Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Virus


  • This topic is locked This topic is locked
39 replies to this topic

#1 crafty2148

crafty2148

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 23 December 2010 - 06:28 AM

I have had problems for a little while now. I had at least 6 Trojan Virus'. I have used Symantec and SUPER antispyware to remove them. However i am still having problems. Basically websites that use Java seem to run choppy and my CPU runs at 100%. I am not sure if i am still infected or not but i am hoping someone can help. I also have been talking to 'boopme' at the following link:

http://www.bleepingcomputer.com/forums/topic365401.html

He has been very helpful and he has directed me this way.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Cory Craft at 21:44:59.25 on Wed 12/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3072.2602 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Cory Craft\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADcANQA1ADcAOQAwADYALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBGADkATQA3AEIAKwAyAA"&"prod=90"&"ver=9.0.872
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222897348483
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553545600} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: {04F530F7-1E22-494B-B600-2BF011F74FA8} = 207.255.0.130,207.255.0.131
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-17 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-19 20328]
R2 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\pci latency tool 3\LtcyCfgSvc.exe [2005-12-25 5120]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-12-26 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-12-26 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-12-26 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-11 102448]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-25 6656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101219.003\NAVENG.SYS [2010-12-19 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101219.003\NAVEX15.SYS [2010-12-19 1360760]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 cpuz132;cpuz132;\??\c:\docume~1\corycr~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\corycr~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2009-12-26 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-12-26 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-12-26 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-12-26 72728]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-10-20 23456]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-12-21 02:07:07 -------- d-----w- c:\docume~1\corycr~1\applic~1\SUPERAntiSpyware.com
2010-12-21 02:07:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-21 02:06:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-20 00:35:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 03:27:45 -------- d-----w- c:\program files\ESET
2010-12-15 03:20:56 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:20:34 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 20:48:09 -------- d-----w- c:\docume~1\corycr~1\applic~1\Malwarebytes
2010-12-07 20:48:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 20:48:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-07 20:47:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 20:47:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 20:43:46 -------- d-----w- c:\docume~1\corycr~1\locals~1\applic~1\Symantec
2010-12-06 20:42:36 91968 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-06 20:42:11 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-06 20:42:11 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-06 20:41:12 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-12-06 20:41:12 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-12-06 20:40:58 -------- d-----w- c:\program files\Symantec
2010-12-06 20:40:58 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-06 20:40:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-12-01 02:48:08 -------- d-----w- c:\windows\Performance
2010-12-01 02:48:01 -------- d-----w- c:\docume~1\corycr~1\locals~1\applic~1\Microsoft Corporation
2010-12-01 02:47:35 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

==================== Find3M ====================

2010-12-20 00:35:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 19:13:12 240968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-27 19:13:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-27 19:13:11 240960 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 23:31:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-08 08:30:00 888424 ------w- c:\windows\system32\nvdispco32.dll
2010-10-08 08:30:00 813672 ------w- c:\windows\system32\nvgenco32.dll
2010-10-08 08:30:00 6358784 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-08 08:30:00 61440 ------w- c:\windows\system32\OpenCL.dll
2010-10-08 08:30:00 4882432 ------w- c:\windows\system32\nvcuda.dll
2010-10-08 08:30:00 2932840 ------w- c:\windows\system32\nvcuvid.dll
2010-10-08 08:30:00 2666088 ------w- c:\windows\system32\nvcuvenc.dll
2010-10-08 08:30:00 2293194 ------w- c:\windows\system32\nvdata.bin
2010-10-08 08:30:00 1462272 ------w- c:\windows\system32\nvapi.dll
2010-10-08 08:30:00 14528512 ------w- c:\windows\system32\nvoglnt.dll
2010-10-08 08:30:00 13012992 ------w- c:\windows\system32\nvcompiler.dll
2010-10-08 06:28:36 81920 ------w- c:\windows\system32\nvwddi.dll
2010-10-08 06:28:18 277608 ------w- c:\windows\system32\nvmccs.dll
2010-10-08 06:28:18 110696 ------w- c:\windows\system32\nvmctray.dll
2010-10-08 06:28:16 13851752 ------w- c:\windows\system32\nvcpl.dll
2010-10-08 06:28:14 156776 ------w- c:\windows\system32\nvsvc32.exe
2010-10-08 06:28:14 145000 ------w- c:\windows\system32\nvcolor.exe

============= FINISH: 21:45:31.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:04 AM

