Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft.Windows.SecurityCenter.Firewallbypass


  • This topic is locked This topic is locked
2 replies to this topic

#1 dharlow

dharlow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 11 October 2009 - 10:27 AM

I need some help understanding how to remove this.


DDS (Ver_09-09-29.01) - NTFSx86
Run by dharlow at 10:17:38.93 on Sun 10/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -5:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.EXE
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Installs\analizethis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_16\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Installs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {21092e26-c464-4ffa-a86a-1cde051a4067} - vugopifu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [WD_SRT] "c:\program files\western digital technologies\wd win98 se usb disk driver, v1.00.09\WD_SRT.EXE"
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_16\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: imon.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234396841639
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
AppInit_DLLs: gogoheri.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli lorizuzu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dharlow\applic~1\mozilla\firefox\profiles\fjwzj69r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-2-11 15424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-2-11 552064]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-2-15 1373480]
S2 sohmyatg;sohmyatg;c:\windows\system32\drivers\ahmaqse.sys --> c:\windows\system32\drivers\ahmaqse.sys [?]
S3 Acdt_gona;Acdt_gona; [x]
S3 Ntmadisa;Ntmadisa; [x]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-5-13 33792]

=============== Created Last 30 ================

2009-10-10 19:36 108,336 a------- c:\windows\system32\mswinsck.ocx
2009-10-05 20:13 <DIR> --d----- c:\program files\Cirlinca HD-Audio Solo Ultra
2009-10-05 20:11 1,060,864 a------- c:\windows\system32\mfc71.dll
2009-09-27 19:08 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-09-25 18:16 151,188 a---h--- c:\windows\system32\mlfcache.dat
2009-09-11 16:32 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-11 16:27 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-10-11 09:19 421,060 a------- c:\windows\system32\FontInfo.bin
2009-10-11 09:19 143,976 a------- c:\windows\system32\GlyphInfo.bin
2009-09-27 18:56 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-27 19:38 11,024 a------- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-08-25 23:00 3,411 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Shorten Codec.dat
2009-08-25 19:47 653,176 a------- c:\windows\system32\SpoonUninstall.exe
2009-08-25 19:36 14,373 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-31 07:25 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-07-31 07:25 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-07-31 07:25 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-02-16 20:25 47,360 a------- c:\docume~1\dharlow\applic~1\pcouffin.sys
2009-07-10 23:46 1,011,452 a--sh--- c:\windows\system32\dayoyadu.exe
2009-07-10 20:47 1,011,128 a--sh--- c:\windows\system32\fupipivo.exe
2009-07-10 20:47 69,120 a--sh--- c:\windows\system32\tilepilo.dll

============= FINISH: 10:18:00.37 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/11/2009 5:42:45 PM
System Uptime: 10/11/2009 9:18:25 AM (1 hours ago)

Motherboard: Dell Inc. | | 0X8582
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 37.089 GiB free.
D: is CDROM (UDF)
F: is FIXED (NTFS) - 174 GiB total, 107.384 GiB free.
H: is FIXED (FAT32) - 596 GiB total, 459.345 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8180&SUBSYS_33031186&REV_20\4&5855BE9&0&10F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8180&SUBSYS_33031186&REV_20\4&5855BE9&0&10F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01A71028&REV_01\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01A71028&REV_01\3&172E68DD&0&FB
Service:

