Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser crashes (IE8 and Firefox) - unsure if Malware or not


  • This topic is locked This topic is locked
16 replies to this topic

#1 steamenergy

steamenergy

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 21 February 2011 - 11:31 PM

Hello everyone. I have been dealing with a very annoying problem with our family computer for several months now. I am running Windows XP Home SP3 Version 2002 on a Dell Dimension 8400 Pentium 4 CPU 3.2 GHz, 3 GB ram.

Firefox crashes at times, when browsing certain websites, oftentimes when I am typing in yahoo mail. The browser either just hangs with an hourglass or crashes by disappearing.

Sometimes when yahoo mail is loading, there is a flash plugin crash notification, sometimes the browser just crashes. However the crashes occur in Firefox safe mode as well (with the plugins disabled). Also we commonly have crashes when we paste text (to MS Word or a web browser) after a copy command, but not always. I have similar problems with IE. We have Net Nanny installed but we have disabled it and the crashes happen just the same. I tried flashing (upgrading) the BIOS from the Dell support site to A09. I have scanned with Macafee Internet Security Suite as provided by Verizon, have scanned with Trend Micro free scan, as well as Norton PC Checkup. No Malware found. I have tried uninstalling and reinstalling Firefox. I have defragmented the boot disk. Other profiles on the computer exhibit similar behavior.

At times we get an incomplete boot and the computer hangs with a non-functioning desktop – I can see the desktop icons, but there's no cursor and no control – have to power down. Sometimes the computer hangs prior to the "windows is starting up" XP screen. These boot hangs are only occasional.

Other than these problems, the computer is very functional. The issues however are very frustrating as the crashes are fairly unpredictable. MW Word and Outlook express appear to be unaffected other than during the paste activity from IE or Firefox.

I have posted scans per instructions provided here for DDS. I have tried running GMER but the computer hangs each time. I have also tried running in safe mode to no avail. I can run Hijackthis and can post the log if interested.

I would greatly appreciate any help you might be able to provide. Interestingly enough, I was able to copy/ paste from MS Word into this forum box! But when I try to copy/ paste from the DDS.txt file Firefox crashes. I'm having to post from a different computer to provide the DDS.txt file.

Thank you in advance.

Steamenergy

Here is the DDS.txt file:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Nancy at 22:22:54.92 on Mon 02/21/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2220 [GMT -5:00]

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
F:\Adobe Premiere 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrospect.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Nancy\My Documents\Downloads\Defogger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Nancy\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101207161619.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {6A048BB7-E017-4326-B207-AA996C77BBCB} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DW4]
uRun: [Google Update] "c:\documents and settings\nancy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [hndxkagdeqbym] c:\documents and settings\nancy\local settings\application data\mrmagcr\knxgmne.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.5\RetroExpress.exe /h
mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [hndxkagdeqbym] c:\documents and settings\nancy\local settings\application data\mrmagcr\knxgmne.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\nancy\startm~1\programs\startup\retros~1.lnk - c:\windows\installer\{bcc57687-98a2-4c4c-b0f8-bc6b6f52d4e3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\retros~1.lnk - c:\windows\installer\{bcc57687-98a2-4c4c-b0f8-bc6b6f52d4e3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{00cd55d6-ee5a-4570-9875-8a306628c032}\Icon3E5562ED7.ico
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: dell.com\support
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nancy\applic~1\mozilla\firefox\profiles\mibxx8bc.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\documents and settings\nancy\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\nancy\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\documents and settings\nancy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\nancy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\nancy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\nancy\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLAUNCH.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-30 386840]
R1 ctwamwk;ctwamwk;c:\windows\system32\drivers\ctwamwk.sys [2004-8-12 309728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-30 84072]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\adobe premiere 9\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2009-10-28 2109440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-30 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-30 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-30 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-30 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-30 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-30 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-10-30 141792]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-2-12 120248]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-2-12 126392]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-10-30 689392]
R2 smp_lpt;smp_lpt;c:\windows\system32\drivers\smp_LPT.sys [2009-3-1 37928]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-30 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-30 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-30 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-30 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-30 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-30 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-30 84264]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-6-26 2069504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-30 271480]

=============== Created Last 30 ================

2011-02-20 13:48:15 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-02-19 03:43:21 -------- d-----w- c:\docume~1\nancy\applic~1\Malwarebytes
2011-02-19 03:43:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 03:43:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-19 03:43:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 03:43:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 06:13:44 0 ----a-w- C:\tmpA821.tmp
2011-02-13 00:36:13 388096 ----a-r- c:\docume~1\nancy\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-13 00:36:12 -------- d-----w- c:\program files\Trend Micro
2011-02-12 22:32:16 -------- d-----w- c:\docume~1\nancy\locals~1\applic~1\Deployment
2011-02-12 17:24:33 -------- d-----w- c:\program files\common files\Symantec Shared
2011-02-12 17:11:28 -------- d-----w- c:\docume~1\nancy\locals~1\applic~1\Tific
2011-02-12 17:11:28 -------- d-----w- c:\docume~1\nancy\applic~1\Tific
2011-02-12 17:11:03 -------- d-----w- c:\windows\system32\drivers\nortonpccheckup\0200080.00D
2011-02-12 17:11:03 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-02-12 17:11:02 -------- d-----w- c:\program files\Norton PC Checkup
2011-02-12 17:11:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-02-12 17:10:51 -------- d-----w- c:\program files\NortonInstaller
2011-02-12 15:24:18 -------- d-----w- c:\docume~1\nancy\locals~1\applic~1\FixItCenter
2011-02-12 15:14:47 -------- d-----w- c:\windows\MATS
2011-02-12 15:14:46 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-23 17:57:19 -------- d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 00:33:39 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2011-01-07 00:33:39 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2011-01-07 00:33:39 151552 ----a-w- c:\windows\system32\libexpat.dll
2011-01-07 00:33:39 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-19 03:52:30 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-12-19 03:52:30 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 22:23:46.78 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 February 2011 - 02:36 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 27 February 2011 - 03:14 PM

Hi Gringo, thanks for your reply.

My DDS.txt run report is above in my first post. The DDS Attach.txt from the same day is pasted below per your instructions. I had run DeFogger prior to running DDS. Below the Attach.txt pasted info is the RKUnHooker report pasted in as requested.


