Jump to content

Scanning Problem


Recommended Posts

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Here's the contents of DDS.txt:

DDS (Ver_10-12-05.01) - NTFSx86

Run by eRiK at 3:39:42.82 on 12/12/2010 Sun

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Zentimo\ZentimoService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Window Hide Tool\Window Hide Tool.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Topos\cFosSpeed\spd.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

C:\Program Files\ShadowExplorer\sesvc.exe

C:\Windows\system32\STacSV.exe

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Zentimo\Zentimo.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\DoubleClickFix\DoubleClickFix.exe

C:\Program Files\Topos\cFosSpeed\cfosspeed.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\eRiK\Desktop\dds.com

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

uStart Page = about:blank

uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen

mStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen

mDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PIPI Link Helper: {1a3440c6-f123-4cab-84ee-c814e1ae0d8f} - c:\program files\startv\core\pipi\JfCheck.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ToolbarBrowserHelper Class: {d2f8a635-8b0f-47bf-915e-6f456767a300} - c:\program files\thunder network\minithunder\ToolBarNow.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

uRun: [Window Hide Tool] c:\program files\window hide tool\Window Hide Tool.exe

uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe

uRun: [Zentimo xStorage Manager] c:\program files\zentimo\Zentimo.exe /startup

uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe

uRun: [speedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [cFosSpeed] c:\program files\topos\cfosspeed\cFosSpeed.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\users\erik\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

Trusted Zone: 111222.cn\list1

Trusted Zone: pps.tv\kan

Trusted Zone: pps.tv\list1

Trusted Zone: pps.tv\tvguide

Trusted Zone: pps.tv\vodguide

Trusted Zone: ppstream.com\list1

Trusted Zone: ppstream.com\notice

Trusted Zone: ppstream.com\xml1

Trusted Zone: ppstream.com\xml2

Trusted Zone: ppstream.com\xml3

Trusted Zone: ppstream.net\list1

Trusted Zone: ppstv.com\list1

Trusted Zone: ppstv.net\list1

Trusted Zone: security_PPStream.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Extension: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}

FF - Extension: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Extension: ResizeIT: resizeit@sonej - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\resizeit@sonej

FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\erik\appdata\roaming\mozilla\firefox\profiles\3iylhprb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-9-21 25896]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-30 73728]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

R2 RealtekUSB;RealtekUSB;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2010-9-27 36864]

R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2010-9-25 9216]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

R2 ZentimoService;Zentimo Assistant;c:\program files\zentimo\ZentimoService.exe [2010-11-3 240976]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-7-30 179712]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-25 27632]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-13 8192]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-6-26 35088]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-9-27 335872]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-9-25 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-9-25 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-9-25 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-9-25 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-9-25 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-9-25 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-9-25 109736]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]

=============== Created Last 30 ================

2010-12-10 22:27:22 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ae952ed1-629d-4c87-a9f8-bd2c8735f48e}\mpengine.dll

2010-12-10 22:20:07 839680 ----a-w- c:\windows\system32\lameACM.acm

2010-12-10 22:20:07 630784 ----a-w- c:\windows\system32\vp7vfw.dll

2010-12-10 22:20:07 237568 ----a-w- c:\windows\system32\yv12vfw.dll

2010-12-10 22:20:07 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-12-10 22:20:07 121344 ----a-w- c:\windows\system32\lagarith.dll

2010-12-10 22:20:06 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-12-10 22:20:06 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-12-10 22:20:06 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-12-10 22:20:03 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-12-09 20:17:55 -------- d-----w- c:\users\erik\appdata\local\Readon_Technology

2010-12-09 20:17:27 -------- d-----w- c:\program files\Readon Technology

2010-12-09 12:17:51 388096 ----a-r- c:\users\erik\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-09 12:17:50 -------- d-----w- c:\program files\Trend Micro

2010-12-08 17:05:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-08 17:05:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-08 17:05:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-08 16:51:06 -------- d-----w- c:\program files\CCleaner

