Kirkxcrust Posted August 3, 2010 Author ID:294972 Share Posted August 3, 2010 Hello, here is the log from the MBRCheck scan. Thanks.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP ProfessionalWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000001cKernel Drivers (total 159): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7497000 ohci1394.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF798D000 viaide.sys 0xF798F000 aliide.sys 0xF7329000 pcmcia.sys 0xF74B7000 MountMgr.sys 0xF730A000 ftdisk.sys 0xF7991000 dmload.sys 0xF72E4000 dmio.sys 0xF789B000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF74C7000 VolSnap.sys 0xF72CC000 atapi.sys 0xF71F6000 iaStor.sys 0xF74D7000 disk.sys 0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF71D6000 fltmgr.sys 0xF71C4000 sr.sys 0xF71AE000 DRVMCDB.SYS 0xF74F7000 PxHelp20.sys 0xF7197000 KSecDD.sys 0xF710A000 Ntfs.sys 0xF70DD000 NDIS.sys 0xF7507000 Serial.sys 0xF70C3000 Mup.sys 0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF75D7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF6D61000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF6D5D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xF6D59000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF5F6A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF5F56000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF5F31000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF5DD3000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF7887000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF5DB0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF788F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5D9C000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF771F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xF75E7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xF5D50000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xF5D28000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF6D49000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0xF75F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7737000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7607000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF773F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF5CF8000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF79D3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7617000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF79D5000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF6AA2000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF6A92000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF5CD5000 \SystemRoot\system32\DRIVERS\ks.sys 0xF774F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7757000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xF6A82000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF7B2D000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF6A72000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5CBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF6A62000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF6A52000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF775F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5CAD000 \SystemRoot\system32\DRIVERS\psched.sys 0xF6A42000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7767000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5C7D000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF6A32000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79D7000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5C1F000 \SystemRoot\system32\DRIVERS\update.sys 0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7957000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF6A22000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA65C000 \SystemRoot\system32\drivers\CHDAud.sys 0xAA638000 \SystemRoot\system32\drivers\portcls.sys 0xF616D000 \SystemRoot\system32\drivers\drmk.sys 0xAA605000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA511000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA45F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7787000 \SystemRoot\System32\Drivers\Modem.SYS 0xF75C7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF6D69000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7A09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7AE4000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A0B000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7857000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF785F000 \SystemRoot\System32\drivers\vga.sys 0xF7A0D000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A0F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF786F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7877000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF706A000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9218000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA91BF000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA9197000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA9171000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA914F000 \SystemRoot\System32\drivers\afd.sys 0xA92FB000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA92EB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF7A11000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0xA9124000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA92DB000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xA90B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA92CB000 \SystemRoot\System32\Drivers\Fips.SYS 0xA8FF2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xA930B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xA926B000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9F1D9000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x9F103000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA90A4000 \SystemRoot\System32\drivers\Dxapi.sys 