Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Vundo.JE


  • This topic is locked This topic is locked
2 replies to this topic

#1 clive1

clive1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:herts uk
  • Local time:03:18 AM

Posted 14 December 2009 - 08:55 AM

"C:\Program Files\nHancer\nHancer.exe (2868):\memory_00260000";"Trojan horse Vundo.JE";"Moved to Virus Vault"
"C:\Program Files\nHancer\nHancer.exe (2868)";"Trojan horse Vundo.JE";"Reboot is required to finish the action"


Hi, I seem to have aquired the above. Computer started runing slower and some programs wouldn't work.

Avg8 discovered the above.

I rebooted as requested and the TJ moved to another program rexengine exe2 which is part of my flight simulation program.

Avg requested further reboot and hey presto the tj moved back to nHancer.

If I run either of these two programs they don't work however they can be seen runing in task manager as processes consuming large amounts of cpu so I have tokill them from task manager.

I have run the scripts as requested and here are the results

Hope you can help
Many thanks

Clive

DDS (Ver_09-12-01.01) - NTFSx86
Run by Computer at 9:44:42.32 on 14/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2538 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Computer\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [nHancer] "c:\program files\nhancer\nHancer.exe" /tray
uRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258644714406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258645284093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-11-18 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-18 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-18 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-18 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-18 285392]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-20 12672]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2009-11-18 35712]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2009-12-7 135168]