==== System Restore Points ===================

RP163: 10/10/2009 8:36:02 PM - System Checkpoint
RP164: 10/10/2009 8:36:02 PM - Installed LEADTOOLS ePrint 5 Professional
RP165: 10/10/2009 8:36:02 PM - Printer Driver LEADTOOLS ePrint 5 Driver Installed
RP166: 10/10/2009 8:36:03 PM - System Checkpoint
RP167: 10/10/2009 8:36:03 PM - System Checkpoint
RP168: 10/10/2009 8:36:03 PM - Software Distribution Service 3.0
RP169: 10/10/2009 8:36:03 PM - System Checkpoint
RP170: 10/10/2009 8:36:03 PM - System Checkpoint
RP171: 10/10/2009 8:36:04 PM - System Checkpoint
RP172: 10/10/2009 8:36:04 PM - System Checkpoint
RP173: 10/10/2009 8:36:04 PM - 7-23-09
RP174: 10/10/2009 8:36:04 PM - Installed Java™ 6 Update 13
RP175: 10/10/2009 8:36:05 PM - Removed J2SE Runtime Environment 5.0 Update 16
RP176: 10/10/2009 8:36:05 PM - Restore Operation
RP177: 10/10/2009 8:36:05 PM - Restore Operation
RP178: 10/10/2009 8:36:05 PM - Removed J2SE Runtime Environment 5.0 Update 16
RP179: 10/10/2009 8:36:06 PM - Installed J2SE Runtime Environment 5.0 Update 16
RP180: 10/10/2009 8:36:06 PM - System Checkpoint
RP181: 10/10/2009 8:36:06 PM - System Checkpoint
RP182: 10/10/2009 8:36:06 PM - System Checkpoint
RP183: 10/10/2009 8:36:07 PM - System Checkpoint
RP184: 10/10/2009 8:36:07 PM - System Checkpoint
RP185: 10/10/2009 8:36:07 PM - System Checkpoint
RP186: 10/10/2009 8:36:07 PM - System Checkpoint
RP187: 10/10/2009 8:36:07 PM - System Checkpoint
RP188: 10/10/2009 8:36:08 PM - System Checkpoint
RP189: 10/10/2009 8:36:08 PM - System Checkpoint
RP190: 10/10/2009 8:36:08 PM - Software Distribution Service 3.0
RP191: 10/10/2009 8:36:08 PM - System Checkpoint
RP192: 10/10/2009 8:36:08 PM - System Checkpoint
RP193: 10/10/2009 8:36:09 PM - System Checkpoint
RP194: 10/10/2009 8:36:09 PM - System Checkpoint
RP195: 10/10/2009 8:36:09 PM - System Checkpoint
RP196: 10/10/2009 8:36:09 PM - System Checkpoint
RP197: 10/10/2009 8:36:09 PM - Removed Adobe Photoshop
RP198: 10/10/2009 8:36:09 PM - Installed Adobe Photoshop
RP199: 10/10/2009 8:36:10 PM - System Checkpoint
RP200: 10/10/2009 8:36:10 PM - Software Distribution Service 3.0
RP201: 10/10/2009 8:36:10 PM - Software Distribution Service 3.0
RP202: 10/10/2009 8:36:10 PM - System Checkpoint
RP203: 10/10/2009 8:36:10 PM - System Checkpoint
RP204: 10/10/2009 8:36:10 PM - System Checkpoint
RP205: 10/10/2009 8:36:10 PM - System Checkpoint
RP206: 10/10/2009 8:36:11 PM - Software Distribution Service 3.0
RP207: 10/10/2009 8:36:11 PM - System Checkpoint
RP208: 10/10/2009 8:36:11 PM - System Checkpoint
RP209: 10/10/2009 8:36:11 PM - System Checkpoint
RP210: 10/10/2009 8:36:11 PM - System Checkpoint
RP211: 10/10/2009 8:36:11 PM - 8-27-09
RP212: 10/10/2009 8:36:12 PM - Restore Operation
RP213: 10/10/2009 8:36:12 PM - System Checkpoint
RP214: 10/10/2009 8:36:12 PM - System Checkpoint
RP215: 10/10/2009 8:36:12 PM - System Checkpoint
RP216: 10/10/2009 8:36:13 PM - System Checkpoint
RP217: 10/10/2009 8:36:13 PM - Software Distribution Service 3.0
RP218: 10/10/2009 8:36:13 PM - System Checkpoint
RP219: 10/10/2009 8:36:13 PM - System Checkpoint
RP220: 10/10/2009 8:36:13 PM - System Checkpoint
RP221: 10/10/2009 8:36:14 PM - Software Distribution Service 3.0
RP222: 10/10/2009 8:36:14 PM - System Checkpoint
RP223: 10/10/2009 8:36:14 PM - System Checkpoint
RP224: 10/10/2009 8:36:14 PM - Restore Operation
RP225: 10/10/2009 8:36:14 PM - Software Distribution Service 3.0
RP226: 10/10/2009 8:36:14 PM - System Checkpoint
RP227: 10/10/2009 8:36:15 PM - System Checkpoint
RP228: 10/10/2009 8:36:15 PM - System Checkpoint
RP229: 10/10/2009 8:36:15 PM - System Checkpoint
RP230: 10/10/2009 8:36:15 PM - System Checkpoint
RP231: 10/10/2009 8:36:16 PM - System Checkpoint
RP232: 10/10/2009 8:36:16 PM - System Checkpoint
RP233: 10/10/2009 8:36:16 PM - System Checkpoint
RP234: 10/10/2009 8:36:16 PM - System Checkpoint
RP235: 10/10/2009 8:36:16 PM - Installed Safari
RP236: 10/10/2009 8:36:16 PM - System Checkpoint
RP237: 10/10/2009 8:36:17 PM - Installed Java™ 6 Update 16
RP238: 10/10/2009 8:36:17 PM - Removed Java™ 6 Update 16
RP239: 10/10/2009 8:36:17 PM - Installed Java™ 6 Update 16
RP240: 10/10/2009 8:36:17 PM - Removed Java™ 6 Update 16
RP241: 10/10/2009 8:36:17 PM - System Checkpoint
RP242: 10/10/2009 8:36:18 PM - System Checkpoint
RP243: 10/10/2009 8:36:18 PM - System Checkpoint
RP244: 10/10/2009 8:36:18 PM - System Checkpoint
RP245: 10/10/2009 8:36:18 PM - System Checkpoint
RP246: 10/11/2009 12:47:10 AM - 10-11-09
RP247: 10/11/2009 9:25:46 AM - now