DDS Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/7/2005 10:14:49 PM
System Uptime: 2/21/2011 8:23:09 AM (14 hours ago)

Motherboard: Dell Inc. | | 0T7785
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 32.245 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 791.033 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA

==== System Restore Points ===================

RP1: 12/28/2010 8:59:35 AM - System Checkpoint
RP2: 12/29/2010 12:30:10 PM - Installed DirectX
RP3: 12/29/2010 1:30:04 PM - Installed DirectX
RP4: 12/30/2010 8:16:13 PM - System Checkpoint
RP5: 12/31/2010 12:16:17 AM - Installed QuickTime
RP6: 12/31/2010 12:35:19 AM - Installed Java™ 6 Update 23
RP7: 12/31/2010 12:41:23 AM - Removed J2SE Runtime Environment 5.0 Update 2
RP8: 12/31/2010 12:42:13 AM - Removed J2SE Runtime Environment 5.0 Update 4
RP9: 12/31/2010 12:43:12 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP10: 12/31/2010 12:44:18 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP11: 12/31/2010 12:45:31 AM - Removed Java 2 Runtime Environment, SE v1.4.2_06
RP12: 12/31/2010 12:46:38 AM - Removed Java™ 6 Update 3
RP13: 12/31/2010 12:47:37 AM - Removed Java™ 6 Update 5
RP14: 12/31/2010 12:48:38 AM - Removed Java™ 6 Update 7
RP15: 12/31/2010 12:49:59 AM - Removed Java™ SE Runtime Environment 6 Update 1
RP16: 12/31/2010 1:16:43 AM - Removed Adobe Reader 8.2.5
RP17: 12/31/2010 1:19:46 AM - Installed Adobe Reader X.
RP18: 1/4/2011 8:00:18 PM - Software Distribution Service 3.0
RP19: 1/5/2011 9:03:26 PM - Installed %1 %2.
RP20: 1/6/2011 8:00:20 PM - Software Distribution Service 3.0
RP21: 1/8/2011 2:58:43 PM - System Checkpoint
RP22: 1/9/2011 6:47:55 PM - System Checkpoint
RP23: 1/11/2011 6:00:55 PM - System Checkpoint
RP24: 1/12/2011 8:00:22 PM - Software Distribution Service 3.0
RP25: 1/14/2011 8:52:59 AM - System Checkpoint
RP26: 1/25/2011 8:00:21 PM - Software Distribution Service 3.0
RP27: 2/10/2011 8:00:31 PM - Software Distribution Service 3.0
RP28: 2/12/2011 7:36:12 PM - Installed HiJackThis
RP29: 2/15/2011 8:00:22 PM - Software Distribution Service 3.0
RP30: 2/18/2011 2:03:46 AM - System Checkpoint
RP31: 2/19/2011 8:19:02 AM - Restore Operation

==== Installed Programs ======================


3D Home Architect 4
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat 8 Professional
Adobe Acrobat 8.2.6 - CPSID_83708
Adobe Acrobat 8.2.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Community Help
Adobe Connect Add-in
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Illustrator 10
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 3.0
Adobe Premiere Elements 3.0 Templates
Adobe Premiere Elements 9
Adobe Premiere Elements 9 Content
Adobe Premiere Elements 9 Content 1
Adobe Premiere Elements 9 Content 2
Adobe Premiere Elements 9 Content 3
Adobe Premiere Elements 9 HD Content 1
Adobe Premiere Elements 9 HD Content 2
Adobe Premiere Elements 9 HD Content 3
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Manager Deluxe 4.1
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
America Online (Choose which version to remove)
Anime Studio Debut 6.0
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AudibleManager
Battle Master 3.0 GE
BlueSoleil
Bonjour
Broadcom Advanced Control Suite 2
Bullzip PDF Printer 7.1.0.1218
BUM
BurnPlugin for Audible
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera USB WIA Driver
Canon G.726 WMP-Decoder
Canon iP4200
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Setup Utility 2.0
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.2
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Cisco Systems VPN Client 4.7.00.0533
Compatibility Pack for the 2007 Office system
Copy Utility
Coupon Printer for Windows
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell ResourceCD
DellSupport
Design Manager
DesignPro 5.0 Media Edition
DH Driver Cleaner Professional Edition
Direct Show Ogg Vorbis Filter (remove only)
EarthLink setup files
Easy-WebPrint
Elements 9 Organizer
Elements STI Installer
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FileSee 6.6
Garfield's Typing Pal
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Get High Speed Internet!
getPlus®_dll
Google Earth
Google SketchUp 6
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript Lite 8.70
Harry Potter
Harry Potter - Quidditch World Cup
Harry Potter and the Prisoner of Azkaban™
Harry Potter II
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icy Tower v1.3.1
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer (Enable DEP)
Internet Explorer Default Page
Iomega Discovery Tool Home
Iomega Product Registration
iTunes
Japanese Fonts Support For Adobe Reader 8
Jasc Paint Shop Photo Album 5
Java Auto Updater
Java™ 6 Update 23
Juniper Networks Network Connect 5.1.0
Juniper Networks Network Connect 5.3.0
Juniper Networks Network Connect 5.5.0
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KODAK EASYSHARE Gallery Easy Upload, v2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
LAUNCH! Web Helper (remove only)
LEGO Digital Designer
LEGO Universe
Malwarebytes' Anti-Malware
MapSource - US Topo v3.02
Master Converter 2.8.3
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Office 2000 SR-1 Standard
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 6-9 Converter
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Media Player
Mozilla Firefox (3.6.13)
MS Access 97 SP2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicnotes Software Suite 1.5.1
My Way Search Assistant
MyFonts Order M1094884
Net Nanny Parental Controls 6.0
netbrdg
Netflix Movie Viewer
NetZeroInstallers
Norton PC Checkup
OfotoXMI
PDF Settings
Photo Click
PhotoAlbum Add-In
Port Detective
Portfolio Browser
PowerDVD 5.3
Qualxserve Service Agreement
QuarkXPress 5.01
Quicken 2009
QuickTime
RealPlayer
Retrospect Express HD 2.5
Rhapsody Player Engine
Risk®
RPS CRT
Safari
ScanToWeb
Scratch
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SimCity™ Societies Demo
skin0001
SKINXSDK
Skype Toolbars
Skype™ 5.0
SmartSound Quicktracks for Premiere Elements 9.0
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson Media Manager 1.2
Sound Blaster Audigy 2 ZS
staticcr
Stop Motion Pro
Stop Motion Pro v6.5 Junior/Education
tooltips
Unity Web Player (All users)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Call Assistant - Version 2.7.56
Verizon Help and Support Tool
Verizon Internet Security Suite
Verizon Servicepoint 3.5.18
Viewpoint Media Player
Virtual Earth 3D (Beta)
VoiceOver Kit
VPRINTOL
Vz In Home Agent
Warriors Screensaver
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 4.1.2
WIRELESS
Wireshark 1.4.0rc2
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Software Update
Yahoo! Toolbar
Zoo Tycoon: Complete Collection

==== Event Viewer Messages From Past Week ========

2/20/2011 8:46:34 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a116a90, parameter3 8a116c04, parameter4 805d29b4.
2/20/2011 5:10:17 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOWER-OF-POWER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F4D16AF2-05E1. The master browser is stopping or an election is being forced.
2/19/2011 9:00:30 AM, error: System Error [1003] - Error code 00008086, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
2/19/2011 12:03:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2/19/2011 12:00:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/19/2011 12:00:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m AFD agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 BTHidMgr cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde intelppm IPSec mfehidk mfetdi2k mraid35x MRxSmb NetBIOS NetBT ohci1394 perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 RasAcd Rdbss sisagp Sparrow symc8xx sym_hi sym_u3 Tcpip TosIde ultra viaagp ViaIde WS2IFSL
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/19/2011 12:00:01 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2011 5:17:55 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
2/18/2011 5:17:50 AM, error: dsNcAdpt [43] -
2/18/2011 5:17:50 AM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .
2/18/2011 5:12:49 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
2/18/2011 5:12:49 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wzcdlg.dll. Reference error message: The operation completed successfully. .
2/18/2011 3:42:25 AM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
2/18/2011 2:03:46 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'drivetable.txt' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/18/2011 11:59:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/18/2011 11:59:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/18/2011 1:50:47 AM, error: Service Control Manager [7000] - The ContentWatch service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
2/18/2011 1:50:46 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe. Reference error message: The operation completed successfully. .
2/18/2011 1:40:42 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
2/18/2011 1:30:18 AM, error: Service Control Manager [7031] - The ContentWatch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2/18/2011 1:29:45 AM, error: DCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
2/18/2011 1:28:46 AM, error: Service Control Manager [7034] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s).
2/18/2011 1:28:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'Servicepoi .. .39.48.dmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/15/2011 4:24:51 PM, error: DCOM [10001] - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding

==== End Of File ===========================



RKUnHooker report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2297856 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB80F3000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xB82A3000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1073152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xAE10B000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 905216 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xAE02B000 C:\WINDOWS\System32\drivers\ctac32k.sys 647168 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xBF2E3000 C:\WINDOWS\System32\ativvaxx.dll 610304 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB805E000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xB9D04000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1277000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 544768 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xA403C000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 479232 bytes
0xB9EA4000 iaStor.sys 479232 bytes (Intel Corporation, Intel Application Accelerator driver)
0xAC38C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6E22000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9DD0000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB8004000 C:\WINDOWS\system32\drivers\ctaud2k.sys 368640 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xAC4D2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA1BA3000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAC2A0000 C:\WINDOWS\system32\drivers\ctwamwk.sys 311296 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB7F45000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBF378000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA1CEB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF04E000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF080000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8261000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA1F77000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CD7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7FB4000 C:\WINDOWS\system32\drivers\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB9E5F000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0x9D5C3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC3FC000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAC471000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAC499000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE1E8000 C:\WINDOWS\System32\drivers\hap16v2k.sys 151552 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xA1870000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB7F90000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB7FE0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB823D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB821A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC427000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAE0E9000 C:\WINDOWS\System32\drivers\emupia2k.sys 139264 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAE0C9000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB9E3F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7F15000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 114688 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB9CBD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E8B000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xA200D000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xA1FF4000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9F19000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9F31000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6F81000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA1A24000 C:\WINDOWS\system32\drivers\PfModNT.sys 94208 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xA1171000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xA2026000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DBB000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA1EEA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7C55000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB7F31000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB828F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC52B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xAC4BF000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB9D91000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E2D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6ED0000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA4905000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB6F51000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8BE3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8BF3000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xABE12000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA218000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA128000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0F8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBA188000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9447000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA16D8000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xBA168000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA158000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB9C7D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1C8000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA1F8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA1D8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA1E8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB6F61000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xA1354000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9C8D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1B8000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xB6F11000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 40960 bytes (Juniper Networks, dsNcAdapter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB9C2D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA198000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA148000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA118000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xA1AFB000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA1A8000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xB9C5D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA2C8000 C:\WINDOWS\System32\Drivers\VcommMgr.sys 40960 bytes (IVT Corporation, Bluetooth VcommMgr driver)
0xBA178000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAB19E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8C03000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB9C6D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB6F71000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA155C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA108000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xAECC4000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA138000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xB8C13000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB6EA0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA358000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA368000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xABBCA000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\VComm.sys 32768 bytes (IVT Corporation, Bluetooth Serial Port Driver)
0xBA340000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA398000 BTHidMgr.sys 28672 bytes (IVT Corporation, Bluetooth HID Manager driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB6EB8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA388000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBA448000 C:\WINDOWS\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA390000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBA360000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xBA428000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xABD8A000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA370000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xBA378000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xB8419000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB6EC0000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA490000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB6EB0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xB8411000 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys 20480 bytes (IVT Corporation, Bluelet Audio Driver)
0xBA380000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBA488000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA350000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBA348000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xB6EA8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA4554000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBA4CC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBA4D4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xBA4BC000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xBA4C4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBA4D0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xAC459000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB6E1A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB981F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA4C5A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9BA0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA1FA8000 C:\WINDOWS\System32\Drivers\smp_lpt.SYS 16384 bytes (Ross Garner, smp_lpt NT/2000/XP Device Driver)
0xABEDB000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xAEC98000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4C8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9823000 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys 12288 bytes (IVT Corporation, Bluetooth PAN Network Adapter Driver)
0xABEEB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9BA4000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xAC469000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB6DFE000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xAC465000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB83AD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAEDD2000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB982B000 C:\WINDOWS\system32\DRIVERS\vbtenum.sys 12288 bytes
0xAEDBA000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5AC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBA5C6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B6000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBA5AE000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBA620000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xBA61A000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xBA5C4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5C8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B8000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBA5CA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA644000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA622000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA648000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA60E000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5B0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBA64A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5B2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA728000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7AD000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xBA7BC000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xBA6DF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7BD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA7B1000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA727000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x898F2789 Unknown page with executable code, 2167 bytes
0x898EFFE5 Unknown page with executable code, 27 bytes
0x898F022F Unknown page with executable code, 3537 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88379DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88171020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87F19DA8 ] , 600 bytes
0x898F14C5 Unknown thread object [ ETHREAD 0x8A27DDA8 ] TID: 1944, 600 bytes
0x898F1262 Unknown thread object [ ETHREAD 0x8A54C250 ] TID: 1956, 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883A8DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87F77DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x884B4020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8ADCDDA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8838AC90 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87CCD020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x898199C0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883AC5A0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883EADA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8875C3D8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88197BC8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883DBA18 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883642B8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8839C5E8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88473588 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8858CA28 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88383AB0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8995F8C8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883ABDA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x89642590 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8838E590 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88547BC8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883E7020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88347DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8A100A20 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8ADD2AD0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8ADE5020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x884C0DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8ADE4668 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8817BAD0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88465868 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x884CA3C0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87D05BC8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883313B0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88343BF0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88395DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87F83858 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882E6020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88347588 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x883816B8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8831F590 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x88305890 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87B21DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8831E588 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87D1D5A8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882C23C0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882C5BA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87F34750 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882C85A0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882A7DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87CF1020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882AE590 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8829F8B8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x880455D0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8826E5A0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882B7020 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87AB8DA8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87E653F0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x87D085D0 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x882692C8 ] , 600 bytes
0x898F0C94 Unknown thread object [ ETHREAD 0x8827A020 ] , 600 bytes
0x04BB0000 Hidden Image-->retrooem.dll [ EPROCESS 0x89F1FDA0 ] PID: 2220, 61440 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

What does that last line mean - anything to worry about? I think retrooem.dll is for the Retrospect Express Network Attached Hard Drive.

Normally I paste these into a Word document because of the browser crashing problems, but each time I pasted into Word, Word would crash! So I'm pasting directly into the browser reply field and it didn't crash this time!

This morning I thought I would check the hardware out to see if I had a memory problem or something. I ran the Dell Diagnostics (F12 upon startup) and the Express Test checked out ok. I also did a Custom Test on the CPU, Motherboard, and Memory and there were no problems there.

Please let me know what else you need me to do. I really do appreciate your help!

Thanks,

Steamenergy.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 27 February 2011 - 04:19 PM

What does that last line mean - anything to worry about? I think retrooem.dll is for the Retrospect Express Network Attached Hard Drive.

it does not look like something to worry about in your case



I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 27 February 2011 - 11:03 PM

Hi again Gringo,

well I ran the combofix and it looks like it cleaned out some stuff including pricegong - that's good. But I'm still having the same trouble with browser (IE and FF) crashes and Word crashes, ususally upon the paste operation. It happens other times too, still, like when I'm typing in yahoo mail. I was not able to paste the combofix log into this reply field on the troubled computer so I copied the file onto another computer to do the posting.... Here you go:



ComboFix 11-02-27.01 - Nancy 02/27/2011 21:44:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2222 [GMT -5:00]
Running from: f:\dana's documents\The Edge troubleshooting\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dana\Application Data\PriceGong
c:\documents and settings\Dana\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Dana\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Liam\Application Data\PriceGong
c:\documents and settings\Liam\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Liam\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK10932c42.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK1313702.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK16a5f9.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK27b440d.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK27c78f3.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK28239ca.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK2a195.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK2c6dfd3.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK431caa.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK44f64.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\~DFK9a4cf.tmp
c:\documents and settings\Nancy\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Nancy\Application Data\Microsoft\bass.dll
c:\documents and settings\Nancy\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Nancy\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Nancy\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Nancy\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Nancy\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Nancy\Application Data\PriceGong
c:\documents and settings\Nancy\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Nancy\Application Data\PriceGong\Data\z.xml
c:\program files\Common
c:\program files\Common\EPSON Smart Panel.lnk
c:\program files\Common\ZoomBrowser EX (2).lnk
C:\Thumbs.db
C:\tmpA821.tmp
c:\windows\system32\system
c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-22 19:51 . 2011-02-22 19:51 -------- d-----w- c:\program files\Common Files\Java
2011-02-20 13:48 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-02-19 04:59 . 2011-02-19 04:59 -------- d-sh--w- c:\documents and settings\Administrator.THE-EDGE.000\IETldCache
2011-02-19 03:43 . 2011-02-19 03:43 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes
2011-02-19 03:43 . 2011-02-19 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-19 03:43 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 03:43 . 2011-02-19 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-19 03:43 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 22:57 . 2011-02-15 23:04 -------- d-----w- c:\documents and settings\Liam\Local Settings\Application Data\Tific
2011-02-15 22:57 . 2011-02-15 22:57 -------- d-----w- c:\documents and settings\Liam\Application Data\Tific
2011-02-13 00:36 . 2011-02-13 00:36 388096 ----a-r- c:\documents and settings\Nancy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 00:36 . 2011-02-13 00:36 -------- d-----w- c:\program files\Trend Micro
2011-02-12 22:32 . 2011-02-12 22:32 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Deployment
2011-02-12 17:24 . 2011-02-27 21:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-02-12 17:11 . 2011-02-19 02:05 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Tific
2011-02-12 17:11 . 2011-02-12 17:11 -------- d-----w- c:\documents and settings\Nancy\Application Data\Tific
2011-02-12 17:11 . 2011-02-12 17:11 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-02-12 17:11 . 2011-02-12 17:11 -------- d-----w- c:\program files\Norton PC Checkup
2011-02-12 17:11 . 2011-02-12 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-02-12 17:10 . 2011-02-12 17:10 -------- d-----w- c:\program files\NortonInstaller
2011-02-12 15:24 . 2011-02-12 15:24 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\FixItCenter
2011-02-12 15:14 . 2011-02-12 15:14 -------- d-----w- c:\windows\MATS
2011-02-12 15:14 . 2011-02-12 15:14 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-12-31 05:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:19 . 2007-04-12 03:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-12 14:05 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 00:33 . 2009-10-29 00:00 975872 ----a-w- c:\windows\system32\libxml2_CW.dll
2011-01-07 00:33 . 2009-10-29 00:00 81920 ----a-w- c:\windows\system32\wxcode_msw28u_wxjson_CW.dll
2011-01-07 00:33 . 2009-10-29 00:00 1073152 ----a-w- c:\windows\system32\wxcode_msw28u_wxcurl_CW.dll
2011-01-07 00:33 . 2008-10-15 00:49 151552 ----a-w- c:\windows\system32\libexpat.dll
2010-12-31 13:10 . 2004-08-12 14:09 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-12 13:59 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2010-12-19 03:52 . 2009-10-29 00:00 720384 ----a-w- c:\windows\system32\cwalsp.dll
2010-12-19 03:52 . 2009-10-29 00:00 1884160 ----a-w- c:\windows\system32\AltaRecovery.exe
2010-12-09 15:15 . 2004-08-12 14:02 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-12 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-12 14:02 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
1996-10-31 06:00 . 1996-10-31 06:00 22288 ----a-w- c:\program files\mozilla firefox\plugins\Comcat.dll
2010-11-12 19:17 . 2010-10-30 15:42 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Nancy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-13 135664]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2006-09-11 970752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-01-21 624056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe" [2008-07-16 9499928]
"cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2011-01-07 354112]
"VX6000"="c:\windows\vVX6000.exe" [2009-06-26 759296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\Administrator.THE-EDGE.000\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\Dana\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\Liam\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\Maeve\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\Nancy\Start Menu\Programs\Startup\
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-6 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-6 110592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [2000-1-21 65588]
Retrospect Express HD 2.5.lnk - c:\windows\Installer\{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}\NewShortcut1_5D652EC38AC041E7B337162BC7B01148.exe [2009-3-16 61440]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2006-8-28 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Documents and Settings\\Nancy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nancy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 ctwamwk;ctwamwk;c:\windows\SYSTEM32\DRIVERS\ctwamwk.sys [8/12/2004 9:02 AM 309728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [10/30/2010 10:42 AM 84072]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\adobe premiere 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]
R2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [10/28/2009 7:00 PM 2109440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/30/2010 10:42 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/30/2010 10:42 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/30/2010 10:42 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/30/2010 10:42 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [10/30/2010 10:42 AM 141792]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2/12/2011 12:11 PM 120248]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [6/25/2010 12:07 PM 35088]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2/12/2011 12:11 PM 126392]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [10/30/2010 9:33 AM 689392]
R2 smp_lpt;smp_lpt;c:\windows\SYSTEM32\DRIVERS\smp_LPT.sys [3/1/2009 3:50 PM 37928]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [10/30/2010 10:42 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [10/30/2010 10:42 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [10/30/2010 10:42 AM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 9:07 PM 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [10/30/2010 10:42 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [10/30/2010 10:42 AM 84264]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\SYSTEM32\DRIVERS\VX6000Xp.sys [6/26/2009 5:21 PM 2069504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/30/2010 10:42 AM 271480]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-THE-EDGE-Nancy.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]

2011-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 02:06]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 02:06]

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292152424-3526672127-2670142567-1007Core.job
- c:\documents and settings\Nancy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-13 23:25]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292152424-3526672127-2670142567-1007UA.job
- c:\documents and settings\Nancy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-13 23:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: dell.com\support
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\Nancy\Application Data\Mozilla\Firefox\Profiles\mibxx8bc.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{6A048BB7-E017-4326-B207-AA996C77BBCB} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-DW4 - (no file)
HKCU-Run-hndxkagdeqbym - c:\documents and settings\nancy\local settings\application data\mrmagcr\knxgmne.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-hndxkagdeqbym - c:\documents and settings\nancy\local settings\application data\mrmagcr\knxgmne.exe
SafeBoot-ctwamwk
AddRemove-HijackThis - c:\program files\Hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 22:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292152424-3526672127-2670142567-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE31109B-14A8-54E4-764F-54EF34BC61B8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacjbkmildpeiahknenhkcepfelabb"=hex:63,61,68,6c,6e,6c,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1940)
c:\windows\system32\cwalsp.dll
c:\windows\system32\wxbase28u_vc_CW.dll
.
Completion time: 2011-02-27 22:11:03
ComboFix-quarantined-files.txt 2011-02-28 03:10

Pre-Run: 32,839,401,472 bytes free
Post-Run: 37,298,798,592 bytes free

- - End Of File - - A6A3703B9BA6EFA7F1ADDFFC1DAB9653

Ok, hopefully you have some more ideas up your sleve! Thanks again for your time!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 28 February 2011 - 08:33 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 28 February 2011 - 10:12 PM

Hi Gringo,

I was not able to run TDSSKiller.exe in normal mode as it would get stuck at "Initialization 80%" and many times freeze up everything, including the mouse pointer. I read that I could run it in safe mode, so I rebooted in safe mode and ran it there. It does not look like it found anything, however. Please recall that I could not run GMER as it would hang up the machine as well. I have not tried running GMER in safe mode.

Here is the TDSSKiller.exe log. Once again, I had to copy the file onto a usb flash drive and post from another computer since my browser crashes upon the paste operation.

2011/02/28 21:23:39.0968 0600 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 21:23:41.0968 0600 ================================================================================
2011/02/28 21:23:41.0968 0600 SystemInfo:
2011/02/28 21:23:41.0968 0600
2011/02/28 21:23:41.0968 0600 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/28 21:23:41.0968 0600 Product type: Workstation
2011/02/28 21:23:41.0968 0600 ComputerName: THE-EDGE
2011/02/28 21:23:41.0968 0600 UserName: Nancy
2011/02/28 21:23:41.0968 0600 Windows directory: C:\WINDOWS
2011/02/28 21:23:41.0968 0600 System windows directory: C:\WINDOWS
2011/02/28 21:23:41.0968 0600 Processor architecture: Intel x86
2011/02/28 21:23:41.0968 0600 Number of processors: 2
2011/02/28 21:23:41.0968 0600 Page size: 0x1000
2011/02/28 21:23:41.0968 0600 Boot type: Safe boot with network
2011/02/28 21:23:41.0968 0600 ================================================================================
2011/02/28 21:23:43.0015 0600 Initialize success
2011/02/28 21:24:21.0937 1164 ================================================================================
2011/02/28 21:24:21.0937 1164 Scan started
2011/02/28 21:24:21.0937 1164 Mode: Manual;
2011/02/28 21:24:21.0937 1164 ================================================================================
2011/02/28 21:24:24.0140 1164 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/28 21:24:24.0203 1164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/28 21:24:24.0250 1164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/28 21:24:24.0312 1164 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/28 21:24:24.0359 1164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/28 21:24:24.0437 1164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/28 21:24:24.0468 1164 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/28 21:24:24.0500 1164 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/28 21:24:24.0562 1164 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/28 21:24:24.0625 1164 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/28 21:24:24.0687 1164 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/28 21:24:24.0734 1164 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/28 21:24:24.0781 1164 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/28 21:24:24.0812 1164 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/28 21:24:24.0859 1164 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/28 21:24:24.0953 1164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/28 21:24:24.0984 1164 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/28 21:24:25.0031 1164 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/28 21:24:25.0062 1164 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/28 21:24:25.0171 1164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/28 21:24:25.0203 1164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/28 21:24:25.0375 1164 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/28 21:24:25.0484 1164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/28 21:24:25.0562 1164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/28 21:24:25.0609 1164 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/28 21:24:25.0656 1164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/28 21:24:25.0718 1164 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/02/28 21:24:25.0812 1164 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/02/28 21:24:25.0875 1164 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/02/28 21:24:25.0906 1164 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2011/02/28 21:24:25.0968 1164 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/02/28 21:24:26.0015 1164 BTNetFilter (6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32\drivers\BTNetFilter.sys
2011/02/28 21:24:26.0234 1164 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/28 21:24:26.0265 1164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/28 21:24:26.0359 1164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/28 21:24:26.0390 1164 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/28 21:24:26.0437 1164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/28 21:24:26.0468 1164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/28 21:24:26.0562 1164 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/28 21:24:26.0593 1164 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/28 21:24:26.0640 1164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/28 21:24:26.0718 1164 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/28 21:24:26.0843 1164 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/28 21:24:26.0921 1164 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/28 21:24:27.0031 1164 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/02/28 21:24:27.0109 1164 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/02/28 21:24:27.0171 1164 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/02/28 21:24:27.0218 1164 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/02/28 21:24:27.0250 1164 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/02/28 21:24:27.0328 1164 ctwamwk (badd7f4fed34471f5f82e4df2e149d17) C:\WINDOWS\system32\drivers\ctwamwk.sys
2011/02/28 21:24:27.0390 1164 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/02/28 21:24:27.0484 1164 CVPNDRVA (4a2a552c4d1dec844a165b90ce4ac7aa) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/02/28 21:24:27.0578 1164 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/28 21:24:27.0625 1164 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/28 21:24:27.0734 1164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/28 21:24:27.0812 1164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/28 21:24:27.0875 1164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/28 21:24:27.0921 1164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/28 21:24:27.0968 1164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/28 21:24:28.0046 1164 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/02/28 21:24:28.0125 1164 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/28 21:24:28.0187 1164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/28 21:24:28.0250 1164 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/28 21:24:28.0296 1164 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/28 21:24:28.0359 1164 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/02/28 21:24:28.0500 1164 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/28 21:24:28.0578 1164 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/28 21:24:28.0640 1164 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/28 21:24:28.0718 1164 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/02/28 21:24:28.0812 1164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/28 21:24:28.0875 1164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/28 21:24:28.0906 1164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/28 21:24:28.0953 1164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/28 21:24:29.0031 1164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/28 21:24:29.0093 1164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/28 21:24:29.0125 1164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/28 21:24:29.0171 1164 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/28 21:24:29.0250 1164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/28 21:24:29.0312 1164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/28 21:24:29.0359 1164 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/28 21:24:29.0484 1164 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/02/28 21:24:29.0562 1164 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/02/28 21:24:29.0656 1164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/28 21:24:29.0734 1164 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/28 21:24:29.0796 1164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/28 21:24:29.0859 1164 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/28 21:24:29.0890 1164 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/28 21:24:29.0921 1164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/28 21:24:30.0000 1164 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/28 21:24:30.0062 1164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/28 21:24:30.0156 1164 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/28 21:24:30.0265 1164 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/02/28 21:24:30.0359 1164 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/02/28 21:24:30.0406 1164 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/02/28 21:24:30.0453 1164 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/28 21:24:30.0500 1164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/28 21:24:30.0546 1164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/28 21:24:30.0625 1164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/28 21:24:30.0656 1164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/28 21:24:30.0718 1164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/28 21:24:30.0765 1164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/28 21:24:30.0812 1164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/28 21:24:30.0875 1164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/28 21:24:30.0921 1164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/28 21:24:30.0953 1164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/28 21:24:31.0000 1164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/28 21:24:31.0062 1164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/28 21:24:31.0390 1164 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/28 21:24:31.0468 1164 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/28 21:24:31.0500 1164 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/28 21:24:31.0546 1164 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/28 21:24:31.0640 1164 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/28 21:24:31.0703 1164 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/28 21:24:31.0734 1164 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/28 21:24:31.0796 1164 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/28 21:24:31.0859 1164 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/28 21:24:31.0921 1164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/28 21:24:32.0000 1164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/28 21:24:32.0062 1164 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/28 21:24:32.0093 1164 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/02/28 21:24:32.0125 1164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/28 21:24:32.0203 1164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/28 21:24:32.0234 1164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/28 21:24:32.0281 1164 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/28 21:24:32.0406 1164 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/28 21:24:32.0484 1164 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/02/28 21:24:32.0531 1164 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/02/28 21:24:32.0578 1164 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/28 21:24:32.0781 1164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/28 21:24:32.0890 1164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/28 21:24:32.0953 1164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/28 21:24:33.0062 1164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/28 21:24:33.0093 1164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/28 21:24:33.0140 1164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/28 21:24:33.0187 1164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/28 21:24:33.0250 1164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/28 21:24:33.0296 1164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/28 21:24:33.0343 1164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/28 21:24:33.0406 1164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/28 21:24:33.0468 1164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/28 21:24:33.0515 1164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/28 21:24:33.0546 1164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/28 21:24:33.0578 1164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/28 21:24:33.0656 1164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/28 21:24:33.0703 1164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/28 21:24:33.0750 1164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/28 21:24:33.0843 1164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/28 21:24:33.0937 1164 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/02/28 21:24:33.0984 1164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/28 21:24:34.0015 