SYMDNS (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/08/09 09:09:46.0890 1232 SymEvent (6db4cfcabd55c05649104f2384f2a10f) C:\Program Files\Symantec\SYMEVENT.SYS
2011/08/09 09:09:46.0921 1232 SYMFW (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/08/09 09:09:46.0968 1232 SYMIDS (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/08/09 09:09:47.0093 1232 SYMIDSCO (76dcba76caa80365e6d5792afaa2adb5) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys
2011/08/09 09:09:47.0250 1232 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/08/09 09:09:47.0296 1232 SYMNDIS (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/08/09 09:09:47.0328 1232 SYMREDRV (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/08/09 09:09:47.0375 1232 SYMTDI (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/08/09 09:09:47.0437 1232 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/09 09:09:47.0484 1232 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/09 09:09:47.0531 1232 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/09 09:09:47.0578 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/09 09:09:47.0640 1232 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/09 09:09:47.0671 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/09 09:09:47.0718 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/09 09:09:47.0750 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/09 09:09:47.0796 1232 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/09 09:09:47.0859 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/09 09:09:47.0921 1232 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/09 09:09:48.0000 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/09 09:09:48.0046 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/09 09:09:48.0078 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/09 09:09:48.0125 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/09 09:09:48.0156 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/09 09:09:48.0203 1232 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/09 09:09:48.0265 1232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/09 09:09:48.0281 1232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/09 09:09:48.0375 1232 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/09 09:09:48.0546 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/09 09:09:48.0593 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/09 09:09:48.0687 1232 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/09 09:09:48.0781 1232 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/09 09:09:48.0843 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/09 09:09:48.0937 1232 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
2011/08/09 09:09:48.0937 1232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/09 09:09:48.0953 1232 Boot (0x1200) (1669db8c38d935f8d47e105e18279380) \Device\Harddisk0\DR0\Partition0
2011/08/09 09:09:49.0000 1232 Boot (0x1200) (295132fdcdf50d284546e663f40fa5de) \Device\Harddisk0\DR0\Partition1
2011/08/09 09:09:49.0015 1232 Boot (0x1200) (e8cc5be0cf9d3dd0a25567ff7ceb9db7) \Device\Harddisk1\DR1\Partition0
2011/08/09 09:09:49.0015 1232 ================================================================================
2011/08/09 09:09:49.0015 1232 Scan finished
2011/08/09 09:09:49.0015 1232 ================================================================================
2011/08/09 09:09:49.0031 1664 Detected object count: 0
2011/08/09 09:09:49.0031 1664 Actual detected object count: 0
Here is the GooredFix log
GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:05 on 08/08/2011 (Freeman)
Firefox version [unable to determine]
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:16 11/05/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [00:44 21/01/2011]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [22:14 12/01/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [00:42 20/07/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)
-=E.O.F=-
Thank you again, for any help.
-
Hi and welcome to Malwarebytes.
Skip Defogger. Please describe the issues you are experiencing, in detail.
I went ahead and completed the rest of the scans in the instructions, listed here.
My system won't let me install window's updates or update any virus definitions.
Thank you for your help.
-
Here is my DDS, attached is the mbam log, attach and ARK files as requested. Thank you in advance for any help.attach.zip
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Freeman at 19:58:52 on 2011-08-05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1350 [GMT -4:00]
.
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Freeman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Google Update] "c:\documents and settings\freeman\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.152.37.23 192.168.1.1
TCP: Interfaces\{DADD97DB-541E-4D09-8ACB-CB46B2B3A490} : DhcpNameServer = 192.168.0.1 205.152.37.23 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R? SAVScan;Symantec AVScan
S? 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam
S? ccEvtMgr;Symantec Event Manager
S? ccProxy;Symantec Network Proxy
S? ccSetMgr;Symantec Settings Manager
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McrdSvc;Media Center Extender Service
S? navapsvc;Norton AntiVirus Auto-Protect Service
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? SAVRT;SAVRT
S? SAVRTPEL;SAVRTPEL
S? Symantec Core LC;Symantec Core LC
.
=============== Created Last 30 ================
.
2011-08-03 14:44:33 -------- d-----w- c:\windows\system32\appmgmt
2011-08-03 13:57:01 -------- d-sh--w- c:\documents and settings\freeman\PrivacIE
2011-08-03 13:56:34 -------- d-----w- c:\documents and settings\freeman\local settings\application data\PCHealth
2011-08-03 13:51:19 -------- d-sh--w- c:\documents and settings\freeman\IETldCache
2011-08-03 13:49:03 -------- d-----w- c:\documents and settings\freeman\application data\Malwarebytes
2011-08-03 13:48:57 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 13:40:58 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-03 13:38:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-08-03 13:38:39 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-03 13:38:39 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-03 13:38:39 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-03 13:38:39 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-03 13:38:39 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-08-03 13:38:39 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-08-03 13:37:36 -------- d-sh--w- c:\documents and settings\freeman\Temporary Internet Files
2011-08-03 13:37:36 -------- d-sh--w- c:\documents and settings\freeman\History
2011-08-03 13:33:31 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2011-08-03 13:32:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-08-03 13:19:08 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2011-08-03 13:19:08 5632 ----a-w- c:\windows\system32\kbdusa.dll
2011-08-03 13:19:08 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2011-08-03 13:19:08 10752 ----a-w- c:\windows\system32\c_iscii.dll
2011-08-03 13:18:44 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-08-03 13:18:42 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-08-03 13:18:37 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-08-03 13:11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 12:58:40 -------- d-----w- c:\documents and settings\freeman\local settings\application data\Google
2011-08-03 12:49:32 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-08-03 12:48:29 352640 ------w- c:\windows\system32\dllcache\srv.sys
2011-08-03 12:48:19 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-08-03 12:48:13 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-08-03 12:46:38 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-08-03 12:46:38 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-08-03 12:46:14 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-08-03 12:46:05 58880 ------w- c:\windows\system32\dllcache\atl.dll
2011-08-03 12:46:04 8454656 ------w- c:\windows\system32\dllcache\shell32.dll
2011-08-03 12:44:44 -------- d-----w- c:\windows\system32\PreInstall
2011-08-03 12:44:24 -------- d-sh--w- c:\documents and settings\freeman\UserData
2011-08-03 12:43:21 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-08-03 12:43:05 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-08-03 12:43:00 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-08-03 12:42:49 85504 ------w- c:\windows\system32\dllcache\cabview.dll
2011-08-03 01:00:14 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b16e9ccf-3a7e-4dce-bddf-8738c7eda528}\mpengine.dll
2011-07-25 01:58:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-25 01:58:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 00:42:06 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-17 11:49:45 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-17 11:49:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x89E04AB8]
3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\0000008f[0x89DC6A28]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Ide\IAAStorageDevice-0[0x898D1030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 20:02:13.68 ===============
-
Following the steps here: http://forums.malwarebytes.org/index.php?showtopic=9573
The defogger did not ask me to reboot or throw an error. Not sure if I should continue or not...
Log says:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:02 on 04/08/2011 (Freeman)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Thank you for the help!
Clint
PUP.optional.Spigot.A and maybe more
in Resolved Malware Removal Logs
Posted
mbam scan ok.
reboot.
mbam scan ok!
You rock TwinHeadedEagle!
Many thanks!