==== Installed Programs ======================

7-Zip 4.65
AC3Filter (remove only)
ACDSee
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop 7.0
Adobe Photoshop CS
Adobe Reader 7.0
Adobe SVG Viewer 3.0
Alien Skin Xenofex 2.0
Apple Software Update
Ask & Record Toolbar 4.01
Ask Toolbar
Audio Conversion Wizard 2.0
Audio DVD Creator 1.9.1.0
Auto Gordian Knot 2.55
AviSynth 2.5
AVS Audio Converter version 5.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BluffTitler
Bonjour
Bryce® 5
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 3.4.8.123
CoreVorbis Audio Decoder (remove only)
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDVD 8
dBpoweramp Music Converter
dBpoweramp Shorten Codec
discWelder CHROME
DoremiSoft FLV to MPG Converter 1.0
DVD-lab PRO 2.5
DVD Flick 1.3.0.6
DVD Shrink 3.2
dvda-author-package (uninstall only)
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
Exact Audio Copy 0.99pb4
Express Rip
Extensis pxl SmartScale 1.0
Eye Candy 4000
ffdshow [rev 1723] [2007-12-24]
FlacSquisher
foobar2000 v0.9.6.3
GSpot Codec Information Appliance
Haali Media Splitter
Handbrake 2.4.1
HD-Audio Solo Ultra 2.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ImgBurn
Intel® PRO Network Connections Drivers
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 16
LEADTOOLS ePrint 5 Professional
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MKVtoolnix 2.9.7
Monitor Calibration Wizard 1.0
Mozilla Firefox (3.5.3)
Nero 6 Enterprise Edition
NOD32 Antivirus System
NVIDIA Drivers
Ogg Codecs 0.81.15562
PeerGuardian 2.0
Picasa 3
Pixillion Image Converter
Prism Video Converter
QuickPar 0.9
Replay Media Catcher 3.02
RTF Convertor 1.0 (Beta)
Safari
Samsung ML-2010 Series
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sentinel System Driver
Spybot - Search & Destroy
Switch Sound File Converter
The KMPlayer 2.9.4.1434
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Explorer 8.5 Trial
Ulead Photo Express 6
Ultra Defragmenter
Ultra Video Splitter 5.1.0713
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
Wacom Tablet
WavePad Sound Editor
Way To Go! Bowling
WD Win98 SE USB Disk Driver, v1.00.09
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/6/2009 6:11:56 PM, error: Service Control Manager [7000] - The sohmyatg service failed to start due to the following error: The system cannot find the file specified.
10/6/2009 6:11:56 PM, error: Service Control Manager [7000] - The Sentinel service failed to start due to the following error: The system cannot find the device specified.
10/6/2009 6:11:56 PM, error: Service Control Manager [7000] - The Acdt_gona service failed to start due to the following error: The system cannot find the path specified.
10/5/2009 10:01:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DENNY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{88B622FB-9601-445F-BC3. The master browser is stopping or an election is being forced.
10/10/2009 9:26:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/10/2009 9:12:27 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 9:12:23 PM, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 8:55:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/10/2009 8:52:54 PM, error: Service Control Manager [7031] - The NOD32 Kernel Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/10/2009 8:52:43 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 8:52:34 PM, error: Service Control Manager [7031] - The NOD32 Kernel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/10/2009 7:46:00 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.12. The machine with the IP address 192.168.0.11 did not allow the name to be claimed by this machine.
10/10/2009 5:51:51 PM, error: Service Control Manager [7034] - The TabletServiceWacom service terminated unexpectedly. It has done this 1 time(s).
10/10/2009 5:51:43 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 10:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: C:\Program Files\CyberLink\PowerDVD8\000.fcl
Address: 0xA6CCD000 Size: 135168 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAB02A000 Size: 138496 File Visible: - Signed: -
Status: -