1164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/28 21:24:34.0109 1164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/28 21:24:34.0218 1164 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/28 21:24:34.0343 1164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/28 21:24:34.0375 1164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/28 21:24:34.0437 1164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/28 21:24:34.0500 1164 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/28 21:24:34.0578 1164 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/02/28 21:24:34.0625 1164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/28 21:24:34.0656 1164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/28 21:24:34.0718 1164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/28 21:24:34.0796 1164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/28 21:24:34.0875 1164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/28 21:24:34.0937 1164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/28 21:24:35.0125 1164 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/28 21:24:35.0156 1164 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/28 21:24:35.0265 1164 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/02/28 21:24:35.0359 1164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/28 21:24:35.0390 1164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/28 21:24:35.0437 1164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/28 21:24:35.0484 1164 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/28 21:24:35.0531 1164 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/28 21:24:35.0578 1164 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/28 21:24:35.0609 1164 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/28 21:24:35.0656 1164 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/28 21:24:35.0703 1164 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/28 21:24:35.0750 1164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/28 21:24:35.0828 1164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/28 21:24:35.0859 1164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/28 21:24:35.0906 1164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/28 21:24:35.0968 1164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/28 21:24:36.0000 1164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/28 21:24:36.0062 1164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/28 21:24:36.0125 1164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/28 21:24:36.0187 1164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/28 21:24:36.0281 1164 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/28 21:24:36.0484 1164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/28 21:24:36.0562 1164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/28 21:24:36.0609 1164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/28 21:24:36.0687 1164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/28 21:24:36.0812 1164 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/28 21:24:36.0859 1164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/28 21:24:36.0921 1164 smp_lpt (2c85702f2d545c6a1c15103c5218ea46) C:\WINDOWS\system32\drivers\smp_lpt.sys
2011/02/28 21:24:37.0000 1164 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/28 21:24:37.0046 1164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/28 21:24:37.0078 1164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/28 21:24:37.0156 1164 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/28 21:24:37.0203 1164 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/28 21:24:37.0250 1164 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/28 21:24:37.0312 1164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/28 21:24:37.0359 1164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/28 21:24:37.0437 1164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/28 21:24:37.0515 1164 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/28 21:24:37.0578 1164 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/28 21:24:37.0609 1164 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/28 21:24:37.0640 1164 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/28 21:24:37.0703 1164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/28 21:24:37.0796 1164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/28 21:24:37.0859 1164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/28 21:24:37.0906 1164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/28 21:24:37.0953 1164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/28 21:24:38.0031 1164 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/28 21:24:38.0062 1164 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/28 21:24:38.0093 1164 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/28 21:24:38.0156 1164 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/28 21:24:38.0203 1164 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/28 21:24:38.0234 1164 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/28 21:24:38.0265 1164 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/28 21:24:38.0312 1164 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/28 21:24:38.0359 1164 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/28 21:24:38.0437 1164 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/28 21:24:38.0515 1164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/28 21:24:38.0546 1164 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/28 21:24:38.0640 1164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/28 21:24:38.0734 1164 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/28 21:24:38.0781 1164 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/28 21:24:38.0828 1164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/28 21:24:38.0859 1164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/28 21:24:38.0906 1164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/28 21:24:38.0937 1164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/28 21:24:38.0984 1164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/28 21:24:39.0046 1164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/28 21:24:39.0078 1164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/28 21:24:39.0125 1164 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/28 21:24:39.0187 1164 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/02/28 21:24:39.0250 1164 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/02/28 21:24:39.0328 1164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/28 21:24:39.0390 1164 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/28 21:24:39.0406 1164 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/28 21:24:39.0453 1164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/28 21:24:39.0515 1164 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/02/28 21:24:39.0812 1164 VX6000 (ca8e534392bc862b4f882718a4493c4b) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/02/28 21:24:39.0953 1164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/28 21:24:40.0031 1164 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/28 21:24:40.0109 1164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/28 21:24:40.0328 1164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/28 21:24:40.0375 1164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/28 21:24:40.0421 1164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/28 21:24:40.0500 1164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/28 21:24:40.0546 1164 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/02/28 21:24:40.0734 1164 ================================================================================
2011/02/28 21:24:40.0734 1164 Scan finished
2011/02/28 21:24:40.0734 1164 ================================================================================
2011/02/28 21:25:14.0437 1268 ================================================================================
2011/02/28 21:25:14.0437 1268 Scan started
2011/02/28 21:25:14.0437 1268 Mode: Manual;
2011/02/28 21:25:14.0437 1268 ================================================================================
2011/02/28 21:25:14.0750 1268 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/28 21:25:14.0812 1268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/28 21:25:14.0859 1268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/28 21:25:14.0906 1268 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/28 21:25:14.0968 1268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/28 21:25:15.0031 1268 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/28 21:25:15.0062 1268 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/28 21:25:15.0093 1268 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/28 21:25:15.0156 1268 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/28 21:25:15.0187 1268 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/28 21:25:15.0218 1268 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/28 21:25:15.0281 1268 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/28 21:25:15.0343 1268 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/28 21:25:15.0359 1268 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/28 21:25:15.0421 1268 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/28 21:25:15.0515 1268 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/28 21:25:15.0531 1268 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/28 21:25:15.0578 1268 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/28 21:25:15.0609 1268 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/28 21:25:15.0703 1268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/28 21:25:15.0734 1268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/28 21:25:15.0890 1268 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/28 21:25:15.0953 1268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/28 21:25:16.0031 1268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/28 21:25:16.0062 1268 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/28 21:25:16.0109 1268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/28 21:25:16.0171 1268 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/02/28 21:25:16.0250 1268 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/02/28 21:25:16.0281 1268 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/02/28 21:25:16.0312 1268 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2011/02/28 21:25:16.0375 1268 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/02/28 21:25:16.0421 1268 BTNetFilter (6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32\drivers\BTNetFilter.sys
2011/02/28 21:25:16.0671 1268 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/28 21:25:16.0703 1268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/28 21:25:16.0781 1268 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/28 21:25:16.0812 1268 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/28 21:25:16.0859 1268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/28 21:25:16.0890 1268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/28 21:25:16.0968 1268 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/02/28 21:25:16.0984 1268 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/02/28 21:25:17.0031 1268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/28 21:25:17.0093 1268 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/28 21:25:17.0203 1268 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/28 21:25:17.0281 1268 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/28 21:25:17.0390 1268 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/02/28 21:25:17.0453 1268 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/02/28 21:25:17.0515 1268 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/02/28 21:25:17.0546 1268 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/02/28 21:25:17.0578 1268 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/02/28 21:25:17.0640 1268 ctwamwk (badd7f4fed34471f5f82e4df2e149d17) C:\WINDOWS\system32\drivers\ctwamwk.sys
2011/02/28 21:25:17.0703 1268 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/02/28 21:25:17.0781 1268 CVPNDRVA (4a2a552c4d1dec844a165b90ce4ac7aa) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/02/28 21:25:17.0859 1268 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/28 21:25:17.0906 1268 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/28 21:25:17.0984 1268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/28 21:25:18.0062 1268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/28 21:25:18.0109 1268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/28 21:25:18.0140 1268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/28 21:25:18.0203 1268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/28 21:25:18.0281 1268 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/02/28 21:25:18.0359 1268 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/28 21:25:18.0390 1268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/28 21:25:18.0453 1268 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/28 21:25:18.0500 1268 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/28 21:25:18.0562 1268 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/02/28 21:25:18.0703 1268 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/28 21:25:18.0750 1268 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/28 21:25:18.0796 1268 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/28 21:25:18.0875 1268 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/02/28 21:25:18.0968 1268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/28 21:25:19.0031 1268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/28 21:25:19.0062 1268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/28 21:25:19.0109 1268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/28 21:25:19.0187 1268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/28 21:25:19.0250 1268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/28 21:25:19.0281 1268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/28 21:25:19.0343 1268 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/28 21:25:19.0390 1268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/28 21:25:19.0453 1268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/28 21:25:19.0500 1268 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/28 21:25:19.0609 1268 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/02/28 21:25:19.0656 1268 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/02/28 21:25:19.0734 1268 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/28 21:25:19.0812 1268 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/28 21:25:19.0890 1268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/28 21:25:19.0937 1268 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/28 21:25:19.0968 1268 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/28 21:25:20.0015 1268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/28 21:25:20.0093 1268 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/28 21:25:20.0171 1268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/28 21:25:20.0265 1268 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/28 21:25:20.0375 1268 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/02/28 21:25:20.0453 1268 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/02/28 21:25:20.0484 1268 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/02/28 21:25:20.0515 1268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/28 21:25:20.0593 1268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/28 21:25:20.0625 1268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/28 21:25:20.0671 1268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/28 21:25:20.0734 1268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/28 21:25:20.0781 1268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/28 21:25:20.0828 1268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/28 21:25:20.0875 1268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/28 21:25:20.0921 1268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/28 21:25:20.0968 1268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/28 21:25:21.0000 1268 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/28 21:25:21.0046 1268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/28 21:25:21.0109 1268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/28 21:25:21.0421 1268 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/28 21:25:21.0468 1268 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/28 21:25:21.0515 1268 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/28 21:25:21.0562 1268 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/28 21:25:21.0609 1268 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/28 21:25:21.0671 1268 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/28 21:25:21.0703 1268 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/28 21:25:21.0750 1268 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/28 21:25:21.0796 1268 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/28 21:25:21.0875 1268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/28 21:25:21.0968 1268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/28 21:25:22.0015 1268 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/28 21:25:22.0062 1268 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/02/28 21:25:22.0125 1268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/28 21:25:22.0187 1268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/28 21:25:22.0250 1268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/28 21:25:22.0296 1268 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/28 21:25:22.0421 1268 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/28 21:25:22.0484 1268 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/02/28 21:25:22.0531 1268 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/02/28 21:25:22.0562 1268 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/28 21:25:22.0750 1268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/28 21:25:22.0843 1268 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/28 21:25:22.0906 1268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/28 21:25:22.0968 1268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/28 21:25:23.0000 1268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/28 21:25:23.0046 1268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/28 21:25:23.0093 1268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/28 21:25:23.0140 1268 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/28 21:25:23.0187 1268 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/28 21:25:23.0234 1268 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/28 21:25:23.0296 1268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/28 21:25:23.0343 1268 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/28 21:25:23.0390 1268 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/28 21:25:23.0421 1268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/28 21:25:23.0453 1268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/28 21:25:23.0515 1268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/28 21:25:23.0562 1268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/28 21:25:23.0609 1268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/28 21:25:23.0703 1268 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/28 21:25:23.0796 1268 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/02/28 21:25:23.0828 1268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/28 21:25:23.0875 1268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/28 21:25:23.0953 1268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/28 21:25:24.0062 1268 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/28 21:25:24.0125 1268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/28 21:25:24.0156 1268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/28 21:25:24.0218 1268 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/28 21:25:24.0281 1268 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/28 21:25:24.0359 1268 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/02/28 21:25:24.0406 1268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/28 21:25:24.0437 1268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/28 21:25:24.0500 1268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/28 21:25:24.0531 1268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/28 21:25:24.0609 1268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/28 21:25:24.0656 1268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/28 21:25:24.0843 1268 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/28 21:25:24.0890 1268 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/28 21:25:24.0984 1268 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/02/28 21:25:25.0062 1268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/28 21:25:25.0109 1268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/28 21:25:25.0140 1268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/28 21:25:25.0218 1268 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/28 21:25:25.0265 1268 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/28 21:25:25.0296 1268 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/28 21:25:25.0343 1268 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/28 21:25:25.0375 1268 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/28 21:25:25.0406 1268 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/28 21:25:25.0468 1268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/28 21:25:25.0546 1268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/28 21:25:25.0578 1268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/28 21:25:25.0609 1268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/28 21:25:25.0656 1268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/28 21:25:25.0703 1268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/28 21:25:25.0765 1268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/28 21:25:25.0812 1268 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/28 21:25:25.0875 1268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/28 21:25:25.0953 1268 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/28 21:25:26.0125 1268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/28 21:25:26.0171 1268 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/28 21:25:26.0234 1268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/28 21:25:26.0328 1268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/28 21:25:26.0453 1268 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/28 21:25:26.0500 1268 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/28 21:25:26.0562 1268 smp_lpt (2c85702f2d545c6a1c15103c5218ea46) C:\WINDOWS\system32\drivers\smp_lpt.sys
2011/02/28 21:25:26.0625 1268 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/28 21:25:26.0687 1268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/28 21:25:26.0734 1268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/28 21:25:26.0796 1268 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/28 21:25:26.0843 1268 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/28 21:25:26.0890 1268 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/28 21:25:26.0953 1268 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/28 21:25:27.0000 1268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/28 21:25:27.0031 1268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/28 21:25:27.0109 1268 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/28 21:25:27.0171 1268 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/28 21:25:27.0218 1268 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/28 21:25:27.0250 1268 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/28 21:25:27.0312 1268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/28 21:25:27.0421 1268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/28 21:25:27.0468 1268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/28 21:25:27.0500 1268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/28 21:25:27.0546 1268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/28 21:25:27.0625 1268 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/28 21:25:27.0656 1268 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/28 21:25:27.0703 1268 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/28 21:25:27.0750 1268 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/28 21:25:27.0781 1268 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/28 21:25:27.0812 1268 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/28 21:25:27.0859 1268 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/28 21:25:27.0890 1268 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/28 21:25:27.0953 1268 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/28 21:25:28.0031 1268 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/28 21:25:28.0093 1268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/28 21:25:28.0125 1268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/28 21:25:28.0218 1268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/28 21:25:28.0296 1268 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/28 21:25:28.0328 1268 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/28 21:25:28.0375 1268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/28 21:25:28.0437 1268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/28 21:25:28.0484 1268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/28 21:25:28.0546 1268 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/28 21:25:28.0593 1268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/28 21:25:28.0656 1268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/28 21:25:28.0703 1268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/28 21:25:28.0765 1268 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/28 21:25:28.0812 1268 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/02/28 21:25:28.0859 1268 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/02/28 21:25:28.0890 1268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/28 21:25:28.0937 1268 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/28 21:25:28.0968 1268 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/28 21:25:29.0015 1268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/28 21:25:29.0093 1268 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/02/28 21:25:29.0218 1268 VX6000 (ca8e534392bc862b4f882718a4493c4b) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/02/28 21:25:29.0312 1268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/28 21:25:29.0375 1268 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/28 21:25:29.0453 1268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/28 21:25:29.0640 1268 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/28 21:25:29.0718 1268 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/28 21:25:29.0765 1268 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/28 21:25:29.0843 1268 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/28 21:25:29.0890 1268 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/02/28 21:25:30.0109 1268 ================================================================================
2011/02/28 21:25:30.0109 1268 Scan finished
2011/02/28 21:25:30.0109 1268 ================================================================================

