Jump to content

utahbites

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry - I must be misunderstanding something because both of the PC Matic and Optimize scans on that website that i ran both had me download .exe files first in order to run, and the results seem to only appear in splash screens local to my PC (?). I don't see any online URL/links associated with a results page (except to purchase their software). Here is a copy/paste of the "optimize" scan results tho: "There are 4 unwanted programs that are currently starting whenever your system boots. By removing these programs, you will get better performance, lower memory usage, and less clutter in your system tray. We did not find any unwanted programs that start when your system boots. PC Pitstop regularly updates its list of unwanted programs; by using Optimize regularly you can avoid these problems. We identified 31 settings for Windows, Internet Explorer, and/or Firefox that can be tweaked to improve Internet performance. Your settings for Windows, Internet Explorer, and/or Firefox appear to be tuned for best Internet performance. Using Optimize regularly will help to keep them that way. You skipped Internet optimization; to optimize your Internet connection go back to the first page and select your connection type. We tentatively identified 1 settings that can be tweaked to improve Internet performance. Your drive has 6694 junk files totalling 1021 megabytes. Optimize can clean the Recycle Bin, temporary files, and Internet caches that can clog the drive and cause excessive fragmentation. There were no junk files found on your system. By using Optimize on a regular basis, you can clean the Recycle Bin, temporary files, and Internet caches that can clog the drive and cause excessive fragmentation. There are 742 incorrect or unneeded registry entries from failed program installations, obsolete Windows cached " These scans took hours to install/complete on this PC. The "PC pitstop Matic" scan results in a splash-screen dashboard-style result that i could not copy/paste effectively herein. Any additional instruction/guidance is appreciated. Apologies/thanks again.
  2. Symantec AV still wouldn't load, so i uninstalled/reinstalled and still won't load. I uninstalled it and loaded AVG free instead - seems to have freed up som system resources, but my PC is still VERY painfully slow since i was affected w/whatever malware/virus it was... although it appears so far that the redirecting problem has only happened once in about 50 or so tries since running ESET...so much better there. I am going to try and install some additional RAM and see if it helps before I try installing WIndows SP3, which it seems never properly installed. Oddly, my soundcard won't work since before these Symmantec issues; have tried troubleshooting, rebooting, etc. still to no avail (perhaps Combofix related?). Anyway, it appears that the redirecting issue may be remedied - so thanks! (do you know what the name of it is?) I would like to contribute something via PayPal, thank you again for your help.
  3. ...and the results of the security check: Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 2 Runtime Environment, SE v1.4.2 Adobe Flash Player 10.1.53.64 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! Mozilla Firefox (3.6.12) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe ``````````End of Log```````````` Next, I will restart the PC and let it try and load my Symmantec Antivirus again (it has not loaded properly for at least a week). Also I will check to see if my browser is still redirecting to other unwanted websites and report back tomorrow. Thanks again!
  4. Here are the results of the ESET online scan...thanks. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=3ac6d91f0985014abb0c68e264dbc3f5 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-01 09:55:53 # local_time=2011-03-01 02:55:53 (-0700, Mountain Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=152539 # found=2 # cleaned=2 # scan_time=24850 C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9tbwsn79.default\Cache\8EA46955d01 JS/Agent.NCU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\My Backup -- 06-09-07 1945\Program Files\Adobe\Premiere 6.5\Plug-ins\fl-boost.prm probably a variant of Win32/Inject.FSYLWEE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C DLL:pipe not connected. attempts=120