0xA64FB000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B83000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF021000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF043000 \SystemRoot\System32\ialmdev5.DLL 0xBF07E000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA6A9E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x9FEE7000 \SystemRoot\System32\DLA\DLADResN.SYS 0x9F0ED000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xA9090000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xA6492000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xA9D14000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x9F0D5000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x9F0BF000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x9F0A9000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xA6659000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xF6087000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9FE6B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0x9F044000 \SystemRoot\system32\drivers\wdmaud.sys 0xA6ABE000 \SystemRoot\system32\drivers\sysaudio.sys 0x9ECC6000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9EA51000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9E830000 \SystemRoot\System32\Drivers\HTTP.sys 0x9E6C1000 \SystemRoot\system32\DRIVERS\srv.sys 0x9E699000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9E5BA000 \??\C:\WINDOWS\system32\drivers\mqac.sys 0x9E588000 \??\C:\WINDOWS\system32\drivers\RMCast.sys 0x9E919000 \SystemRoot\system32\DRIVERS\secdrv.sys 0x9E1F0000 \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 0x9D4EF000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 74): 0 System Idle Process 4 System 896 C:\WINDOWS\system32\smss.exe 956 csrss.exe 980 C:\WINDOWS\system32\winlogon.exe 1028 C:\WINDOWS\system32\services.exe 1040 C:\WINDOWS\system32\lsass.exe 1228 C:\WINDOWS\system32\svchost.exe 1296 svchost.exe 1476 C:\WINDOWS\system32\svchost.exe 1664 svchost.exe 1824 svchost.exe 2040 C:\WINDOWS\system32\spoolsv.exe 324 C:\WINDOWS\explorer.exe 540 C:\WINDOWS\ehome\ehtray.exe 548 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe 568 C:\WINDOWS\system32\hkcmd.exe 580 C:\WINDOWS\system32\igfxpers.exe 756 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 868 C:\Program Files\HP\QuickPlay\QPService.exe 948 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 952 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 1248 C:\Program Files\Microsoft IntelliPoint\point32.exe 1260 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 1468 C:\WINDOWS\system32\hphmon03.exe 1516 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe 1532 C:\WINDOWS\system32\dla\DLACTRLW.EXE 1544 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE 1552 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1612 C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe 1672 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1728 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC1.EXE 1900 C:\Program Files\iTunes\iTunesHelper.exe 1916 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1936 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1948 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 148 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe 1772 C:\Program Files\Windows Media Player\wmpnscfg.exe 276 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 508 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe 708 C:\Program Files\OpenOffice.org 3\program\soffice.exe 480 C:\Program Files\OpenOffice.org 3\program\soffice.bin 1400 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 1172 svchost.exe 1692 msdtc.exe 2096 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2108 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 2144 C:\Program Files\Bonjour\mDNSResponder.exe 2184 C:\WINDOWS\ehome\ehrecvr.exe 2212 C:\WINDOWS\ehome\ehSched.exe 2392 C:\WINDOWS\system32\svchost.exe 2476 C:\Program Files\Java\jre6\bin\jqs.exe 2552 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2820 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2836 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 3016 svchost.exe 3092 C:\WINDOWS\system32\svchost.exe 3152 C:\Program Files\Viewpoint\Common\ViewpointService.exe 3204 wmpnetwk.exe 3252 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3312 mcrdsvc.exe 3412 C:\WINDOWS\system32\mqsvc.exe 3676 C:\WINDOWS\system32\mqtgsvc.exe 844 C:\WINDOWS\system32\wscntfy.exe 728 wmiprvse.exe 2292 C:\Program Files\iPod\bin\iPodService.exe 3352 C:\WINDOWS\system32\dllhost.exe 2588 C:\WINDOWS\ehome\ehmsas.exe 2720 alg.exe 652 C:\Program Files\Mozilla Firefox\firefox.exe 892 C:\Program Files\Mozilla Firefox\plugin-container.exe 1840 C:\Program Files\Last.fm\LastFM.exe 7948 C:\WINDOWS\system32\notepad.exe 6392 C:\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1dbe1000 (FAT32)PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 892C Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...Enter filename to dump to: mbrDump.datError opening disk (2)!Enter the physical disk number to dump (0-99, -1 to exit): -1Done! Link to post Share on other sites More sharing options...
Blade81 Posted August 4, 2010 ID:295214 Share Posted August 4, 2010 Hi,Run ComboFix again and let it update itself. Post back the report + fresh dds.txt and MBRCheck logs. Link to post Share on other sites More sharing options...