What's next do you think?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 01 March 2011 - 12:48 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

McAfee Security Scan Plus
My Way Search Assistant
Viewpoint Media Player


and click on remove

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 01 March 2011 - 09:51 PM

Hello there. Everything went fine, except I couldn't find "My Way Search Assistant" in the add/remove programs. I noticed it in the log that I posted, but don't know where to find it to remove it. It didn't appear in the brower add-ins either.

However.... no difference in performance - browser is still crashing. Also I should note that pasting into anything seems to crash that application (most of the time) - outlook, word, excel, even txt editor, as well as post box fields in any browser. It seems that larger paste files are worse. Anyway here are the logs from the runs you requested (brought over to another computer to allow me to paste!). Thanks again.


MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5925

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/1/2011 9:13:42 PM
mbam-log-2011-03-01 (21-13-42).txt

Scan type: Quick scan
Objects scanned: 210769
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:13 PM, on 3/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
F:\Adobe Premiere 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101207161619.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe /h
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nancy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Retrospect Express HD 2.5.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Retrospect Express HD 2.5.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: Retrospect Express HD 2.5.lnk = ? (User 'Default user')
O4 - Startup: Retrospect Express HD 2.5.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: Retrospect Express HD 2.5.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone: http://support.dell.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cldinc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cldinc.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - F:\Adobe Premiere 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17732 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 02 March 2011 - 08:01 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nancy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
      O4 - S-1-5-18 Startup: Retrospect Express HD 2.5.lnk = ? (User 'SYSTEM')
      O4 - .DEFAULT Startup: Retrospect Express HD 2.5.lnk = ? (User 'Default user')
      O4 - .DEFAULT User Startup: Retrospect Express HD 2.5.lnk = ? (User 'Default user')
      O4 - Startup: Retrospect Express HD 2.5.lnk = ?
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
      O4 - Global Startup: Retrospect Express HD 2.5.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • copy and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 03 March 2011 - 08:43 AM

Good morning Mr. Gringo,

Thanks for the hijackthis advice; I reviewed the startup list and removed many of the items you recommended. I’m using some of them so left those.
After that I ran the ESET Online Scanner. IE is a bit clunkier and crashes more than Firefox so it took me longer to run the scan – I ran it overnight. It did find a few items. The 2 items on F: containing nailfix can be deleted right off if that’s ok – it’s an old copy of a backup that I no longer use – should I just delete them? I recall I had nailfix a few years back, but had cleaned it long ago. The other one on the C: I don’t recognize.

Here is the ESET log:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0021627.dll probably a variant of Win32/Genetik trojan
F:\Dana's Documents\Backups - old TOP hard drive image\Dana\spyware\NoIdea Nailfix\nailfix.exe Win32/PrcView application
F:\My Documents fake copy\Backups - old TOP hard drive image\Dana\spyware\NoIdea Nailfix\nailfix.exe Win32/PrcView application

Ok, what do you think next?

Please recall I never ran GMER as it kept crashing. Can or shoud I run it in safe mode, or maybe we're beyond that already.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 03 March 2011 - 06:23 PM

Hello


Please recall I never ran GMER as it kept crashing. Can or shoud I run it in safe mode, or maybe we're beyond that already.
we are past that now and it is only a scanner but the areas it checks don't like to be messed with so on some systems it will crash even on clean computers

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

+


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo

Edited by gringo_pr, 03 March 2011 - 06:24 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 03 March 2011 - 08:11 PM

thank you Gringo, but I am still having the copy/ paste crash problem that I had when we started. The crash occurs in most any application that I paste into: word, excel, notepad, and browser fields such as this one. However, it does not appear I have any malware.

Also while typing into yahoo mail message field, after a few lines, yahoo mail locks up and any other Firefox Browsers turn completely white. The message I get in the status field (bottom left corner of browser above Windows Start button is transferring data from presence.msg.yahoo.com. I also get browser crashes at times that I can replicate.

Also your steps in your last message to remove the backups is missing. All I see is a "+" sign. Could you please provide?

What can I do now? Go back to a previous restore point? Wipe the HD and reinstall Windows XP? If you have any other ideas or have someone else that can troubleshoot this I'd rather do that, I suppose. I have replaced a crashed HD before so I am familiar with a Windows reinstall.

I store my data (photos, music, etc) on another internal HD (F: - 1TB) rather than my C: which is used for my OS, so maybe an XP reinstall is not so bad.

Any other thoughts? Thanks again for all your help.

steamenergy, unfortunately still frustrated.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 04 March 2011 - 09:16 PM

Hello


I would most probably go over to the Win XP Forum and asked about the Copy and paste problem - the things I have been finding does not apply to this case



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 steamenergy

steamenergy
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:11:56 PM

Posted 04 March 2011 - 11:54 PM

Thanks Gringo. I appreciate your help and the fact that you've shown my computer is clean of malware. At least I can be sure of that!

I've proceeded to post to the XP forum and we'll see what happens.

Thanks again! Adios, amigo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users