=============== Created Last 30 ================

2009-12-13 18:08:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-13 18:08:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 18:04:31 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-13 17:54:44 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2009-12-13 13:54:30 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-12 08:43:24 0 d-----w- c:\docume~1\computer\applic~1\Malwarebytes
2009-12-12 08:43:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 08:43:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-08 07:52:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-08 07:52:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 07:48:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-08 07:48:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-08 07:48:32 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-08 07:29:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2009-12-08 07:25:22 0 d-----w- c:\windows\Downloaded Installations
2009-12-08 07:22:38 0 d-----w- c:\program files\common files\PCSuite
2009-12-08 07:21:34 0 d-----w- c:\program files\common files\Nokia
2009-12-08 07:21:10 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-08 07:21:05 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-08 07:20:58 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-08 07:20:57 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-08 07:20:56 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-08 07:20:56 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-08 07:20:56 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-08 07:20:56 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-08 07:20:08 0 d-----w- c:\program files\Nokia
2009-12-08 07:20:08 0 d-----w- c:\docume~1\alluse~1\applic~1\OviInstallerCache
2009-12-08 07:07:03 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-08 07:07:03 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-08 07:05:20 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-08 07:05:20 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-08 07:05:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-08 07:05:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-07 08:08:21 14080 ----a-r- c:\windows\system32\drivers\SaiMini.sys
2009-12-07 08:07:40 35072 ----a-r- c:\windows\system32\drivers\SaiBus.sys
2009-12-07 08:07:36 0 d-----w- c:\program files\Saitek
2009-12-07 08:07:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Saitek
2009-12-07 08:01:47 8704 ----a-r- c:\windows\system32\SaiC0BAC_0C.dll
2009-12-07 08:01:47 839680 ----a-r- c:\windows\system32\SaiC0BAC.Dll
2009-12-07 08:01:47 8192 ----a-r- c:\windows\system32\SaiC0BAC_10.dll
2009-12-07 08:01:47 8192 ----a-r- c:\windows\system32\SaiC0BAC_0A.dll
2009-12-07 08:01:47 8192 ----a-r- c:\windows\system32\SaiC0BAC_07.dll
2009-12-07 08:01:47 7680 ----a-r- c:\windows\system32\SaiC0BAC_09.dll
2009-12-07 08:01:47 7168 ----a-r- c:\windows\system32\SaiC0BAC_0402.dll
2009-12-07 08:01:47 5632 ----a-r- c:\windows\system32\SaiC0BAC_11.dll
2009-12-07 08:01:47 3938 ----a-r- c:\windows\system32\SaiD0BAC.pr0
2009-12-07 08:01:47 135168 ----a-r- c:\windows\system32\drivers\SaiH0BAC.sys
2009-12-07 07:41:04 0 d-----w- c:\program files\Exterminate It!
2009-12-06 17:30:03 0 d-----w- c:\docume~1\computer\applic~1\LimeWire
2009-12-04 11:04:32 0 d-----w- c:\program files\Trend Micro
2009-12-03 09:52:59 0 d-----w- c:\program files\Ashampoo
2009-12-03 08:10:00 0 d-----w- C:\scenery
2009-11-30 09:42:06 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca71a16112e202.mof
2009-11-29 08:18:22 0 d-----w- c:\docume~1\computer\applic~1\zBlueSoftware
2009-11-26 08:36:44 7680 --sha-w- c:\windows\Thumbs.db
2009-11-26 08:36:43 69 ----a-w- c:\windows\NeroDigital.ini
2009-11-26 00:30:15 110 ----a-w- c:\windows\AISmooth.INI
2009-11-24 21:24:48 0 d-----w- C:\ai traffic output file
2009-11-24 09:25:29 0 d-----w- c:\program files\FlyingWSimulation
2009-11-24 08:21:12 0 d-----w- c:\program files\FSC
2009-11-24 08:20:45 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-24 08:04:26 0 d-----w- c:\program files\Bevelstone Production
2009-11-24 07:57:52 0 d-----w- c:\docume~1\alluse~1\applic~1\EditVoicepackX
2009-11-23 17:09:11 0 d-----w- C:\downloads
2009-11-23 12:37:41 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2009-11-23 12:37:41 0 d-----w- c:\program files\rcv4x
2009-11-23 12:37:40 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2009-11-23 12:37:38 0 d-----w- c:\program files\rcv4
2009-11-23 09:07:38 0 d-----w- c:\program files\Real Environment Xtreme
2009-11-23 08:07:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-23 08:07:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 06:42:46 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-22 23:35:29 0 d-----w- c:\docume~1\computer\applic~1\FlyingWSimulation
2009-11-22 16:07:33 0 d-----w- c:\docume~1\computer\applic~1\nHancer
2009-11-22 16:06:30 0 d-----w- c:\program files\nHancer
2009-11-22 16:06:30 0 d-----w- c:\docume~1\alluse~1\applic~1\nHancer
2009-11-22 13:35:27 0 d-----w- C:\52b3c7269518913434dd21
2009-11-22 08:25:32 90 --sh--w- c:\windows\cnerolf.bin
2009-11-21 23:19:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2009-11-21 18:29:37 0 d-----w- c:\windows\system32\XPSViewer
2009-11-21 18:29:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-11-21 17:23:20 0 d-----w- c:\program files\MSXML 4.0
2009-11-21 16:46:00 0 d-----w- c:\program files\Microsoft Games
2009-11-20 23:33:34 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-11-20 23:33:34 0 d-----w- c:\program files\CPUID
2009-11-20 20:30:12 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-11-20 20:30:12 0 d-----w- c:\program files\Belarc
2009-11-20 17:17:31 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-11-20 09:53:34 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca69c75305da02.mof
2009-11-20 07:59:01 750984 ----a-w- c:\windows\system32\Magentic Screensaver.scr
2009-11-20 07:58:56 0 d-----w- c:\program files\Magentic
2009-11-19 22:52:43 0 d-----w- c:\program files\Windows Media Connect 2
2009-11-19 22:51:50 0 d-----w- C:\6005e3f3e14b9f18dd
2009-11-19 22:51:47 0 d-----w- c:\windows\system32\LogFiles
2009-11-19 22:31:47 0 d-----w- c:\windows\system32\scripting
2009-11-19 22:31:47 0 d-----w- c:\windows\l2schemas
2009-11-19 22:31:46 0 d-----w- c:\windows\system32\en
2009-11-19 22:31:46 0 d-----w- c:\windows\system32\bits
2009-11-19 22:26:17 0 d-----w- c:\windows\EHome
2009-11-19 22:17:38 0 d-----w- c:\windows\network diagnostic
2009-11-19 20:20:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 20:20:58 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-11-19 18:03:54 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-11-19 17:04:21 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca693a56ab3b44.mof
2009-11-19 16:52:12 0 d-----w- c:\program files\PhotoMail Maker
2009-11-19 16:52:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoMail
2009-11-19 16:51:09 0 d-----w- c:\docume~1\alluse~1\applic~1\IncrediMail
2009-11-19 16:51:09 0 d-----w- c:\docume~1\alluse~1\applic~1\IM
2009-11-19 16:46:31 0 d-----w- c:\program files\IncrediMail
2009-11-19 16:30:28 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-19 16:30:28 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-19 16:04:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-19 16:04:06 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-19 16:03:51 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-19 16:03:21 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-19 16:01:36 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-19 15:57:24 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-19 15:56:07 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-19 15:56:07 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-19 15:50:26 0 d-----w- c:\windows\system32\PreInstall
2009-11-19 15:50:24 0 d--h--w- c:\windows\$hf_mig$
2009-11-19 15:40:21 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-11-19 15:40:21 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-11-19 15:40:21 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-11-19 15:40:21 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-19 15:40:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-19 15:31:25 0 d-sh--w- c:\documents and settings\computer\UserData
2009-11-19 15:03:33 0 d-----w- c:\docume~1\computer\applic~1\5400 Series
2009-11-19 14:46:55 0 d-----w- c:\program files\Lx_cats
2009-11-19 14:46:33 40960 ----a-w- c:\windows\system32\lxctvs.dll
2009-11-19 14:46:31 335872 ----a-w- c:\windows\system32\lxctcoin.dll
2009-11-19 14:46:20 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-19 14:46:17 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-19 14:46:17 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-19 14:46:14 692224 ----a-w- c:\windows\system32\lxctdrs.dll
2009-11-19 14:46:14 65536 ----a-w- c:\windows\system32\lxctcaps.dll
2009-11-19 14:46:14 61440 ----a-w- c:\windows\system32\lxctcnv4.dll
2009-11-19 14:45:54 40960 ----a-w- c:\windows\system32\lxctpmon.dll
2009-11-19 14:45:54 32768 ----a-w- c:\windows\system32\LXCTFXPU.DLL
2009-11-19 14:45:34 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-11-19 14:45:34 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2009-11-19 14:45:34 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2009-11-19 14:45:34 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2009-11-19 14:45:34 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-11-19 14:45:34 12288 ----a-w- c:\windows\system32\lxctpmrc.dll
2009-11-19 14:45:27 0 d-----w- c:\docume~1\alluse~1\applic~1\5400 Series
2009-11-19 14:45:04 0 d-----w- c:\program files\Lexmark Toolbar
2009-11-19 14:44:46 0 d-----w- c:\program files\Lexmark 5400 Series
2009-11-19 14:29:30 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-19 14:23:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-19 14:23:30 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-19 14:23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-19 14:23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-19 14:23:11 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-18 16:28:57 376 ----a-w- c:\windows\ODBC.INI
2009-11-18 16:28:53 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-11-18 16:28:09 0 d-----w- c:\program files\common files\L&H
2009-11-18 16:27:25 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-18 16:24:52 0 d-----w- c:\windows\SHELLNEW
2009-11-18 16:23:28 0 d-----w- c:\program files\ASUSTeK
2009-11-18 16:23:18 1804 ----a-w- c:\windows\ultimgr2=#MainDialog#PlayAsusDvd#PlayAsusDvd#.mif
2009-11-18 16:21:33 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-11-18 16:21:31 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-11-18 16:21:31 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-11-18 16:21:31 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-11-18 16:21:31 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-11-18 16:21:27 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-11-18 16:20:11 0 d--h--w- C:\$AVG
2009-11-18 16:20:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-18 16:20:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-18 16:20:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-18 16:19:59 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-18 16:19:56 0 d-----w- c:\program files\AVG
2009-11-18 16:19:55 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-18 16:12:47 2422 ----a-w- c:\windows\system32\wpa.bak
2009-11-18 15:51:23 0 d-----w- c:\program files\Vtune
2009-11-18 15:44:10 0 d-----w- c:\program files\Realtek
2009-11-18 15:42:13 0 d-----w- c:\program files\VIA
2009-11-18 15:15:04 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-18 15:14:49 0 d--h--w- c:\program files\WindowsUpdate
2009-11-18 15:14:05 0 d-----w- c:\program files\common files\MSSoap
2009-11-18 15:12:59 0 d-----w- c:\program files\Online Services
2009-11-18 15:12:54 0 d-----w- c:\program files\Messenger
2009-11-18 15:12:51 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-18 15:12:20 0 d-----w- c:\program files\Windows NT
2009-11-18 15:06:04 0 d-----w- c:\program files\common files\ODBC
2009-11-18 15:06:02 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-18 15:05:37 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-13 20:02:03 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-18 15:13:30 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 9:45:54.93 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/14 10:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA93E5000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9F31000 Size: 96512 File Visible: - Signed: -
Status: -