Name: amon.sys
Image Path: C:\WINDOWS\system32\drivers\amon.sys
Address: 0xA7053000 Size: 501952 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9E54000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA696000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB1989000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA138000 Size: 62976 File Visible: - Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xBA338000 Size: 29120 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Address: 0xB85D5000 Size: 196608 File Visible: - Signed: -
Status: -

Name: ctsfm2k.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Address: 0xB85AF000 Size: 155648 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F23000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA118000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA73A8000 Size: 749568 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB32D2000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA777000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xB83AD000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA7123000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xAC5DE000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9E1C000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB198B000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Address: 0xBA420000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA158000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA428000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB32EA000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB83D5000 Size: 680704 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xB847C000 Size: 1042432 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xB857B000 Size: 212224 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA691C000 Size: 264832 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xB9E6C000 Size: 749568 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA128000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA318000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xA6A25000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAB04C000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAB0F3000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA448000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xBA598000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5E31000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB8605000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DF3000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB8DDE000 Size: 9920 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB1987000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA418000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xB04C1000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA450000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA594000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA70F6000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAAF8F000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xAE306000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA198000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA56C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9D1F000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9D39000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9CA6000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB7CFD000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8396000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB9900000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xAC5EE000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAB072000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nod32drv.sys
Image Path: C:\WINDOWS\system32\drivers\nod32drv.sys
Address: 0xB0883000 Size: 7648 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xAE2FE000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D66000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xAFAF0000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6172672 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB87DB000 Size: 6301248 File Visible: - Signed: -
Status: -

Name: P17.sys
Image Path: C:\WINDOWS\system32\drivers\P17.sys
Address: 0xB864C000 Size: 1404928 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xBA1A8000 Size: 47360 File Visible: - Signed: -
Status: -

Name: pgfilter.sys
Image Path: C:\Program Files\PeerGuardian2\pgfilter.sys
Address: 0xB3547000 Size: 24576 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8628000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8385000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA438000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA0F8000 Size: 36320 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB0096000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA168000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA178000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA188000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA440000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAAFFF000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB1985000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8355000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA148000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6B25000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E3C000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9E0A000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA6E56000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5F2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAC451000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAB09A000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA430000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA1B8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xA745F000 Size: 66048 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB82F7000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB198D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA410000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xAC69D000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB87A3000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xAEBB5000 Size: 25856 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xAE2F6000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA408000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xAEBAD000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB87C7000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wacommousefilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
Address: 0xBA4A8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: wacomvhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
Address: 0xBA5EE000 Size: 7168 File Visible: - Signed: -
Status: -

Name: WacomVKHid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
Address: 0xBA5F0000 Size: 5760 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xAC5FE000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB5034000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA703E000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xB0086000 Size: 12032 File Visible: - Signed: -
Status: -

Thanks for your assitance.

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:41 PM

Posted 26 October 2009 - 02:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:41 PM

Posted 31 October 2009 - 11:03 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users