Kirkxcrust Posted August 5, 2010 Author ID:296395 Share Posted August 5, 2010 Combo fix log. Will follow-up with DDS and MBRCheck reports in the following posts.ComboFix 10-08-05.02 - SergioM 08/05/2010 15:03:59.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1415 [GMT -7:00]Running from: c:\documents and settings\SergioM\Desktop\ComboFix.exeFW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}.((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))).2010-08-03 20:22 . 2010-08-03 20:22 0 ----a-w- C:\mbrDump.dat2010-08-03 18:52 . 2010-08-03 18:52 80384 ----a-w- C:\MBRCheck.exe2010-08-02 19:40 . 2010-07-24 00:22 43008 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll2010-08-02 19:40 . 2010-07-24 00:22 338944 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll2010-08-02 19:40 . 2010-07-24 00:22 346112 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll2010-08-02 19:40 . 2010-07-24 00:22 1496064 ----a-w- c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll2010-07-28 00:03 . 2010-07-28 01:15 -------- d-----w- C:\tdsskiller2010-07-13 18:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-05 17:42 . 2009-01-01 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-08-03 17:22 . 2007-06-23 14:47 -------- dc----w- c:\program files\Pixoria2010-07-24 16:08 . 2006-09-12 05:33 -------- dc-h--w- c:\program files\InstallShield Installation Information2010-07-24 16:05 . 2006-12-26 09:12 -------- dc----w- c:\program files\Google2010-07-22 16:16 . 2006-12-26 07:12 134096 ----a-w- c:\documents and settings\SergioM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-21 20:09 . 2008-12-25 18:26 -------- dc----w- c:\program files\MioNet2010-07-04 18:34 . 2010-06-28 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-07-02 19:32 . 2010-07-02 19:32 -------- dc----w- c:\program files\ESET2010-06-29 21:34 . 2010-06-29 21:34 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe2010-06-28 19:53 . 2006-09-12 05:33 -------- dc----w- c:\program files\Common Files\Java2010-06-28 19:51 . 2010-06-28 19:51 503808 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\msvcp71.dll2010-06-28 19:51 . 2010-06-28 19:51 499712 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\jmc.dll2010-06-28 19:51 . 2010-06-28 19:51 348160 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-381623df-n\msvcr71.dll2010-06-28 19:51 . 2010-06-28 19:51 61440 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-407d4e90-n\decora-sse.dll2010-06-28 19:51 . 2010-06-28 19:51 12800 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-407d4e90-n\decora-d3d.dll2010-06-28 19:51 . 2010-06-28 19:51 411368 -c--a-w- c:\windows\system32\deployJava1.dll2010-06-28 19:32 . 2006-09-12 05:33 -------- dc----w- c:\program files\Java2010-06-21 20:12 . 2009-04-07 18:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware2010-06-14 14:31 . 2006-03-16 04:00 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-06-08 21:29 . 2008-06-04 00:51 -------- d-----w- c:\documents and settings\SergioM\Application Data\U32010-06-08 19:36 . 2009-02-21 22:11 1 ----a-w- c:\documents and settings\SergioM\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2010-05-28 15:04 . 2010-05-28 15:04 503808 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\msvcp71.dll2010-05-28 15:04 . 2010-05-28 15:04 499712 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\jmc.dll2010-05-28 15:04 . 2010-05-28 15:04 348160 ----a-w- c:\documents and settings\SergioM\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-48874354-n\msvcr71.dll2010-05-17 23:19 . 2010-05-17 23:19 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll2006-03-16 04:00 . 2006-03-16 04:00 94784 -csh--w- c:\windows\twain.dll2008-04-14 00:12 . 2006-03-16 04:00 50688 -csh--w- c:\windows\twain_32.dll2008-04-14 00:12 . 2006-03-16 04:00 57344 -csh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2006-03-16 04:00 551936 -csh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2006-03-16 04:00 11776 -csh--w- c:\windows\system32\regsvr32.exe.------- Sigcheck -------[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll[7] 2006-03-16 04:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608]"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-08-04 311296]"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 74240]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]c:\documents and settings\SergioM\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-11-4 1677464]c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-26 102400]HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\mqsvc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Last.fm\\LastFM.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"990:TCP"= 990:TCP:open inbound TCP port"999:TCP"= 999:TCP:open inbound TCP port"5678:TCP"= 5678:TCP:open inbound TCP port"5679:UDP"= 5679:UDP:open outbound UDP port"5721:TCP"= 5721:TCP:open inbound TCP port"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery"67:UDP"= 67:UDP:DHCP Discovery ServiceR2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/20/2009 5:20 PM 93320]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/22/2008 10:40 AM 24652]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [6/6/2006 1:39 PM 61952]S3 Agpstubio;Agpstubio; [x]S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [8/3/2001 7:24 PM 18864]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:19 PM 50048].Contents of the 'Scheduled Tasks' folder2010-08-05 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 01:34]..------- Supplementary Scan -------.uStart Page = hxxp://myspace.com/uSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/iemSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\SergioM\Application Data\Mozilla\Firefox\Profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dllFF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dllFF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-05 15:06Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? T??????`?@?????L?@ scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(4668)c:\program files\iTunes\iTunesMiniPlayer.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-08-05 15:09:15ComboFix-quarantined-files.txt 2010-08-05 22:09ComboFix2.txt 2010-08-05 21:57ComboFix3.txt 2010-06-28 19:20ComboFix4.txt 2010-06-28 07:00Pre-Run: 210,886,656 bytes freePost-Run: 196,046,848 bytes free- - End Of File - - 56CC54E019DC0780BE51D29781292CF8 Link to post Share on other sites More sharing options...
