Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop-up tabs have invaded my computer. I don't know what to do.


  • This topic is locked This topic is locked
27 replies to this topic

#1 mecharmor22

mecharmor22

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 30 July 2010 - 02:58 AM

About a week ago, my Firefox started having problems. The problems that I face is that each time I search up something on a search engine and click on a link the link takes me to some spam site other than what was actually want to go. Not only that but occasionally when I do stuff on the Firefox a pop-up tab would pop-up beside what i was in the middle of doing. The pop-ups tabs are all spam.

I came to this site seeking help if anyone could fix the problems I am facing at this present time. I went through all the things that the preparation guide wanted me to do in gathering up the reports and logs necessary.

Everything had been done but each time I tried to run a GMER scan under the specific instructions, a Blue Screen of Death shows up. I have already made two runs and the blue screen shows up each time I have tried to get that part completed for a more complete picture.

Bellow is the DDS and in the attachments is the Attach.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary Jay at 22:25:52.45 on Thu 07/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2024 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Gary Jay\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garyja~1\applic~1\mozilla\firefox\profiles\wwvskpbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F1D70FEB-8490-4C23-969E-6AE45ADE3734} - c:\documents and settings\gary jay\local settings\application data\{F1D70FEB-8490-4C23-969E-6AE45ADE3734}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-13 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-31 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-31 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-31 40552]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-20 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-20 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-5-20 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-5-20 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-5-20 235840]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-31 34248]

=============== Created Last 30 ================

2010-07-28 20:18:41 0 d-----w- c:\windows\pss
2010-07-28 19:18:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 19:18:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 08:32:10 0 d-----w- c:\windows\system32\NtmsData
2010-07-27 08:18:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 08:18:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-27 07:58:10 0 d-----w- c:\docume~1\garyja~1\applic~1\ElevatedDiagnostics
2010-07-27 07:14:11 0 d-----w- c:\windows\system32\Dell
2010-07-21 12:14:59 0 d-----w- c:\docume~1\garyja~1\applic~1\Malwarebytes
2010-07-21 12:14:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 12:14:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 08:53:01 120 ----a-w- c:\windows\Wyopebodamujumu.dat
2010-07-21 08:53:01 0 ----a-w- c:\windows\Gzilipoxazigu.bin
2010-07-21 08:51:17 150 ----a-w- C:\zrpt.xml
2010-07-21 08:50:43 0 d-----w- c:\docume~1\garyja~1\applic~1\6C418C0F515FA69909AD2912683FD491

==================== Find3M ====================

2010-07-16 09:46:21 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-05-20 20:53:29 76 --sh--r- c:\windows\CT4CET.bin
2009-07-13 05:34:24 16384 --sha-w- c:\windows\system32\config\systemprofile\iecompatcache\index.dat
2009-05-23 06:37:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-13 05:34:24 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-06-30 12:54:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat
2009-07-13 05:34:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071220090713\index.dat
2009-07-13 05:34:24 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 22:27:20.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 07 August 2010 - 04:14 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 August 2010 - 07:10 PM

Bellow are all the items you have requested.

And about other problems. I have noticed that my McAfee has been blocking Trojans more often than usual. Windows Updater in the tray claims to be updating, but it hasn't done anything for two weeks prior to giving it the okay to go ahead and update stuff.

Then occasionally my computer deploy mechanisms freeze. When that happens I can still use my mouse cursor, but whatever I do on there aint going to move to which I am then forced to do a manual shut down of the system. The system is usually alright after I boot it back up, but sometimes the same problem pops up. I've even noticed occasionally some components in System 32 tend to fail by the little thing I get from Windows when something has failed with the "Don't send" Button. I don't know what's totally going on there, yet the only thing I do know is that something is lurking in the computer causing problems.

Anyway, here are the logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary Jay at 16:05:20.28 on Sat 08/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2091 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Gary Jay\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ADC PlugIn: {19090308-636d-4e9b-a1ce-a647b6f794bf} - c:\program files\shk_v10.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garyja~1\applic~1\mozilla\firefox\profiles\wwvskpbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F1D70FEB-8490-4C23-969E-6AE45ADE3734} - c:\documents and settings\gary jay\local settings\application data\{F1D70FEB-8490-4C23-969E-6AE45ADE3734}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-13 144704]
R2 QTUpdate;Quicktime update;c:\program files\csrss.exe [2010-8-7 59904]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-31 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-31 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-31 40552]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-20 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-20 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-5-20 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-5-20 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-5-20 235840]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-31 34248]

============== File Associations ===============

exefile=c:\program files\conhost.exe "%1" %*

=============== Created Last 30 ================

2010-08-07 22:06:59 36 ----a-w- c:\program files\skynet.dat
2010-08-07 22:01:05 98304 ----a-w- c:\program files\conhost.exe
2010-08-07 22:01:04 60 ----a-w- c:\program files\sh4.dat
2010-08-07 22:01:04 59904 ----a-w- c:\program files\csrss.exe
2010-08-07 22:01:04 373248 ----a-w- c:\program files\shk_v10.dll
2010-08-07 22:01:04 2 ----a-w- c:\program files\sh3.dat
2010-08-07 22:01:04 1552 ----a-w- C:\Wireshark Antivirus.lnk
2010-08-07 21:44:44 0 d-----w- C:\Wireshark Antivirus
2010-08-07 21:44:43 0 d-----w- c:\program files\Wireshark Antivirus
2010-07-28 20:18:41 0 d-----w- c:\windows\pss
2010-07-28 19:18:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 19:18:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 08:32:10 0 d-----w- c:\windows\system32\NtmsData
2010-07-27 08:18:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 08:18:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-27 07:58:10 0 d-----w- c:\docume~1\garyja~1\applic~1\ElevatedDiagnostics
2010-07-27 07:14:11 0 d-----w- c:\windows\system32\Dell
2010-07-21 12:14:59 0 d-----w- c:\docume~1\garyja~1\applic~1\Malwarebytes
2010-07-21 12:14:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 12:14:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 08:53:01 120 ----a-w- c:\windows\Wyopebodamujumu.dat
2010-07-21 08:53:01 0 ----a-w- c:\windows\Gzilipoxazigu.bin
2010-07-21 08:51:17 150 ----a-w- C:\zrpt.xml
2010-07-21 08:50:43 0 d-----w- c:\docume~1\garyja~1\applic~1\6C418C0F515FA69909AD2912683FD491

==================== Find3M ====================

2010-08-07 22:07:32 9 ----a-w- c:\program files\nuar.old
2010-08-06 03:56:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-05-20 20:53:29 76 --sh--r- c:\windows\CT4CET.bin
2009-07-13 05:34:24 16384 --sha-w- c:\windows\system32\config\systemprofile\iecompatcache\index.dat
2009-05-23 06:37:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-13 05:34:24 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-06-30 12:54:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat
2009-07-13 05:34:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071220090713\index.dat
2009-07-13 05:34:24 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 16:07:26.78 ===============


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB7D04000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0x98141000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4800512 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xB7B50000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9EA6000 PCI_PNP5308 1052672 bytes
0xB9EA6000 splu.sys 1052672 bytes
0xB9EA6000 sptd 1052672 bytes
0x97C50000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 815104 bytes
0xB9D2B000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9C3E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB7A8F000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x97F62000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAF341000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9806E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x97761000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x96CBE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x97D17000 C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xB7A34000 C:\WINDOWS\System32\Drivers\a1hsytgm.SYS 229376 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x97F2F000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xAF39F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E60000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x97808000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9C11000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7B0A000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x964B7000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x97FD2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7CA4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9801F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x98047000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB9E0A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9811D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7CCC000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7A6C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x980FA000 C:\WINDOWS\system32\Drivers\OEM13Afx.sys 143360 bytes (Creative Technology Ltd., Advanced Audio FX Driver)
0x97FFD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D0B000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E30000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9BF7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7B36000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0x97C37000 C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0xB9DF2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E8E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0x97C0A000 C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9CE2000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xB9CCB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAF3E0000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x97C21000 C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x97B2D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7CF0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x980C7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0x96ACC000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB9CF9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E4F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAF3CF000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA8AF1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA97B3000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xAA24F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA138000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6598000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAA26F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB2CAE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\o2media.sys 49152 bytes (O2Micro , o2media)
0xB2AFF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA198000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xA9793000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB2C9E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xAA28F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\o2sd.sys 40960 bytes (O2Micro , O2Micro SD Reader Driver)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2ADF000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA8AC1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA97D3000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xA8AE1000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0x96B9E000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xB2AEF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA97A3000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x96C3E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA97C3000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB33F2000 C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0xA8FB7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA8FAF000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xA9945000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB13B6000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB33FA000 C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0xA994D000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA440000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA8FC7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xA8FBF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB330F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB3307000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB3317000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA8F97000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2285000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB3684000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB079000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAB90D000 C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0xBA5A0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9BAF000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAB07D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB93A9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB51A3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAB8F1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xA8FE1000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xA9EBE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA8FDF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA8FCF000 C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0xA8FDD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5EA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7AF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB0E1E000 C:\WINDOWS\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA7EE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7AD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AA891F8 unknown_irp_handler 3592 bytes
0x89DA81F8 unknown_irp_handler 3592 bytes
0x8AA8B1F8 unknown_irp_handler 3592 bytes
0x89D931F8 unknown_irp_handler 3592 bytes
0x89F221F8 unknown_irp_handler 3592 bytes
0x8AAFD1F8 unknown_irp_handler 3592 bytes
0x89EAA1F8 unknown_irp_handler 3592 bytes
0x89C4C368 unknown_irp_handler 3224 bytes
0x89A42500 unknown_irp_handler 2816 bytes
0x89AFC500 unknown_irp_handler 2816 bytes
!!!!!!!!!!!Hidden driver: 0x8A994AEA ?_empty_? 1302 bytes
0x8A994EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x89FB66B8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9D2B000 WARNING: suspicious driver modification [iaStor.sys::0x8A994AEA]
0xBA4C4000 WARNING: Virus alike driver modification [ACPIEC.sys], 12288 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA6000 splu.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E60000 ACPI.sys
0xB9E4F000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E30000 ftdisk.sys
0xB9E0A000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9DF2000 atapi.sys
0xB9D2B000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9D0B000 fltMgr.sys
0xB9CF9000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9CE2000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9CCB000 KSecDD.sys
0xB9C3E000 Ntfs.sys
0xB9C11000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9BF7000 Mup.sys
0xBA288000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA578000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB7D04000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7CF0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7CCC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7CA4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7B50000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7B36000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\o2sd.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\o2media.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA440000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7B0A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7A8F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA448000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA308000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7A6C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7A34000 \SystemRoot\System32\Drivers\a1hsytgm.SYS
0xBA7AF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB2CAE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB51A3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAF3E0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB2C9E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB2AFF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB3317000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xAF3CF000 \SystemRoot\system32\DRIVERS\psched.sys
0xB2AEF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB330F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB3307000 \SystemRoot\system32\DRIVERS\raspti.sys
0xAF39F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB2ADF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAF341000 \SystemRoot\system32\DRIVERS\update.sys
0xB3684000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAA28F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA26F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x98141000 \SystemRoot\system32\drivers\RtkHDAud.sys
0x9811D000 \SystemRoot\system32\drivers\portcls.sys
0xAA24F000 \SystemRoot\system32\drivers\drmk.sys
0x980FA000 \??\C:\WINDOWS\system32\Drivers\OEM13Afx.sys
0xAB07D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA9EBE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7AD000 \SystemRoot\System32\Drivers\Null.SYS
0xA8FE1000 \SystemRoot\System32\Drivers\Beep.SYS
0xA994D000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xA9945000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8FC7000 \SystemRoot\System32\drivers\vga.sys
0xA8FDF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA8FDD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA8FBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA8FB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB8F1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x980C7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9806E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x98047000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA97D3000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA97C3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9801F000 \SystemRoot\system32\DRIVERS\netbt.sys
0x97FFD000 \SystemRoot\System32\drivers\afd.sys
0xA97B3000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA97A3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x97FD2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x97F62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97F2F000 \SystemRoot\system32\drivers\mfehidk.sys
0xA9793000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2285000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xA8FAF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA8AF1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8AE1000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x97D17000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
0xA8FCF000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
0xB9BAF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA8AC1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB93A9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97C50000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA5A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8F97000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7EE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA198000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB0E1E000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x97C37000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xB33FA000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAB90D000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xB33F2000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xBA468000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x97C21000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x97C0A000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xAB079000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97B2D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6598000 \SystemRoot\system32\drivers\sysaudio.sys
0x97808000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x97761000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA370000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x96CBE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB13B6000 \SystemRoot\system32\drivers\mfebopk.sys
0x96ACC000 \SystemRoot\system32\drivers\mfeavfk.sys
0x96B9E000 \SystemRoot\system32\drivers\mfesmfk.sys
0x964B7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
864 C:\WINDOWS\system32\smss.exe
928 csrss.exe
952 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1220 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1440 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1768 svchost.exe
1920 C:\WINDOWS\system32\WLTRYSVC.EXE
1936 C:\WINDOWS\system32\BCMWLTRY.EXE
1988 C:\WINDOWS\system32\spoolsv.exe
164 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
684 C:\WINDOWS\explorer.exe
1016 C:\Program Files\DellTPad\Apoint.exe
1244 C:\WINDOWS\system32\hkcmd.exe
1352 C:\WINDOWS\system32\igfxtray.exe
1384 C:\WINDOWS\system32\igfxpers.exe
1392 C:\WINDOWS\RTHDCPL.EXE
1424 C:\WINDOWS\system32\WLTRAY.EXE
1432 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1504 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1636 C:\WINDOWS\system32\igfxsrvc.exe
1656 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
1876 C:\WINDOWS\system32\ctfmon.exe
1964 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
424 svchost.exe
596 C:\Program Files\Java\jre6\bin\jqs.exe
444 C:\Program Files\DellTPad\hidfind.exe
576 C:\Program Files\DellTPad\ApntEx.exe
1372 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1744 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1828 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
2076 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2168 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2208 C:\Program Files\McAfee\MPF\MpfSrv.exe
2244 C:\WINDOWS\system32\drivers\o2flash.exe
2320 C:\Program Files\csrss.exe
2428 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2508 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2552 C:\WINDOWS\system32\svchost.exe
2708 C:\WINDOWS\system32\searchindexer.exe
2820 C:\Program Files\McAfee.com\Agent\mcagent.exe
912 C:\WINDOWS\system32\svchost.exe
3808 C:\Program Files\Mozilla Firefox\firefox.exe
1892 C:\Program Files\Mozilla Firefox\plugin-container.exe
2896 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
1996 C:\WINDOWS\system32\searchprotocolhost.exe
4320 searchfilterhost.exe
5592 C:\Documents and Settings\Gary Jay\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 49317473774A146FB87EC5200B1C6B80AB2FF32D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 07 August 2010 - 07:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Scan with exeHelper:

Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 August 2010 - 08:58 PM

Can you repost the download to exeHelper. Somehow when I tried to download it, McAfee caught a Trojan trying to get in.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 07 August 2010 - 09:43 PM

http://www.raktor.net/exeHelper/exeHelper.com turn off Mcafee so it don't eat it again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 August 2010 - 10:59 PM

I tried it again with the McAfee off and it registers 404. I then McAfee back on and there is still a 404. Is there another way to gain a hold of that file?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 07 August 2010 - 11:22 PM

ok try to run combofix Mcafee has to be turned off


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 August 2010 - 01:05 AM

I turned off all functions of McAfee as instructed and ran Combofix. But for the two times I had tried to run it from the beginning, a Blue Screen of Death shows up on my screen. I don't know what to do next.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 08 August 2010 - 01:45 AM

Hello

ok lets have a go with this

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 August 2010 - 02:37 AM

I did all the following steps. The thing worked. It found a rootkit. The report is bellow. After I did the mandatory reboot and started up again, the Windows Updater started working again.


2010/08/08 00:06:56.0609 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/08 00:06:56.0609 ================================================================================
2010/08/08 00:06:56.0609 SystemInfo:
2010/08/08 00:06:56.0609
2010/08/08 00:06:56.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/08 00:06:56.0609 Product type: Workstation
2010/08/08 00:06:56.0609 ComputerName: D1X0RGJ1
2010/08/08 00:06:56.0609 UserName: Gary Jay
2010/08/08 00:06:56.0609 Windows directory: C:\WINDOWS
2010/08/08 00:06:56.0609 System windows directory: C:\WINDOWS
2010/08/08 00:06:56.0609 Processor architecture: Intel x86
2010/08/08 00:06:56.0609 Number of processors: 2
2010/08/08 00:06:56.0609 Page size: 0x1000
2010/08/08 00:06:56.0609 Boot type: Normal boot
2010/08/08 00:06:56.0609 ================================================================================
2010/08/08 00:06:57.0140 Initialize success
2010/08/08 00:07:12.0578 ================================================================================
2010/08/08 00:07:12.0578 Scan started
2010/08/08 00:07:12.0578 Mode: Manual;
2010/08/08 00:07:12.0578 ================================================================================
2010/08/08 00:07:12.0984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/08 00:07:13.0140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/08 00:07:13.0156 ACPIEC (5c2c27e5e22013d5f20f9fb57a117e86) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/08 00:07:13.0156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPIEC.sys. Real md5: 5c2c27e5e22013d5f20f9fb57a117e86, Fake md5: 9859c0f6936e723e4892d7141b1327d5
2010/08/08 00:07:13.0156 ACPIEC - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/08 00:07:13.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/08 00:07:13.0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/08 00:07:13.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/08 00:07:13.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/08 00:07:13.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/08 00:07:13.0609 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/08 00:07:13.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/08 00:07:13.0781 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/08 00:07:13.0843 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/08 00:07:14.0000 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/08 00:07:14.0062 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/08 00:07:14.0109 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/08 00:07:14.0171 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/08/08 00:07:14.0281 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/08 00:07:14.0531 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/08 00:07:14.0593 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/08 00:07:14.0671 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/08 00:07:14.0718 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/08 00:07:14.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/08 00:07:14.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/08 00:07:14.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/08 00:07:14.0875 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/08 00:07:15.0109 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/08 00:07:15.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/08 00:07:15.0406 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/08 00:07:15.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/08 00:07:15.0453 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/08 00:07:15.0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/08 00:07:15.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/08 00:07:15.0625 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/08 00:07:15.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/08 00:07:15.0843 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/08 00:07:15.0921 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/08 00:07:15.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/08 00:07:16.0031 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/08 00:07:16.0062 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/08 00:07:16.0093 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/08 00:07:16.0203 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/08 00:07:16.0343 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/08/08 00:07:16.0390 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/08/08 00:07:16.0453 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/08/08 00:07:16.0500 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/08/08 00:07:16.0515 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/08/08 00:07:16.0562 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/08/08 00:07:16.0640 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/08/08 00:07:16.0703 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/08/08 00:07:16.0859 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/08/08 00:07:16.0921 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/08/08 00:07:17.0046 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/08 00:07:17.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/08 00:07:17.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/08 00:07:17.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/08 00:07:17.0375 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/08 00:07:17.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/08 00:07:17.0437 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/08/08 00:07:17.0656 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/08/08 00:07:17.0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/08 00:07:17.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/08 00:07:17.0906 FilterService (5c329e2ab8dd62310213cbfac0178539) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/08 00:07:18.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/08 00:07:18.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/08 00:07:18.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/08 00:07:18.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/08 00:07:18.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/08 00:07:18.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/08 00:07:18.0343 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/08 00:07:18.0531 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/08 00:07:18.0562 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/08 00:07:18.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/08 00:07:18.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/08 00:07:18.0953 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/08 00:07:19.0000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/08 00:07:19.0296 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/08 00:07:19.0781 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
2010/08/08 00:07:19.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/08 00:07:19.0906 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/08 00:07:20.0218 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/08 00:07:20.0546 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/08 00:07:20.0593 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/08 00:07:20.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/08 00:07:20.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/08 00:07:20.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/08 00:07:20.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/08 00:07:20.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/08 00:07:20.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/08 00:07:21.0000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/08 00:07:21.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/08 00:07:21.0093 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/08 00:07:21.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/08 00:07:21.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/08 00:07:21.0453 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/08/08 00:07:21.0828 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/08/08 00:07:22.0187 lvpopflt (e8acf6dd83956fb63ceb058d5f51b18a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/08/08 00:07:22.0453 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/08/08 00:07:22.0593 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/08 00:07:22.0796 LVUVC (922be6770499220dc27b529ca236815a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/08 00:07:23.0046 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/08/08 00:07:23.0109 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/08/08 00:07:23.0171 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/08/08 00:07:23.0265 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/08/08 00:07:23.0359 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/08/08 00:07:23.