  5. ...and here is the Combofix log file: (Thanks again!) ComboFix 11-02-25.01 - Owner 02/26/2011 0:49.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.128 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 ))))))))))))))))))))))))))))))) . 2011-02-26 07:04 . 2011-02-26 07:04 -------- d-----w- c:\windows\system32\LogFiles 2011-02-18 06:14 . 2011-02-18 06:14 1409 ----a-w- c:\windows\QTFont.for 2011-02-12 20:24 . 2011-02-12 20:24 9347072 ----a-w- c:\documents and settings\Owner\ntuser.tmp 2011-02-09 10:11 . 2011-02-09 10:11 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-02-09 10:03 . 2011-02-09 10:16 -------- d-----w- c:\windows\ie8updates 2011-02-09 08:01 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-02-09 08:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-02-09 08:01 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 09:36 . 2010-08-03 03:59 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys 2011-02-09 07:43 . 2004-08-26 10:56 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS 2010-12-24 01:49 . 2010-12-24 01:49 9953832 ----a-w- C:\SUPERAntiSpyware.exe 2010-12-21 01:09 . 2010-08-03 04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 01:08 . 2010-08-03 04:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "SoundMan"="SOUNDMAN.EXE" [2004-11-16 77824] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-10 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] run_startmenu.cmd [2004-10-11 45] VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2007-9-8 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 12:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] 2005-05-23 16:57 90112 ------w- c:\program files\Common Files\Ulead Systems\Autodetector\Monitor.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/1/2007 7:34 PM 642560] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 7:37 PM 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/2/2010 9:42 PM 38224] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/26/2004 9:12 AM 14336] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 2:18 PM 169192] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [11/1/2007 7:48 PM 223128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb73bb30939cd0.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 02:37] 2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 02:37] 2007-09-07 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-09-07 00:26] 2011-02-26 c:\windows\Tasks\User_Feed_Synchronization-{7B2C85CF-6B05-4E00-A1A9-100921A2D66D}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vq13gnne.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/pacman/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft Choice Guard: ChoiceGuard@Microsoft - %profile%\extensions\ChoiceGuard@Microsoft FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - Notify-!SASWinLogon - (no file) SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-26 01:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1500) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . Completion time: 2011-02-26 01:29:15 ComboFix-quarantined-files.txt 2011-02-26 08:29 ComboFix2.txt 2011-02-08 02:34 Pre-Run: 27,711,164,416 bytes free Post-Run: 27,790,680,064 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 3D900E9246FCB82CDF35B8F8B4AC459C Thanks again very much!
  6. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x000003fc Kernel Drivers (total 171): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806CE000 \WINDOWS\system32\hal.dll 0xF7ABC000 \WINDOWS\system32\KDCOM.DLL 0xF79CC000 \WINDOWS\system32\BOOTVID.dll 0xF73EB000 sptd.sys 0xF7ABE000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF73D3000 \WINDOWS\System32\Drivers\SPTD0893.SYS 0xF73A5000 ACPI.sys 0xF7394000 pci.sys 0xF75BC000 isapnp.sys 0xF7B84000 pciide.sys 0xF783C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7AC0000 aliide.sys 0xF7AC2000 cmdide.sys 0xF7AC4000 toside.sys 0xF7AC6000 viaide.sys 0xF7AC8000 intelide.sys 0xF75CC000 MountMgr.sys 0xF7375000 ftdisk.sys 0xF7844000 PartMgr.sys 0xF75DC000 VolSnap.sys 0xF79D0000 cpqarray.sys 0xF735D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF7345000 atapi.sys 0xF79D4000 aha154x.sys 0xF784C000 sparrow.sys 0xF79D8000 symc810.sys 0xF75EC000 aic78xx.sys 0xF79DC000 dac960nt.sys 0xF75FC000 ql10wnt.sys 0xF79E0000 amsint.sys 0xF7854000 asc.sys 0xF79E4000 asc3550.sys 0xF785C000 mraid35x.sys 0xF7864000 i2omp.sys 0xF79E8000 ini910u.sys 0xF760C000 ql1240.sys 0xF761C000 aic78u2.sys 0xF786C000 symc8xx.sys 0xF7874000 sym_hi.sys 0xF787C000 sym_u3.sys 0xF7884000 ABP480N5.SYS 0xF788C000 asc3350p.sys 0xF7ACA000 cd20xrnt.sys 0xF762C000 ultra.sys 0xF732C000 adpu160m.sys 0xF7894000 dpti2o.sys 0xF763C000 ql1080.sys 0xF764C000 ql1280.sys 0xF765C000 ql12160.sys 0xF789C000 perc2.sys 0xF7ACC000 perc2hib.sys 0xF78A4000 hpn.sys 0xF79EC000 cbidf2k.sys 0xF7300000 dac2w2k.sys 0xF766C000 disk.sys 0xF767C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF72E0000 fltMgr.sys 0xF72CE000 sr.sys 0xF78AC000 PxHelp20.sys 0xF72B7000 KSecDD.sys 0xF722A000 Ntfs.sys 0xF71FD000 NDIS.sys 0xF768C000 sisagp.sys 0xF769C000 viaagp.sys 0xF76AC000 ohci1394.sys 0xF76BC000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF71E2000 Mup.sys 0xF76CC000 agp440.sys 0xF76DC000 alim1541.sys 0xF76EC000 amdagp.sys 0xF76FC000 agpCPQ.sys 0xF772C000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF778C000 \SystemRoot\system32\DRIVERS\processr.sys 0xF6FCC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF6FB8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF794C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF6F95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF797C000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF77AC000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF77BC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF77CC000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF6F72000 \SystemRoot\system32\DRIVERS\ks.sys 0xF78E4000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF6F3C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF6E3D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF6D95000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7934000 \SystemRoot\System32\Drivers\Modem.SYS 0xF6B64000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF6B40000 \SystemRoot\system32\drivers\portcls.sys 0xF77DC000 \SystemRoot\system32\drivers\drmk.sys 0xF7984000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF77EC000 \SystemRoot\system32\DRIVERS\serial.sys 0xF70BE000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF6B2C000 \SystemRoot\system32\DRIVERS\parport.sys 0xF77FC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF79C4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF78F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF6A71000 \SystemRoot\system32\DRIVERS\dne2000.sys 0xF7BB5000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF780C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF70AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6A5A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF781C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF782C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF799C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF69F9000 \SystemRoot\system32\DRIVERS\psched.sys 0xF71D2000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF78EC000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7904000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF71C2000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7ADA000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF69C5000 \SystemRoot\system32\DRIVERS\update.sys 0xF7AB4000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF71B2000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7182000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7AE0000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7AE4000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF78FC000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys 0xEE87B000 \??\C:\Program Files\Symantec\SYMEVENT.SYS 0xF795C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF7152000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys 0xF7B36000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C1F000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B3A000 \SystemRoot\System32\Drivers\Beep.SYS 0xF79B4000 \SystemRoot\System32\drivers\vga.sys 0xF7B3E000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B42000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF790C000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF791C000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF70C6000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xEE820000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xEE7C8000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEE788000 \SystemRoot\System32\Drivers\SYMTDI.SYS 0xEE767000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF779C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xEE73F000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF6B1C000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xEE71D000 \SystemRoot\System32\drivers\afd.sys 0xF6B0C000 \SystemRoot\system32\DRIVERS\netbios.sys 0xEE6F2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xEE683000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF6AEC000 \SystemRoot\System32\Drivers\Fips.SYS 0xEE625000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xEE5DA000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xEE5C2000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7B4E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xEE615000 \SystemRoot\System32\drivers\Dxapi.sys 0xF6A32000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7C43000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF04C000 \SystemRoot\System32\ati2cqag.dll 0xBF089000 \SystemRoot\System32\ati3duag.dll 0xBF2BD000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB03BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB00DA000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7B2C000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xB000F000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 0xB00D2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAFC5F000 \SystemRoot\system32\DRIVERS\srv.sys 0xAF1DD000 \SystemRoot\system32\drivers\wdmaud.sys 0xAF7FB000 \SystemRoot\system32\drivers\sysaudio.sys 0xAF252000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAF171000 \SystemRoot\System32\Drivers\HTTP.sys 0xAF476000 \SystemRoot\System32\Drivers\SYMREDRV.SYS 0xAEAC6000 \SystemRoot\system32\drivers\kmixer.sys 0xF79A4000 \SystemRoot\system32\DRIVERS\RTL8139.