Kirkxcrust Posted August 5, 2010 Author ID:296398 Share Posted August 5, 2010 DDS log. Will do MBRCheck in a moment.DDS (Ver_10-03-17.01) - NTFSx86 Run by SergioM at 15:14:02.83 on Thu 08/05/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1291 [GMT -7:00]FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXEC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXEC:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binsvchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\SergioM\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://myspace.com/uSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/iemSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FileuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [MsmqIntCert] regsvr32 /s mqrt.dllmRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exemRun: [RecGuard] c:\windows\sminst\RecGuard.exemRun: [Reminder] c:\windows\creator\Remind_XP.exemRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [HPHmon03] c:\windows\system32\hphmon03.exemRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exemRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXEmRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [EPSON Stylus C42 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB002" /M "Stylus C42"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\docume~1\sergiom\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\sergiom\applic~1\mozilla\firefox\profiles\kww5uh4e.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\sergiom\application data\mozilla\firefox\profiles\kww5uh4e.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dllFF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dllFF - plugin: c:\documents and settings\sergiom\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-20 93320]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5u870cap.sys [2006-6-6 61952]S3 Agpstubio;Agpstubio; [x]S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-8-3 18864]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]=============== Created Last 30 ================2010-08-05 21:48:47 0 d-sha-r- C:\cmdcons2010-08-03 20:22:15 0 ----a-w- C:\mbrDump.dat2010-08-03 18:52:48 80384 ----a-w- C:\MBRCheck.exe2010-07-28 00:03:58 0 d-----w- C:\tdsskiller2010-07-13 18:53:22 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe==================== Find3M ====================2010-06-28 19:51:07 411368 -c--a-w- c:\windows\system32\deployJava1.dll2006-03-16 04:00:00 94784 -csh--w- c:\windows\twain.dll2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll2008-04-14 00:12:01 57344 -csh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12:02 551936 -csh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12:32 11776 -csh--w- c:\windows\system32\regsvr32.exe============= FINISH: 15:14:13.92 =============== Link to post Share on other sites More sharing options...
Kirkxcrust Posted August 5, 2010 Author ID:296405 Share Posted August 5, 2010 MBRCheck still gives me the same issues as before. Here is the log. Thanks.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP ProfessionalWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x0000001cKernel Drivers (total 162): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF7358000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7347000 pci.sys 0xF7487000 isapnp.sys 0xF7497000 ohci1394.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF798D000 viaide.sys 0xF798F000 aliide.sys 0xF7329000 pcmcia.sys 0xF74B7000 MountMgr.sys 0xF730A000 ftdisk.sys 0xF7991000 dmload.sys 0xF72E4000 dmio.sys 0xF789B000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF74C7000 VolSnap.sys 0xF72CC000 atapi.sys 0xF71F6000 iaStor.sys 0xF74D7000 disk.sys 0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF71D6000 fltmgr.sys 0xF71C4000 sr.sys 0xF71AE000 DRVMCDB.SYS 0xF74F7000 PxHelp20.sys 0xF7197000 KSecDD.sys 0xF710A000 Ntfs.sys 0xF70DD000 NDIS.sys 0xF7507000 Serial.sys 0xF70C3000 Mup.sys 0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF7627000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7933000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF7937000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xF793B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF6041000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF602D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF5EAA000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF5E87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF5E73000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF775F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xF7637000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xF5E27000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xF5DFF000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF794B000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0xF7647000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7657000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF776F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF5DCF000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF7A07000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7667000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7A09000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF7677000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7687000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF5DAC000 \SystemRoot\system32\DRIVERS\ks.sys 0xF777F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7787000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xF7697000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF7B0C000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7953000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5D95000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF778F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5D84000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7797000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF779F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5D2C000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7567000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A0B000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5CCE000 \SystemRoot\system32\DRIVERS\update.sys 0xF796F000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7973000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF75E7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA63C000 \SystemRoot\system32\drivers\CHDAud.sys 0xAA618000 \SystemRoot\system32\drivers\portcls.sys 0xF618E000 \SystemRoot\system32\drivers\drmk.sys 0xAA5E5000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA4F1000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA43F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS 0xAA031000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF5CB2000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF79AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B33000 \SystemRoot\System32\Drivers\Null.SYS 0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS 0xF773F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF7737000 \SystemRoot\System32\drivers\vga.sys 0xF79B3000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79B5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF788F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF5CAA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA9321000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA92C8000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA92A0000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA927A000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA9258000 \SystemRoot\System32\drivers\afd.sys 0xAA021000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAA011000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF79B7000 \SystemRoot\system32\DRIVERS\eabfiltr.sys 0xA922D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA001000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xA911D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA9FF1000 \SystemRoot\System32\Drivers\Fips.SYS 0xA90BC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xA920D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xA9D4C000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9DF7E000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x9DEA8000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA5F57000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77CF000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B2D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF021000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF043000 \SystemRoot\System32\ialmdev5.DLL 0xBF07E000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA5BFE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF7B71000 \SystemRoot\System32\DLA\DLADResN.SYS 0x9DE92000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xA5F3B000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xF7A21000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xA85BE000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x9DE7A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x9DE64000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x9DE4E000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xF617E000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xA933C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9DE11000 \SystemRoot\system32\drivers\wdmaud.sys 0x9ED22000 \SystemRoot\system32\drivers\sysaudio.sys 0xA9FD1000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xA9FE1000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9D72E000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9D5AD000 \SystemRoot\System32\Drivers\HTTP.sys 0x9D43E000 \SystemRoot\system32\DRIVERS\srv.sys 0x9D4C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9D337000 \??\C:\WINDOWS\system32\drivers\mqac.sys 0x9D265000 \??\C:\WINDOWS\system32\drivers\RMCast.sys 0x9D3D6000 \SystemRoot\system32\DRIVERS\secdrv.sys 0x9CED1000 \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS 0x9C1CB000 \SystemRoot\system32\drivers\kmixer.sys 0x9F0DD000 \??\C:\DOCUME~1\SergioM\LOCALS~1\Temp\catchme.sys 0xA7B3B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA85CE000 \??\C:\DOCUME~1\SergioM\LOCALS~1\Temp\mbr.sys 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 67): 0 System Idle Process 4 System 900 C:\WINDOWS\system32\smss.exe 960 csrss.exe 988 C:\WINDOWS\system32\winlogon.exe 1032 C:\WINDOWS\system32\services.exe 1044 C:\WINDOWS\system32\lsass.exe 1232 C:\WINDOWS\system32\svchost.exe 1324 svchost.exe 1484 C:\WINDOWS\system32\svchost.exe 1632 svchost.exe 1792 svchost.exe 2024 C:\WINDOWS\system32\spoolsv.exe 580 C:\WINDOWS\ehome\ehtray.exe 588 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe 604 C:\WINDOWS\system32\hkcmd.exe 612 C:\WINDOWS\system32\igfxpers.exe 640 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 684 C:\Program Files\HP\QuickPlay\QPService.exe 812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 932 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 1240 C:\Program Files\Microsoft IntelliPoint\point32.exe 1380 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 1424 C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe 1444 C:\WINDOWS\system32\dla\DLACTRLW.EXE 1512 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE 1568 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1648 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 1692 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC1.EXE 1624 C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe 1088 C:\Program Files\iTunes\iTunesHelper.exe 1820 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1920 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 1848 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 828 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe 1172 C:\Program Files\OpenOffice.org 3\program\soffice.exe 148 C:\Program Files\OpenOffice.org 3\program\soffice.bin 1720 svchost.exe 1900 msdtc.exe 1748 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 2176 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2188 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2268 C:\WINDOWS\ehome\ehrecvr.exe 2316 C:\WINDOWS\ehome\ehSched.exe 2468 C:\WINDOWS\system32\svchost.exe 2520 C:\Program Files\Java\jre6\bin\jqs.exe 2576 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2700 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2912 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 3088 svchost.exe 3156 C:\WINDOWS\system32\svchost.exe 3232 C:\Program Files\Viewpoint\Common\ViewpointService.exe 3360 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3432 mcrdsvc.exe 3524 C:\WINDOWS\system32\mqsvc.exe 3820 C:\WINDOWS\system32\mqtgsvc.exe 692 C:\WINDOWS\system32\wscntfy.exe 2344 wmiprvse.exe 3372 C:\Program Files\iPod\bin\iPodService.exe 1776 C:\WINDOWS\ehome\ehmsas.exe 3768 C:\WINDOWS\system32\dllhost.exe 2856 alg.exe 5008 wmpnetwk.exe 4668 C:\WINDOWS\explorer.exe 5788 C:\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1dbe1000 (FAT32)PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 892C Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...Enter filename to dump to: mbrdump.datError opening disk (2)!Enter the physical disk number to dump (0-99, -1 to exit): -1Done! Link to post Share on other sites More sharing options...
Blade81 Posted August 6, 2010 ID:296594 Share Posted August 6, 2010 Hi,I probably should had asked this from you earlier but is your d: drive a recovery partition?Please run ESET online scanner again and post back its report. Also, update MBAM and run a quick scan with it (delete possible found items). Post back the report of this too. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 11, 2010 Staff ID:299235 Share Posted August 11, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts