Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and now Winsock.dll error


  • This topic is locked This topic is locked
16 replies to this topic

#1 osogrande

osogrande

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 18 October 2010 - 09:06 PM

Recently I had a virus/Malware that was redirecting my Google to other sites (incredibly frustrating) I thought I had eliminated it but yesterday it came back and caused my IE to lock up. I had to reboot my machine in order to get IE working. However, after rebooting I now get a window that says

"The Application or DLL c:\windows\system32\winsock.dll is not a valid Windows image. Please check this against your installation diskette."

It will not allow me to get to the internet at all. I can ping my router and get a new IP via IPconfig, but will not allow me to get out at all. All my other computers are fine (which tells me it is not an internet issue) I believe that this has turned into a multi issue problem. I also can not get gmer to run. It will run for quite a while and then it hits something that causes a complete reboot. Can anyone diagnose what issue I have? See information below.

DDS (Ver_10-10-10.03) - NTFSx86
Run by Will at 14:37:08.42 on Mon 10/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.656 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100919115421.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ErrorTeck] c:\program files\errorteck\ErrorTeck.exe /scan
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://www.toyota.com/vehicles/2007/sequoia/key_features/int360.html
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-28 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-2-23 84072]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-2-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-2-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-2-23 141792]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-28 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-2-23 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-2-23 88544]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-2-23 55840]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-28 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-2-23 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-23 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-28 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [2006-10-24 3968]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2010-10-18 19:08:27 -------- d-----w- c:\program files\Support Tools
2010-10-18 15:32:56 -------- d-----w- C:\ComboFix
2010-10-18 15:06:40 -------- d-----w- c:\docume~1\will\applic~1\ErrorTeck
2010-10-18 03:40:38 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-18 03:40:35 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-18 03:40:34 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-18 03:40:30 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-18 03:40:27 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-18 03:40:13 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-18 03:40:07 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-18 03:40:06 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-18 03:40:02 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-18 03:40:01 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-18 03:38:57 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-10-18 03:37:58 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-10-18 03:36:57 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2010-10-18 03:35:59 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-10-18 03:34:58 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2010-10-18 03:33:58 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-10-18 03:32:57 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-10-18 03:31:59 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-10-18 03:30:56 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-10-18 03:29:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-10-18 03:28:59 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2010-10-18 03:27:59 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-18 03:26:59 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-10-18 03:25:45 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-10-18 03:25:42 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-10-18 03:25:41 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-10-18 03:25:35 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-10-18 03:25:31 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-10-18 03:25:26 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-10-18 03:25:21 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-18 03:25:17 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-10-18 03:25:14 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-10-18 03:25:13 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-10-18 03:25:10 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-10-18 03:25:07 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-10-18 03:25:00 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-10-18 03:23:58 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-10-18 03:22:59 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-10-18 03:21:59 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2010-10-18 03:20:58 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-10-18 03:19:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-10-18 03:18:58 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-10-18 03:17:59 24653 -c--a-w- c:\windows\system32\dllcache\el574nd4.sys
2010-10-18 03:16:59 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2010-10-18 03:15:59 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-10-18 03:14:57 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-18 03:13:52 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-10-01 21:46:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-01 21:46:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-01 15:07:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-01 15:07:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-01 15:00:25 -------- d-----w- c:\program files\Bonjour
2010-09-30 15:25:37 -------- d-sha-r- C:\cmdcons
2010-09-30 15:21:22 98816 ----a-w- c:\windows\sed.exe
2010-09-30 15:21:22 77312 ----a-w- c:\windows\MBR.exe
2010-09-30 15:21:22 256512 ----a-w- c:\windows\PEV.exe
2010-09-30 15:21:22 161792 ----a-w- c:\windows\SWREG.exe
2010-09-30 15:19:00 389120 ----a-w- c:\windows\system32\CF21951.exe
2010-09-27 02:29:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 02:29:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 02:29:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 01:31:23 388096 ----a-r- c:\docume~1\will\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-09-27 01:31:22 -------- d-----w- c:\program files\Trend Micro
2010-09-20 01:38:30 -------- d-----w- c:\docume~1\will\locals~1\applic~1\Threat Expert
2010-09-20 01:07:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 23:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2003-08-27 19:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll

============= FINISH: 14:38:53.76 ===============

Attached Files


Edited by osogrande, 18 October 2010 - 09:10 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:28 AM

Posted 27 October 2010 - 11:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 02 November 2010 - 06:40 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 03 November 2010 - 01:25 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========



  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.


    Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All

  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* RKU log
* MbrCheck log

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 04 November 2010 - 04:06 PM

OTL was too large to post. I have attached it.

Extra.txt below

OTL Extras logfile created on: 11/4/2010 3:04:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Will\My Documents\Downloads\spybot
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 455.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 89.22 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
Drive E: | 119.98 Mb Total Space | 113.34 Mb Free Space | 94.47% Space Free | Partition Type: FAT

Computer Name: RAPTOR | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010AB825-DDD4-420E-849A-B70C24E97687}" = Big Game Hunter 6
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{158C641B-D60C-45E4-A380-B5725A4FE98A}" = ScopeCam Driver Installer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39FBF2DB-0F4F-4CB4-9760-5E81FD3353EF}" = Oakley THUMP128MB Audio Player
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{78CCD1CA-A056-446A-BF2D-C603552F0420}" = Roxio Easy Media Creator 7
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3E7E93-7749-4D37-8975-75BEB9A47ECC}" = CardScan 8.0.4
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}" = Garmin City Navigator North America 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE428642-5112-49AC-B08F-D87DA8392FD2}" = Garmin MapSource
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D85AB83D-CD2D-44D0-9DA3-E16294DE81D2}" = Intel Audio Studio 2.0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"aopa_cher6" = AOPA Cherokee Six v1.0
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 7.15.7.8
"DTCLookup" = DTCLookup
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"ForPilots Logbook" = ForPilots Logbook
"Hoyle Casino 5" = Hoyle Casino 5
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InterActual Player" = InterActual Player
"LinksLS99DeinstKey" = Links LS 1999
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"ST6UNST #1" = FAA Test Prep - Pvt v1.B.1.S
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Basic 2006" = TurboTax Basic 2006
"TurboTax Basic 2007" = TurboTax Basic 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WineBee 1.2" = WineBee 1.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2010 9:53:13 AM | Computer Name = RAPTOR | Source = Microsoft Office 14 | ID = 5000
Description = EventType office11shipassert, P1 2oyl, P2 14.0.4763.0, P3 NIL, P4
NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 10/20/2010 10:08:13 AM | Computer Name = RAPTOR | Source = Microsoft Office 14 | ID = 5000
Description = EventType office11shipassert, P1 2oyl, P2 14.0.4763.0, P3 NIL, P4
NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 10/20/2010 9:42:36 AM | Computer Name = RAPTOR | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 10/20/2010 9:42:46 AM | Computer Name = RAPTOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd TfFsMon TfSysMon

Error - 10/20/2010 9:42:50 AM | Computer Name = RAPTOR | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {9A9D6CEF-AD50-4CFF-8163-7701B9B1C165}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/20/2010 9:44:33 AM | Computer Name = RAPTOR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/20/2010 9:45:10 AM | Computer Name = RAPTOR | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/4/2010 3:49:44 PM | Computer Name = RAPTOR | Source = Service Control Manager | ID = 7000
Description = The X4HSX32 service failed to start due to the following error: %%3

Error - 11/4/2010 3:49:58 PM | Computer Name = RAPTOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd TfFsMon TfSysMon

Error - 11/4/2010 3:49:59 PM | Computer Name = RAPTOR | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {9A9D6CEF-AD50-4CFF-8163-7701B9B1C165}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 11/4/2010 3:50:59 PM | Computer Name = RAPTOR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/4/2010 3:52:30 PM | Computer Name = RAPTOR | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >


RKU Log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6BCC000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6135808 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6057984 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 178.13 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF4024000 C:\WINDOWS\system32\drivers\sthda.sys 1048576 bytes (SigmaTel, Inc., NDRC)
0xF735D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF3CE5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF68C9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF7416000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xF3E2B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBA3BB000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF6A1F000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xF3F72000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 294912 bytes (Sonic Solutions, CD-UDF NT Filesystem Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9A3D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3ED1000 C:\WINDOWS\System32\Drivers\UDFReadr.SYS 204800 bytes (Sonic Solutions, CD-UDF NT Filesystem Reader Driver)
0xF69EF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7513000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA52B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7330000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA03C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF3D7D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6B46000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF3DCA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74BD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6B92000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xF3DF2000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8F57000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6A92000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF6B6E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF3F15000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 143360 bytes (Windows ® 2000 DDK provider, DVDVR Filesystem Reader Driver)
0xF6B0F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF3DA8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4002000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7485000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74E3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF6AF2000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Sonic Solutions, Win2000 Framework for Packet Write Driver)
0xF7316000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3C2D000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73EA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6AC7000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9B46000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF7401000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xBA0AE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6ADE000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xF6B32000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6BB8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3E84000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF3E18000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7473000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7502000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6AB6000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6997000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7792000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76C2000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7652000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7762000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7872000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7822000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77A2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA243000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7842000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7662000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF76A2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7752000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77B2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7682000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7782000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 45056 bytes (Sonic Solutions, CDR4 CD and DVD Burning Helper Driver)
0xF7882000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7672000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77C2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7832000 C:\WINDOWS\system32\drivers\sfng32.sys 45056 bytes (Sonic Focus, Inc, SFNG32.SYS)
0xF7642000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7802000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA4E3000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF77F2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7692000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB8FDB000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7732000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77E2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7862000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF6967000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7852000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A02000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7A4A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF79CA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF79DA000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 28672 bytes (Sonic Solutions, CDRAL for Windows 2000 Kernel Driver)
0xF7A32000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7992000 C:\DOCUME~1\Will\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF78C2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7962000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78E2000 C:\WINDOWS\System32\Drivers\Cinemsup.SYS 24576 bytes (Sonic Solutions, SW CineMaster Support)
0xF7A12000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 24576 bytes (Sonic Solutions, DVD-RAM AddOn Driver)
0xF79E2000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF79D2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A0A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79C2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A3A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A42000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78CA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79F2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D2000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79FA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79EA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7982000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA038000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7B02000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA6F0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF72D9000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A52000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF3FDE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB98C1000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA507000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72C9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF69D3000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B80000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B46000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BFA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B7E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B42000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B82000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BA0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B84000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B72000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B74000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B78000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B44000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C76000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D4F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C24000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C0A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x055D0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 1077248 bytes
0x05740000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 126976 bytes
0x03290000 Hidden Image-->System.XML.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 2060288 bytes
0x066E0000 Hidden Image-->System.Security.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 266240 bytes
0x04660000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 266240 bytes
0x043B0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 270336 bytes
0x05920000 Hidden Image-->log4net.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 282624 bytes
0x04040000 Hidden Image-->System.Data.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 2961408 bytes
0x04C00000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 307200 bytes
0x034B0000 Hidden Image-->System.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 3190784 bytes
0x06370000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 421888 bytes
0x03200000 Hidden Image-->System.configuration.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 438272 bytes
0x03020000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 471040 bytes
0x044A0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 479232 bytes
0x05F70000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 479232 bytes
0x04E50000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 5033984 bytes
0x00F10000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 53248 bytes
0x05420000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 634880 bytes
0x031A0000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 77824 bytes
0x03F70000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86481DA0 ] PID: 1440, 778240 bytes
0x031E0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x86481DA0 ] PID: 1440, 86016 bytes
0x05DD0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86481DA0 ] PID: 1440, 872448 bytes


MBR log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B42000 \WINDOWS\system32\KDCOM.DLL
0xF7A52000 \WINDOWS\system32\BOOTVID.dll
0xF7513000 ACPI.sys
0xF7B44000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7502000 pci.sys
0xF7642000 isapnp.sys
0xF7652000 ohci1394.sys
0xF7662000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C0A000 pciide.sys
0xF78C2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7672000 MountMgr.sys
0xF74E3000 ftdisk.sys
0xF7B46000 dmload.sys
0xF74BD000 dmio.sys
0xF78CA000 PartMgr.sys
0xF7682000 VolSnap.sys
0xF74A5000 atapi.sys
0xF7692000 disk.sys
0xF76A2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7485000 fltmgr.sys
0xF7473000 sr.sys
0xF7416000 mfehidk.sys
0xF7401000 drvmcdb.sys
0xF78D2000 PxHelp20.sys
0xF73EA000 KSecDD.sys
0xF735D000 Ntfs.sys
0xF7330000 NDIS.sys
0xF7316000 Mup.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7732000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6BCC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6BB8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B92000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF6B32000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7752000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79D2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7762000 \SystemRoot\system32\DRIVERS\serial.sys
0xF72D9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7772000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7782000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7792000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B0F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79DA000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF6AF2000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF79E2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7C76000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6ADE000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72C9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6AC7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6AB6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77E2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6A92000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6A1F000 \SystemRoot\system32\drivers\mfefirek.sys
0xF79F2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79FA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7B72000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7A02000 \SystemRoot\System32\Drivers\Modem.SYS
0xF69EF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A0A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B74000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF68C9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B02000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A12000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF7802000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF4024000 \SystemRoot\system32\drivers\sthda.sys
0xF4002000 \SystemRoot\system32\drivers\portcls.sys
0xF7822000 \SystemRoot\system32\drivers\drmk.sys
0xF7832000 \SystemRoot\system32\drivers\sfng32.sys
0xF7842000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B78000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B7E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C24000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B80000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A32000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A3A000 \SystemRoot\System32\drivers\vga.sys
0xF7B82000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF3F72000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF3F15000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xF7A42000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A4A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF3ED1000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xF69D3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3E84000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3E2B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3E18000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF3DF2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7852000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3DCA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3DA8000 \SystemRoot\System32\drivers\afd.sys
0xF7862000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3D7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7872000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3CE5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7882000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78E2000 \SystemRoot\System32\Drivers\Cinemsup.SYS
0xF6997000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3C2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BFA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3FDE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7982000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D4F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA6F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA52B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BA0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA3BB000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA4E3000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xBA0AE000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA243000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA03C000 \SystemRoot\system32\drivers\kmixer.sys
0xBA038000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB9B46000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB9A3D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB98C1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8FDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA507000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8F57000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7992000 \??\C:\DOCUME~1\Will\LOCALS~1\Temp\mbr.sys
0xF7962000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
648 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
992 C:\WINDOWS\system32\svchost.exe
1064 svchost.exe
1172 svchost.exe
1256 C:\WINDOWS\system32\spoolsv.exe
1336 svchost.exe
1372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1384 C:\Program Files\Bonjour\mDNSResponder.exe
1440 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1488 C:\Program Files\Java\jre6\bin\jqs.exe
1504 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1564 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
1604 C:\WINDOWS\system32\nvsvc32.exe
1640 C:\WINDOWS\system32\HPZipm12.exe
1700 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
1756 C:\WINDOWS\system32\svchost.exe
1824 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
1928 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
2232 alg.exe
3136 C:\WINDOWS\explorer.exe
3172 C:\WINDOWS\system32\wscntfy.exe
3668 C:\WINDOWS\SM1bg.exe
3688 C:\WINDOWS\system32\rundll32.exe
3764 C:\Program Files\McAfee.com\Agent\mcagent.exe
2476 C:\Program Files\iTunes\iTunesHelper.exe
2532 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2580 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
2620 C:\WINDOWS\system32\ctfmon.exe
3988 C:\Program Files\iPod\bin\iPodService.exe
2724 C:\Documents and Settings\Will\My Documents\Downloads\spybot\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160812A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Attached Files

  • Attached File  OTL.Txt   352.72KB   1 downloads


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 04 November 2010 - 10:53 PM

Well done. :thumbup2:

This next......

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


How is your computer running now?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 05 November 2010 - 04:25 PM

I can not get ComboFix to fully run. It will run the scan, reboot the system, then try to create the report. At that point it bluescreens. Want me to try it in safe mode?

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 05 November 2010 - 05:38 PM

Hello,

  • Have you completely disabled your AV?
  • Are you getting any error messages?
  • What screen does it hang at?

    Please do this...

  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.


Take a look at C:\Combofix.txt If a log is there please post it.

Regards,
thcbytes

Edited by thcbytes, 05 November 2010 - 05:41 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 05 November 2010 - 06:07 PM

here is the log. please note, due to the winsock.dll error I cannot get on the internet so I am moving the data between my laptop and my PC via mem stick.

Volume in drive C has no label.
Volume Serial Number is 4C18-9ABB

Directory of C:\QooBox

11/05/2010 03:28 PM <DIR> .
11/05/2010 03:28 PM <DIR> ..
10/18/2010 11:25 AM 13,442 Add-Remove Programs.txt
11/05/2010 03:30 PM <DIR> BackEnv
10/18/2010 11:26 AM 19,956 ComboFix2.txt
10/16/2010 07:21 AM 20,682 ComboFix3.txt
10/08/2010 11:33 AM 59,235 ComboFix4.txt
11/05/2010 03:27 PM 36,923 ComboFix5.txt
11/05/2010 05:11 PM <DIR> LastRun
09/30/2010 10:29 AM <DIR> Quarantine
09/30/2010 03:45 PM 1,453,429 SnapShot@2010-09-30_20.44.26.dat
10/08/2010 11:31 AM 1,462,477 SnapShot_2010-10-08_16.29.48.dat
11/05/2010 05:09 PM <DIR> Test
11/05/2010 03:27 PM <DIR> TestC
7 File(s) 3,066,144 bytes

Directory of C:\QooBox\BackEnv

11/05/2010 03:30 PM <DIR> .
11/05/2010 03:30 PM <DIR> ..
11/05/2010 03:29 PM 459 AppData.folder.dat
11/05/2010 03:29 PM 562 Cache.folder.dat
11/05/2010 03:29 PM 195 Cookies.folder.dat
11/05/2010 03:29 PM 335 Desktop.folder.dat
11/05/2010 03:29 PM 349 Favorites.folder.dat
11/05/2010 03:29 PM 378 History.folder.dat
11/05/2010 03:29 PM 432 LocalAppData.folder.dat
11/05/2010 03:29 PM 389 LocalSettings.folder.dat
11/05/2010 03:29 PM 236 Music.folder.dat
11/05/2010 03:29 PM 186 NetHood.folder.dat
11/05/2010 03:29 PM 255 Personal.folder.dat
11/05/2010 03:29 PM 248 Pictures.folder.dat
11/05/2010 03:29 PM 194 PrintHood.folder.dat
11/05/2010 03:29 PM 342 Profiles.Folder.dat
11/05/2010 03:29 PM 584 Profiles.Folder.folder.dat
11/05/2010 03:29 PM 293 Programs.folder.dat
11/05/2010 03:29 PM 182 Recent.folder.dat
11/05/2010 03:29 PM 182 SendTo.folder.dat
11/05/2010 03:28 PM 5,358 SetPath.bat
11/05/2010 03:29 PM 303 StartMenu.folder.dat
11/05/2010 03:29 PM 333 StartUp.folder.dat
11/05/2010 03:28 PM 1,815 SysPath.dat
11/05/2010 03:29 PM 243 Templates.folder.dat
11/05/2010 04:57 PM 2,188 VikPev00
24 File(s) 16,041 bytes

Directory of C:\QooBox\LastRun

11/05/2010 05:11 PM <DIR> .
11/05/2010 05:11 PM <DIR> ..
11/05/2010 05:11 PM 0 CregC.old
11/05/2010 03:27 PM 10 erunt.dat
11/05/2010 05:08 PM 0 RenVDel.dat
11/05/2010 03:30 PM 117 SvcTarget.dat
11/05/2010 05:11 PM 74,445 zhsvc.old
5 File(s) 74,572 bytes

Directory of C:\QooBox\Quarantine

09/30/2010 10:29 AM <DIR> .
09/30/2010 10:29 AM <DIR> ..
10/16/2010 07:09 AM <DIR> C
11/05/2010 04:58 PM 905 catchme.log
10/18/2010 11:25 AM <DIR> Registry_backups
1 File(s) 905 bytes

Directory of C:\QooBox\Quarantine\C

10/16/2010 07:09 AM <DIR> .
10/16/2010 07:09 AM <DIR> ..
10/16/2010 07:09 AM <DIR> DOCUME~1
09/30/2010 11:38 AM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\DOCUME~1

10/16/2010 07:09 AM <DIR> .
10/16/2010 07:09 AM <DIR> ..
10/16/2010 07:09 AM <DIR> Will
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\DOCUME~1\Will

10/16/2010 07:09 AM <DIR> .
10/16/2010 07:09 AM <DIR> ..
10/16/2010 07:09 AM <DIR> LOCALS~1
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\DOCUME~1\Will\LOCALS~1

10/16/2010 07:09 AM <DIR> .
10/16/2010 07:09 AM <DIR> ..
11/05/2010 04:49 PM <DIR> temp
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\DOCUME~1\Will\LOCALS~1\temp

11/05/2010 04:49 PM <DIR> .
11/05/2010 04:49 PM <DIR> ..
06/23/2007 05:23 PM 24,576 IadHide4.dll.vir
1 File(s) 24,576 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

09/30/2010 11:38 AM <DIR> .
09/30/2010 11:38 AM <DIR> ..
10/24/2006 09:03 AM 0 AutoRun.INI.vir
09/30/2010 11:38 AM <DIR> Downloaded Program Files
11/05/2010 03:39 PM <DIR> system32
1 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files

09/30/2010 11:38 AM <DIR> .
09/30/2010 11:38 AM <DIR> ..
08/18/2004 04:47 PM 241 popcaploader.inf.vir
1 File(s) 241 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32

11/05/2010 03:39 PM <DIR> .
11/05/2010 03:39 PM <DIR> ..
03/03/2004 02:46 PM 90,112 ccrpTmr6.dll.vir
11/05/2010 03:39 PM <DIR> config
09/30/2010 10:32 AM <DIR> Drivers
1 File(s) 90,112 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\config

11/05/2010 03:39 PM <DIR> .
11/05/2010 03:39 PM <DIR> ..
10/15/2010 03:27 AM 16,777,216 jnzonoiz.sav.vir
1 File(s) 16,777,216 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\Drivers

09/30/2010 10:32 AM <DIR> .
09/30/2010 10:32 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

10/18/2010 11:25 AM <DIR> .
10/18/2010 11:25 AM <DIR> ..
09/30/2010 11:57 AM 1,318 AddRemove-ADDS Flight Path Tool.reg.dat
09/30/2010 11:55 AM 297 HKLM-Run-Auto EPSON Stylus CX4200 Series on HORNET.reg.dat
09/30/2010 11:55 AM 248 HKLM-Run-EPSON Stylus CX4200 Series.reg.dat
09/30/2010 11:35 AM 990 Legacy_6TO4.reg.dat
09/30/2010 11:56 AM 600 MSConfigStartUp-Ad-Watch.reg.dat
09/30/2010 11:56 AM 538 MSConfigStartUp-SigmatelSysTrayApp.reg.dat
09/30/2010 11:56 AM 622 MSConfigStartUp-SunJavaUpdateSched.reg.dat
09/30/2010 11:35 AM 3,886 Service_6to4.reg.dat
11/05/2010 05:08 PM 8,245 tcpip.reg
10/18/2010 11:25 AM 173 Toolbar-Locked.reg.dat
09/30/2010 11:55 AM 171 WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
11 File(s) 17,088 bytes

Directory of C:\QooBox\Test

11/05/2010 05:09 PM <DIR> .
11/05/2010 05:09 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\TestC

11/05/2010 03:27 PM <DIR> .
11/05/2010 03:27 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
53 File(s) 20,066,895 bytes
50 Dir(s) 96,314,654,720 bytes free

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 05 November 2010 - 09:01 PM

This next please...

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

==========

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.

Are you able to establish an internet connection? What other problems persist?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 06 November 2010 - 12:24 PM

Ok, now we are up and running. PC is back on the internet. TDS Killer log below.

2010/11/05 21:05:51.0062 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/05 21:05:51.0062 ================================================================================
2010/11/05 21:05:51.0062 SystemInfo:
2010/11/05 21:05:51.0062
2010/11/05 21:05:51.0062 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/05 21:05:51.0062 Product type: Workstation
2010/11/05 21:05:51.0062 ComputerName: RAPTOR
2010/11/05 21:05:51.0062 UserName: Will
2010/11/05 21:05:51.0062 Windows directory: C:\WINDOWS
2010/11/05 21:05:51.0062 System windows directory: C:\WINDOWS
2010/11/05 21:05:51.0062 Processor architecture: Intel x86
2010/11/05 21:05:51.0062 Number of processors: 2
2010/11/05 21:05:51.0062 Page size: 0x1000
2010/11/05 21:05:51.0062 Boot type: Normal boot
2010/11/05 21:05:51.0062 ================================================================================
2010/11/05 21:05:51.0343 Initialize success
2010/11/05 21:05:59.0781 ================================================================================
2010/11/05 21:05:59.0781 Scan started
2010/11/05 21:05:59.0781 Mode: Manual;
2010/11/05 21:05:59.0781 ================================================================================
2010/11/05 21:06:00.0843 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/05 21:06:00.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/05 21:06:01.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/05 21:06:01.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/05 21:06:01.0375 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/05 21:06:01.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/05 21:06:01.0718 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/05 21:06:01.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/05 21:06:01.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/05 21:06:01.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/05 21:06:02.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/05 21:06:02.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/05 21:06:02.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/05 21:06:02.0437 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/05 21:06:02.0453 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/05 21:06:02.0515 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/05 21:06:02.0562 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/05 21:06:02.0640 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/11/05 21:06:02.0750 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
2010/11/05 21:06:03.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/05 21:06:03.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/05 21:06:03.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/05 21:06:03.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/05 21:06:03.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/05 21:06:03.0593 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/05 21:06:03.0656 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
2010/11/05 21:06:03.0703 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2010/11/05 21:06:03.0796 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/05 21:06:03.0890 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/05 21:06:03.0968 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/11/05 21:06:04.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/05 21:06:04.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/05 21:06:04.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/05 21:06:04.0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/05 21:06:04.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/05 21:06:04.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/05 21:06:04.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/05 21:06:04.0343 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
2010/11/05 21:06:04.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/05 21:06:04.0421 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/05 21:06:04.0468 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/05 21:06:04.0546 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/05 21:06:04.0640 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
2010/11/05 21:06:04.0718 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/05 21:06:04.0890 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/05 21:06:04.0937 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/05 21:06:05.0000 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/05 21:06:05.0093 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/05 21:06:05.0281 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/05 21:06:05.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/05 21:06:05.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/05 21:06:05.0515 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/05 21:06:05.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/05 21:06:05.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/05 21:06:05.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/05 21:06:05.0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/05 21:06:05.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/05 21:06:05.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/05 21:06:05.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/05 21:06:06.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/05 21:06:06.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/05 21:06:06.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/05 21:06:06.0359 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/11/05 21:06:06.0390 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/05 21:06:06.0468 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/05 21:06:06.0531 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/11/05 21:06:06.0609 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/05 21:06:06.0671 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/05 21:06:06.0671 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/05 21:06:06.0734 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/11/05 21:06:06.0796 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/05 21:06:06.0875 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/05 21:06:06.0984 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/11/05 21:06:07.0046 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/05 21:06:07.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/05 21:06:07.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/05 21:06:07.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/05 21:06:07.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/05 21:06:07.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/05 21:06:07.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/05 21:06:07.0500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/05 21:06:07.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/05 21:06:07.0562 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/05 21:06:07.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/05 21:06:07.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/05 21:06:07.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/05 21:06:07.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/05 21:06:07.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/05 21:06:07.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/05 21:06:07.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/05 21:06:07.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/05 21:06:07.0968 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/05 21:06:08.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/05 21:06:08.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/05 21:06:08.0109 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/05 21:06:08.0187 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/05 21:06:08.0250 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/05 21:06:08.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/05 21:06:08.0593 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/05 21:06:08.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/05 21:06:08.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/05 21:06:08.0937 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/05 21:06:09.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/05 21:06:09.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/05 21:06:09.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/05 21:06:09.0234 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/05 21:06:09.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/05 21:06:09.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/05 21:06:09.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/05 21:06:09.0546 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/05 21:06:09.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/05 21:06:09.0625 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/05 21:06:09.0687 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/05 21:06:09.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/05 21:06:09.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/05 21:06:09.0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/05 21:06:10.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/05 21:06:10.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/05 21:06:10.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/05 21:06:10.0187 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/05 21:06:10.0234 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/05 21:06:10.0296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/05 21:06:10.0375 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/05 21:06:10.0468 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/11/05 21:06:10.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/05 21:06:10.0640 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/11/05 21:06:10.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/05 21:06:10.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/05 21:06:10.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/05 21:06:10.0906 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
2010/11/05 21:06:10.0984 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/05 21:06:11.0062 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/05 21:06:11.0125 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/05 21:06:11.0203 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/05 21:06:11.0312 STHDA (ba225dbe19060a8bece4cfbcdcc8b69d) C:\WINDOWS\system32\drivers\sthda.sys
2010/11/05 21:06:11.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/05 21:06:11.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/05 21:06:11.0546 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys
2010/11/05 21:06:11.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/05 21:06:11.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/05 21:06:12.0046 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/05 21:06:12.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/05 21:06:12.0187 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/05 21:06:12.0500 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
2010/11/05 21:06:12.0578 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/05 21:06:12.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/05 21:06:12.0828 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/05 21:06:12.0968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/05 21:06:13.0046 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/05 21:06:13.0093 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/05 21:06:13.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/05 21:06:13.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/05 21:06:13.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/05 21:06:13.0312 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/11/05 21:06:13.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/05 21:06:13.0484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/05 21:06:13.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/05 21:06:13.0625 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/11/05 21:06:13.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/05 21:06:13.0890 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/05 21:06:13.0984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/05 21:06:14.0062 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/05 21:06:14.0296 ================================================================================
2010/11/05 21:06:14.0296 Scan finished
2010/11/05 21:06:14.0296 ================================================================================
2010/11/05 21:07:05.0312 Deinitialize success

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 06 November 2010 - 03:21 PM

Excellent. :thumbup2:

Try this next...

Right click and delete your current copy of Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!

==========

Now reboot into Safe Mode.

  • This can be done tapping the F8 key as soon as you start your computer.
  • You will be brought to a menu where you can choose to boot into safe mode.
  • Make sure you choose the option with networking support.
  • Please see here for additional details.

==========

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.


When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply


What problems remain?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 06 November 2010 - 09:49 PM

did everything you said to do. Combofix goes through all 50 stages, starts to build the log and the computer will hard reboot. I made sure that McAfee is disabled. Thoughts?

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 07 November 2010 - 12:47 PM

Does it just hang or does it BSOD?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 osogrande

osogrande
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 07 November 2010 - 09:17 PM

Neither. Goes to a full reboot as if I had pulled the power.I don't even get the blue screen. I do get the "Microsoft has recovered from a serious error" message after startup.

Edited by osogrande, 07 November 2010 - 09:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users