Name: atl01_xp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
Address: 0xBA1C8000 Size: 35712 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA767000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA92FA000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xA9D8A000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA9455000 Size: 353920 File Visible: - Signed: -
Status: -

Name: BANTExt.sys
Image Path: C:\WINDOWS\System32\Drivers\BANTExt.sys
Address: 0xAA66C000 Size: 2144 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA62E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA268000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1E8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cpuz132_x32.sys
Image Path: C:\WINDOWS\system32\drivers\cpuz132_x32.sys
Address: 0xA8FE5000 Size: 12672 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA298000 Size: 61440 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAF4A4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6E1000 Size: 4096 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA3D0000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xAAF41000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xAA1AD000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9F11000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA62C000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8206000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA2B8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB88DB000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA9AF8000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA88D5000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA218000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA1D8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA942F000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA9505000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA3D8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xAF4C0000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA858A000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8266000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9EE8000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA630000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA3E0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAF4BC000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA8F80000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA934A000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xAA195000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA258000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA540000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9E01000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9E1B000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9DB9000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xABEAB000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB81EF000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2A8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xAAF51000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA9407000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA9D92000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E48000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xAB11B000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6189056 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB829D000 Size: 6280416 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB822E000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBA5DE000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB7824000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xBA1B8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB81DE000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA3F0000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA9FC7000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA228000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA238000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA248000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA3F8000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA93BA000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA632000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA1F8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA897E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB7848000 Size: 4534272 File Visible: - Signed: -
Status: -

Name: SaiBus.sys
Image Path: C:\WINDOWS\system32\drivers\SaiBus.sys
Address: 0xB96E0000 Size: 35072 File Visible: - Signed: -
Status: -

Name: SaiH0BAC.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SaiH0BAC.sys
Address: 0xA92DA000 Size: 129792 File Visible: - Signed: -
Status: -

Name: SaiMini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SaiMini.sys
Address: 0xBA568000 Size: 14080 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB9DBD000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA208000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9EFF000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA8DC6000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5D0000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB31B5000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA94AC000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA3E8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB96F0000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8180000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xA9D82000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA64E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA3C8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB09C2000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8242000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xBA398000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xAD494000 Size: 15104 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA3C0000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xAA19D000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xBA5AC000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8289000 Size: 81920 File Visible: - Signed: -
Status: -

Name: videX32.sys
Image Path: videX32.sys
Address: 0xBA338000 Size: 32768 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xAAF61000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA9D62000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA918D000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xB9ED5000 Size: 77696 File Visible: - Signed: -
Status: -

Name: xfilt.sys
Image Path: xfilt.sys
Address: 0xBA340000 Size: 32768 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:18 PM

Posted 26 December 2009 - 03:01 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:18 PM

Posted 02 January 2010 - 03:54 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users