2010-12-08 08:17:33 -------- d-----w- c:\progra~2\GarenaMessenger

2010-12-07 14:04:48 -------- d-----w- c:\program files\PMFplay H.264 Decoder

2010-12-03 12:11:38 -------- d-----w- c:\users\erik\appdata\roaming\TTPlayer

2010-12-03 11:54:33 25644032 ----a-w- c:\windows\system32\imageres.dll

2010-12-03 11:45:58 -------- d-----w- c:\progra~2\Stardock

2010-12-03 11:45:56 567040 ----a-w- c:\windows\system32\wbocx.ocx

2010-12-03 11:45:55 56496 ----a-w- c:\windows\system32\wbhelp2.dll

2010-12-03 10:49:44 -------- d-----w- c:\users\erik\.rainlendar2

2010-12-03 10:49:36 -------- d-----w- c:\program files\Rainlendar2

2010-12-03 10:08:47 172032 ----a-w- c:\windows\system32\AniGIF.ocx

2010-12-03 10:08:46 -------- d-----w- c:\program files\SpeedBit Video Accelerator

2010-11-30 14:08:52 -------- d-----w- c:\users\erik\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2010-11-29 17:16:00 -------- d-----w- c:\progra~2\Blizzard Entertainment

2010-11-29 16:38:55 -------- d-----w- c:\program files\StarCraft II

2010-11-28 10:02:46 -------- d-----w- c:\users\erik\appdata\local\Last.fm

2010-11-28 08:53:53 23000 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2010-11-28 08:53:53 138712 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2010-11-27 13:28:14 -------- d-----w- c:\users\erik\appdata\local\Stardock

2010-11-27 13:28:08 -------- d-----w- c:\program files\Stardock

2010-11-27 10:45:58 -------- d-----w- c:\program files\Garena Messenger

2010-11-27 07:44:04 444351168 ----a-w- c:\program files\mozilla firefox\Garena-HoN_setup_1.0.17_101111.exe

2010-11-27 07:43:23 -------- d-----w- c:\users\erik\appdata\local\Garena

2010-11-26 12:58:05 57344 ----a-w- c:\windows\system32\CZDrv.dll

2010-11-26 12:58:05 -------- d-----w- c:\windows\system32\Scripts

2010-11-26 11:52:58 -------- d-----w- c:\program files\AnimatedDesktop

2010-11-25 16:33:19 -------- d-----w- c:\users\erik\appdata\roaming\Luxand

2010-11-19 08:47:37 -------- d-----w- c:\users\erik\appdata\roaming\DzSoft

2010-11-19 08:47:37 -------- d-----w- c:\program files\DzSoft

2010-11-12 11:58:58 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2010-11-12 11:58:58 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

==================== Find3M ====================

2010-12-02 02:06:35 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL

2010-10-27 08:22:10 6 ----a-w- c:\users\erik\appdata\roaming\SYSTEM32.dll

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-13 14:33:44 8192 ----a-w- c:\windows\system32\srvany.exe

2010-10-01 14:00:40 737280 ----a-w- c:\windows\iun6002.exe

2010-09-23 08:55:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-23 08:55:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 3:40:41.64 ===============

Here's the contents of the report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6001 (Service Pack 1)

Number of processors #2

==============================================

>Drivers

==============================================

0x8B60A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )

0x82050000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82050000 PnpManager 3903488 bytes

0x82050000 RAW 3903488 bytes

0x82050000 WMIxWDM 3903488 bytes

0x94A60000 Win32k 2109440 bytes

0x94A60000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x88007000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)

0x87E73000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8C8F1000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8C20A000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)

0x8CC05000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)

0x804CE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0x8C604000 C:\Windows\system32\DRIVERS\cfosspeed.sys 909312 bytes (cFos Software GmbH, cFosSpeed Driver)

0xA1A00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x826A8000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8CA0A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8DA8C000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)

0x82607000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))

0x8C08A000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x80602000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x87E02000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x8DB92000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x8C80D000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)

0x8C395000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)

0x9B0F2000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x94CB0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8CD33000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8068B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x8048D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8C710000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8C141000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8C8B4000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x8CB74000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x87FA9000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)

0x8DA0F000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)

0x9B079000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x88116000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x805AE000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8201D000 ACPI_HAL 208896 bytes

0x8201D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8278C000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8CD7B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8C30C000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)

0x8C6E2000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8C862000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8C1A0000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x87F7E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x807AA000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8DB4B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0xA1AEA000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x9B0CA000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x88166000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806E2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x827D7000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x8C88F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8CACB000 C:\Windows\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0x8C77E000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8819E000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8CB21000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x9B03A000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x9B05A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8276E000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x805E2000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8CCEE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8DA71000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x8C359000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0x9B00C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8C1E2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x9B0B2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8CBBF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8C75C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x807D4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xA1B26000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8CDAD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8CD09000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0x9B025000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8C7C4000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8C7B0000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C381000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)

0x8CD1F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8C3E6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x8DB7F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8CDDB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8C18E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0xA1B3C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x8818D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x87FE3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80474000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x827BE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8CBDF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x8DB3B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8079A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8C33B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x8C7D9000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x881E9000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8DA62000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x88157000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80709000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8C7A1000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C17F000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8C34B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x94CA0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8CDCD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8CB5D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80785000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8C373000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)

0x8CABE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x881C8000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8C129000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8067E000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xA1B12000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8CB15000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8C1D7000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8C1CC000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8CB52000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8C773000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8C751000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x881D5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C136000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8C7E9000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)

0x8071B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8DA58000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8B600000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8DB75000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8CBB0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8CDC3000 C:\Windows\system32\DRIVERS\rtlprot.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Realtek Utility I/O Driver)

0xA1AE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x881BF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8CAEE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8CBD6000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x9B140000 C:\Windows\system32\DRIVERS\MpNWMon.sys 36864 bytes (Microsoft Corporation, Network monitor driver)

0xA1B55000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x827CE000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x8CB6B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x94C80000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x881E0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C200000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x806D1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x82766000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x80485000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8040C000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8CBEF000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x806DA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8CB42000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8CB4A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8814F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xA1B1E000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8CAFE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8CB0E000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8077E000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xA1B4E000 C:\Users\eRiK\AppData\Local\Temp\mbr.sys 28672 bytes

0x8CAF7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x80793000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8C7F4000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)

0x8CBBA000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)

0x8C3F9000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x9B161000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x80718000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8C088000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )

0x8DA49000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter

Driver (Win2K based))

0xA1ADE000 C:\Windows\system32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)

0x8C7FA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8CC00000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x01B30000 Hidden Image-->VistaBridgeLibrary.DLL [ EPROCESS 0x9B39FAD8 ] PID: 2500, 102400 bytes

0x05600000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x98326760 ] PID: 1900, 3821568 bytes

0x03ED0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x98326760 ] PID: 1900, 507904 bytes

0x04730000 Hidden Image-->msvcm80.dll [ EPROCESS 0x9B39B020 ] PID: 2668, 507904 bytes

0x03EB0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x98326760 ] PID: 1900, 77824 bytes

0x047B0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x9B39B020 ] PID: 2668, 77824 bytes

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

For your information, I have used the method above before. After I finish performed the ComboFix process, I couldn't access any programs due to registry loss. Is it neccessary to use this method?

Link to post
Share on other sites

Hi,

You can skip the ComboFix instructions.

Your DDS and Rootkit Unhooker log are clean, so I don't think the problem is malware related. I suggest you start a new topic about the error in the General Malwarebytes' Anti-Malware Forum. :D

Make sure you run these cleanup instructions first though:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

I'll leave this thread open for a couple days, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Link to post
Share on other sites

Hi,

You can skip the ComboFix instructions.

Your DDS and Rootkit Unhooker log are clean, so I don't think the problem is malware related. I suggest you start a new topic about the error in the General Malwarebytes' Anti-Malware Forum. :P

Make sure you run these cleanup instructions first though:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

I'll leave this thread open for a couple days, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

The problem still occured after I follow your instructions. What is the benefits for doing this?

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.