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/08 00:07:23.0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/08 00:07:23.0687 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/08 00:07:23.0765 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/08 00:07:23.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/08 00:07:24.0031 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/08/08 00:07:24.0234 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/08 00:07:24.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/08 00:07:24.0343 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/08 00:07:24.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/08 00:07:24.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/08 00:07:24.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/08 00:07:24.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/08 00:07:24.0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/08 00:07:24.0796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/08 00:07:24.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/08 00:07:24.0906 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/08 00:07:24.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/08 00:07:25.0109 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/08 00:07:25.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/08 00:07:25.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/08 00:07:25.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/08 00:07:25.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/08 00:07:25.0250 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/08 00:07:25.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/08 00:07:25.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/08 00:07:25.0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/08 00:07:25.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/08 00:07:25.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/08 00:07:25.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/08 00:07:25.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/08 00:07:25.0921 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys
2010/08/08 00:07:25.0937 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2010/08/08 00:07:26.0000 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
2010/08/08 00:07:26.0218 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
2010/08/08 00:07:26.0312 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
2010/08/08 00:07:26.0421 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/08 00:07:26.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/08 00:07:26.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/08 00:07:26.0640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/08 00:07:26.0687 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/08 00:07:26.0750 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/08 00:07:26.0781 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/08 00:07:26.0984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/08 00:07:27.0046 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/08 00:07:27.0125 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/08 00:07:27.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/08 00:07:27.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/08 00:07:27.0359 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/08 00:07:27.0453 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/08 00:07:27.0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/08 00:07:27.0640 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/08 00:07:27.0671 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/08 00:07:27.0703 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/08 00:07:27.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/08 00:07:27.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/08 00:07:27.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/08 00:07:27.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/08 00:07:28.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/08 00:07:28.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/08 00:07:28.0093 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/08 00:07:28.0265 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/08 00:07:28.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/08 00:07:28.0390 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/08 00:07:28.0484 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/08 00:07:28.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/08 00:07:28.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/08 00:07:28.0718 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/08 00:07:28.0765 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/08 00:07:28.0812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/08 00:07:28.0843 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/08 00:07:29.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/08 00:07:29.0125 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
2010/08/08 00:07:29.0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/08 00:07:29.0375 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/08 00:07:29.0453 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/08 00:07:29.0546 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/08 00:07:29.0671 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/08 00:07:29.0750 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/08 00:07:29.0843 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/08 00:07:29.0953 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/08 00:07:30.0093 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/08 00:07:30.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/08 00:07:30.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/08 00:07:30.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/08 00:07:30.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/08 00:07:30.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/08 00:07:30.0531 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/08 00:07:30.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/08 00:07:30.0625 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/08 00:07:30.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/08 00:07:30.0859 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/08 00:07:30.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/08 00:07:31.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/08 00:07:31.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/08 00:07:31.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/08 00:07:31.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/08 00:07:31.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/08 00:07:31.0437 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/08 00:07:31.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/08 00:07:31.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/08 00:07:31.0718 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/08 00:07:31.0765 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/08 00:07:31.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/08 00:07:32.0015 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/08/08 00:07:32.0109 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/08 00:07:32.0218 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/08 00:07:32.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/08 00:07:32.0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/08 00:07:32.0546 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/08 00:07:32.0593 ================================================================================
2010/08/08 00:07:32.0593 Scan finished
2010/08/08 00:07:32.0593 ================================================================================
2010/08/08 00:07:32.0609 Detected object count: 1
2010/08/08 00:09:11.0078 ACPIEC (5c2c27e5e22013d5f20f9fb57a117e86) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/08 00:09:11.0078 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPIEC.sys. Real md5: 5c2c27e5e22013d5f20f9fb57a117e86, Fake md5: 9859c0f6936e723e4892d7141b1327d5
2010/08/08 00:09:14.0093 Backup copy found, using it..
2010/08/08 00:09:14.0109 C:\WINDOWS\system32\DRIVERS\ACPIEC.sys - will be cured after reboot
2010/08/08 00:09:14.0109 Rootkit.Win32.TDSS.tdl3(ACPIEC) - User select action: Cure
2010/08/08 00:09:34.0406 Deinitialize success


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 08 August 2010 - 02:43 AM

Hello

very good now I want you to update combofix and try to run it again if it still gives you a problem then I want you to try it in safe mode

update combofix

I would like you to download an updated virsion of combofix.
    Delete the version of combofix you have now on your desktop and download a new one from here

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 August 2010 - 03:54 AM

I tried downloading the file from all three links and they all registered to have Trojans on them. Are there additional alternatives?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 08 August 2010 - 04:06 AM

You will have to shut down the antivirus - they don't have trojans


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 August 2010 - 05:14 AM

I almost forgot to mention. The other Combofix I ran from before did ask me if I wanted to update before proceeding as what was written in the instructions from this site. I did select yes to update the one I had previously, before going about as instructed. That one is currently in the recycle bin. Should I salvage it or do you have other alternatives?

All three links for the Update Combofix on this thread currently register as 404 when I tried downloading them again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users