Posted 31 December 2010 - 01:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 31 December 2010 - 06:16 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Cory Craft at 14:09:40.00 on Fri 12/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3072.2479 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cory Craft\Desktop\Virus Help\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADcANQA1ADcAOQAwADYALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBGADkATQA3AEIAKwAyAA"&"prod=90"&"ver=9.0.872
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222897348483
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553545600} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: {04F530F7-1E22-494B-B600-2BF011F74FA8} = 207.255.0.130,207.255.0.131
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-17 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-19 20328]
R2 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\pci latency tool 3\LtcyCfgSvc.exe [2005-12-25 5120]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-12-26 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-12-26 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-12-26 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-11 102448]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-25 6656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101227.034\NAVENG.SYS [2010-12-28 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101227.034\NAVEX15.SYS [2010-12-28 1360760]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 cpuz132;cpuz132;\??\c:\docume~1\corycr~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\corycr~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-26 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2009-12-26 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-12-26 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-12-26 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-12-26 72728]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-10-20 23456]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-12-23 21:28:14 709456 ----a-w- c:\windows\isRS-000.tmp
2010-12-21 02:07:07 -------- d-----w- c:\docume~1\corycr~1\applic~1\SUPERAntiSpyware.com
2010-12-21 02:07:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-21 02:06:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-20 00:35:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 03:27:45 -------- d-----w- c:\program files\ESET
2010-12-15 03:20:56 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:20:34 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 20:48:09 -------- d-----w- c:\docume~1\corycr~1\applic~1\Malwarebytes
2010-12-07 20:48:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 20:48:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-07 20:47:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 20:47:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 20:43:46 -------- d-----w- c:\docume~1\corycr~1\locals~1\applic~1\Symantec
2010-12-06 20:42:36 91968 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-06 20:42:11 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-06 20:42:11 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-06 20:41:12 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-12-06 20:41:12 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-12-06 20:40:58 -------- d-----w- c:\program files\Symantec
2010-12-06 20:40:58 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-06 20:40:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec

==================== Find3M ====================

2010-12-20 00:35:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 19:13:12 240968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-27 19:13:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-27 19:13:11 240960 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 23:31:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-08 08:30:00 888424 ------w- c:\windows\system32\nvdispco32.dll
2010-10-08 08:30:00 813672 ------w- c:\windows\system32\nvgenco32.dll
2010-10-08 08:30:00 6358784 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-08 08:30:00 61440 ------w- c:\windows\system32\OpenCL.dll
2010-10-08 08:30:00 4882432 ------w- c:\windows\system32\nvcuda.dll
2010-10-08 08:30:00 2932840 ------w- c:\windows\system32\nvcuvid.dll
2010-10-08 08:30:00 2666088 ------w- c:\windows\system32\nvcuvenc.dll
2010-10-08 08:30:00 2293194 ------w- c:\windows\system32\nvdata.bin
2010-10-08 08:30:00 1462272 ------w- c:\windows\system32\nvapi.dll
2010-10-08 08:30:00 14528512 ------w- c:\windows\system32\nvoglnt.dll
2010-10-08 08:30:00 13012992 ------w- c:\windows\system32\nvcompiler.dll
2010-10-08 06:28:36 81920 ------w- c:\windows\system32\nvwddi.dll
2010-10-08 06:28:18 277608 ------w- c:\windows\system32\nvmccs.dll
2010-10-08 06:28:18 110696 ------w- c:\windows\system32\nvmctray.dll
2010-10-08 06:28:16 13851752 ------w- c:\windows\system32\nvcpl.dll
2010-10-08 06:28:14 156776 ------w- c:\windows\system32\nvsvc32.exe
2010-10-08 06:28:14 145000 ------w- c:\windows\system32\nvcolor.exe

============= FINISH: 14:10:08.28 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 01 January 2011 - 08:33 AM

Hello, crafty2148.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent, BitComet, Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.






Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.







Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker


Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 01 January 2011 - 12:39 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000035

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF798B000 viaide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7647000 Lbd.sys
0xF7657000 PxHelp20.sys
0xF7451000 KSecDD.sys
0xF743E000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7411000 NDIS.sys
0xF7667000 uagp35.sys
0xF7717000 viaagp1.sys
0xB87E6000 Mup.sys
0xB870E000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xB6E92000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB6D25000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF76A7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF779F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB6D01000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB6CED000 \SystemRoot\System32\DRIVERS\parport.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7943000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7947000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xB6C5F000 \SystemRoot\system32\drivers\smwdm.sys
0xB6C3B000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xB6C18000 \SystemRoot\system32\drivers\ks.sys
0xF79AD000 \SystemRoot\system32\drivers\aeaudio.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xB6B99000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB6B64000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF77BF000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\LtcyCfgWDM.sys
0xB82E8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF79B1000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7587000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB87C2000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB6AEB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB7B1E000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB7B0E000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB6ADA000 \SystemRoot\System32\DRIVERS\psched.sys
0xB7AFE000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77D7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB6AAA000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB7AEE000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF77EF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB6A74000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF79B3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB6A16000 \SystemRoot\System32\DRIVERS\update.sys
0xB87A2000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB26CB000 \SystemRoot\system32\drivers\ha20x2k.sys
0xB269B000 \SystemRoot\system32\drivers\emupia2k.sys
0xB2672000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB25D6000 \SystemRoot\system32\drivers\ctac32k.sys
0xB2599000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xB256D000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xB2426000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xB7ADE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7A9E000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79B7000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB028C000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xB011C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF74F7000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF772F000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF7A05000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF793F000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB873E000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF773F000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7AA6000 \SystemRoot\System32\Drivers\Null.SYS
0xB6A12000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xF7A07000 \SystemRoot\System32\Drivers\Beep.SYS
0xB6A0E000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF7747000 \SystemRoot\System32\drivers\vga.sys
0xF7A09000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF798F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7757000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF775F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6A06000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB00AD000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB0054000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB0026000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB0000000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB7AAE000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7567000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xAFF38000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAFF16000 \SystemRoot\System32\drivers\afd.sys
0xF7547000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAFEAD000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xAFE8B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7777000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAFE60000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAFDF0000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB876E000 \SystemRoot\System32\Drivers\Fips.SYS
0xAFD92000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAFD75000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xAFF90000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAFD35000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7997000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB00E4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF778F000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AB4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF346000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAEDA9000 \SystemRoot\system32\drivers\wdmaud.sys
0xAF196000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEB46000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79D1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAEC4F000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
0xAE9D6000 \SystemRoot\System32\DRIVERS\srv.sys
0xB02EE000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAE50D000 \SystemRoot\System32\Drivers\HTTP.sys
0xADC02000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xADAB7000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVEX15.SYS
0xADAA3000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVENG.SYS
0xB02FE000 \??\C:\DOCUME~1\CORYCR~1\LOCALS~1\Temp\mbr.sys
0xAD574000 \??\C:\DOCUME~1\CORYCR~1\LOCALS~1\Temp\fxtdqpob.sys
0xAD549000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
904 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1156 C:\WINDOWS\system32\nvsvc32.exe
1208 C:\WINDOWS\system32\svchost.exe
1316 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1472 C:\WINDOWS\system32\svchost.exe
1616 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1676 svchost.exe
1708 svchost.exe
1892 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
540 C:\WINDOWS\system32\spoolsv.exe
668 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1400 C:\WINDOWS\explorer.exe
144 svchost.exe
224 C:\Program Files\Bonjour\mDNSResponder.exe
276 C:\WINDOWS\system32\CTSVCCDA.EXE
380 C:\Program Files\Java\jre6\bin\jqs.exe
636 C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
572 C:\WINDOWS\system32\Ctxfihlp.exe
736 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
840 C:\WINDOWS\system32\rundll32.exe
1252 C:\WINDOWS\system32\svchost.exe
1468 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1560 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1040 C:\WINDOWS\system32\ctfmon.exe
2580 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
3176 alg.exe
3252 C:\WINDOWS\system32\CTxfispi.exe
3320 C:\WINDOWS\system32\taskmgr.exe
3540 C:\Program Files\Internet Explorer\iexplore.exe
4072 C:\Program Files\Internet Explorer\iexplore.exe
3372 C:\WINDOWS\system32\wuauclt.exe
1740 C:\Program Files\Internet Explorer\iexplore.exe
4084 C:\Documents and Settings\Cory Craft\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200JB-00FUA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!















RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB6E92000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 9588736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.89 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.89 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xADAB7000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0xB2426000 C:\WINDOWS\System32\drivers\CTEXFIFX.SYS 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0xB26CB000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xB25D6000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB6C5F000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6B99000 C:\WINDOWS\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xAFDF0000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAFEAD000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0xAFD92000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB6A16000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB0054000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAE9D6000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB028C000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAE50D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6A74000 C:\WINDOWS\system32\DRIVERS\teefer2.sys 221184 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0xB6B64000 C:\WINDOWS\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB269B000 C:\WINDOWS\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB6AAA000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB0026000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0xAEB46000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7411000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB256D000 C:\WINDOWS\System32\drivers\CT20XUT.SYS 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0xAD549000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAFE60000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2672000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xAFF38000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xADC02000 C:\WINDOWS\system32\drivers\WpsHelper.sys 163840 bytes (Symantec Corporation, Symantec Intrusion Detection - WpsHelper)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB0000000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB011C000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB6C3B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6D01000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6C18000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAFF16000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAFE8B000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAFD75000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB87E6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAFD35000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAD574000 C:\DOCUME~1\CORYCR~1\LOCALS~1\Temp\fxtdqpob.sys 98304 bytes
0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6AEB000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2599000 C:\WINDOWS\System32\drivers\CTHWIUT.SYS 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xAEDA9000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xADAA3000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB6CED000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6D25000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB00AD000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF743E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6ADA000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAFF90000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76D7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7647000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xAF196000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB7A9E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7567000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 49152 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xB7B0E000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB876E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB7B1E000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7667000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xB870E000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB7ADE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7657000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF74F7000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xB7AEE000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB873E000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB7AFE000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7547000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAEECE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB7AAE000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77BF000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF77C7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF775F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF772F000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF773F000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB02FE000 C:\DOCUME~1\CORYCR~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF7717000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF77B7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7777000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB02EE000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7747000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7757000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77D7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF778F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAEC4F000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xB6A12000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB87A2000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAF346000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7943000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB00E4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF793F000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB6A0E000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB87C2000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB6A06000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79AD000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7A07000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7997000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A05000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys 8192 bytes (-, PCI Latency Tool Config Space Access Driver)
0xF7A09000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79D1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF798F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79B1000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79B3000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B7000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB82E8000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AB4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AA6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 01 January 2011 - 05:01 PM

When your CPU is running at 100%, what process is using the biggest chunk of CPU? I can provide instructions to find that out if you need them.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 03 January 2011 - 05:04 PM

iexplorer - uses anywhere from 90-100% of the CPU when certain high java pages are up.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 04 January 2011 - 06:12 PM

Hello, crafty2148.

OK, let's run a few scans to start.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 05 January 2011 - 03:38 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5461

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2011 9:30:49 PM
mbam-log-2011-01-04 (21-30-49).txt

Scan type: Quick scan
Objects scanned: 153765
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







ESET did not find any threats.

#10 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 January 2011 - 04:46 PM

This is in addition to my previous reply.

I have noticed a new symptom. I was just streaming a video online and noticed my CPU was running at 100%. After about 30 seconds my whole computer froze up to a point that i couldn't move the mouse cursor or use the keyboard and there was this constant high pitch beep coming from the computer speakers.

This has actually happened in the past but i forgot about it because it hasn't happened in a while.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 06 January 2011 - 06:53 PM

OK, this doesn't appear to be malware related. We'll try a few more things, then I may have to refer you to our Windows XP forum here at BC where Advisors are better able to help with nonmalware issues. You can think of me as a doctor, but a specialist that is really good at some diseases, but not others. In my case, that's malware.

First, please uninstall Java from Add/Remove Programs. Do you still have high CPU usage? If no, please then download a fresh version of Java (I can provide a link if you need it) and try reinstalling. Sometimes that helps.

If not, please try this troubleshooter:
http://support.microsoft.com/kb/926449

and let me know what happens with each step.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 January 2011 - 08:37 PM

I uninstalled Java and it seemed like everything ran a little smoother. However, i still had high CPU usage and it still froze my computer.

I went through the steps in that article and everything went fine but i still had the same problems.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 07 January 2011 - 07:09 PM

Hello, crafty2148.
At this point, it doesn't appear to be malware. Let's try a few things.





Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\Internet Explorer\iexplore.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 2

Have you tried other browsers? We can narrow down if it is IE or something broader. You can try:

Mozilla Firefox
or
Google Chrome

Try those same surfing you did before on the same sites...does your computer freeze now?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 09 January 2011 - 12:53 PM

Status: Scan finished. 0 out of 18 scanners reported malware.


I am going to try Firefox and i will let you know if it works better.

#15 crafty2148

crafty2148
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 09 January 2011 - 09:13 PM

Ok i downloaded and installed Firefox. Everything seems to run a little smoother on Firefox. However, my computer still freezes up under the same circumstances.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users