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 46): 0 System Idle Process 4 System 780 C:\WINDOWS\system32\smss.exe 864 csrss.exe 900 C:\WINDOWS\system32\winlogon.exe 956 C:\WINDOWS\system32\services.exe 968 C:\WINDOWS\system32\lsass.exe 1124 C:\WINDOWS\system32\ati2evxx.exe 1152 C:\WINDOWS\system32\svchost.exe 1276 svchost.exe 1372 C:\WINDOWS\system32\svchost.exe 1444 svchost.exe 1588 svchost.exe 248 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 312 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 448 C:\WINDOWS\system32\spoolsv.exe 564 svchost.exe 596 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 648 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 672 C:\Program Files\Symantec AntiVirus\DefWatch.exe 868 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 1320 C:\WINDOWS\system32\svchost.exe 1488 wdfmgr.exe 1528 alg.exe 2668 C:\WINDOWS\system32\wscntfy.exe 2888 C:\WINDOWS\system32\ati2evxx.exe 692 C:\WINDOWS\explorer.exe 3216 C:\WINDOWS\system32\wuauclt.exe 3520 C:\WINDOWS\zHotkey.exe 3528 C:\Program Files\Digital Media Reader\shwiconEM.exe 2936 C:\Program Files\Common Files\Symantec Shared\ccApp.exe 3564 C:\PROGRA~1\SYMANT~1\VPTray.exe 3460 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe 3748 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2696 C:\WINDOWS\system32\ctfmon.exe 3488 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe 2332 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe 2400 C:\WINDOWS\system32\searchindexer.exe 820 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2984 C:\Program Files\Internet Explorer\iexplore.exe 3288 C:\WINDOWS\system32\wuauclt.exe 292 C:\Program Files\Internet Explorer\iexplore.exe 3964 C:\Program Files\Windows Live\Toolbar\wltuser.exe 2664 C:\WINDOWS\system32\searchprotocolhost.exe 1840 searchfilterhost.exe 1356 C:\Documents and Settings\Owner\Desktop\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f03ad400 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: WDCWD1600BB-22GUA0, Rev: 08.02D08 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Gateway MBR code detected SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD Done!
  7. Hello - attached is the RootRepeal report as requested. Thank you again RootRepeal report 02-22-11 (22-05-13).txt
  8. I also tried renaming the gmer.exe file in case whatever infection it is recognized that name...and again, it would not run more than a minute before freezing up the PC. Seems the status/display line is always scanning a file in the "C:\windows\system32\drivers" directory when it freezes up though. Thanks again
  9. I have attempted to run the GMER app 6 times over the past 3 nights, to no avail. The app freezes the machine every time - 2x it crashed the computer. The process does not appear to freeze scanning a same file everytime. I did not choose the "show all" checkbox during the scans. After the first 4 failures, I uninstalled the Prevx and Superantispyware programs as I suspected they might be interfering, but it doesn't seem so. My symmantec application and other (Spybot) similar programs were disabled during all scans. I'm not sure what to do/try...Would you like me to try running the MBRCheck app? Thanks again
  10. My apologies for not being able to reply/post the results - but the PC has not been able to successfully run GMER.exe. It has frozen 2x and also crashed the PC during the scan, after which tonight was has been the 1st successful reboot. I am trying yet again to run the apps you requested and will post as soon as (hopefully) i can be successful. Thanks again very much for your help/patience.
  11. Two more developments since you last posted: 1) I felt it best to go ahead and removed the 8 malicious items listed in my last post via MBAM as the computer is more bogged down than ever (as I can't boot in SafeMode), and it takes over an hour just to start the PC, get a webbrowser working and actually have time to respond to a post. 2) I have lost the ability to boot the PC in SafeMode. There are only 3 boot options now: some sort of microsoft recovery?, something that says "do not use" (combofix or TDSSkiller added it?) and Win XP Normal boot. Thanks...look forward to hearing back.
  12. Okay, well I rebooted in Normal mode and ran yet another Mbam scan...and this time, found 8 malicious items: (I will wait to hear from you before I take actions and shut down the PC in the meantime) ------ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5727 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/9/2011 11:17:02 PM mbam-log-2011-02-09 (23-16-34).txt Scan type: Quick scan Objects scanned: 153238 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\temp\DWH34D.tmp (Trojan.FakeAlert) -> No action taken. c:\WINDOWS\temp\DWH7361.tmp (Trojan.Agent) -> No action taken. c:\WINDOWS\temp\DWHB53D.tmp (Trojan.Agent) -> No action taken. c:\WINDOWS\temp\DWHC2BA.tmp (Trojan.Vundo.Gen) -> No action taken. c:\WINDOWS\temp\DWHC82D.tmp (Trojan.Agent) -> No action taken. c:\WINDOWS\temp\DWHCB55.tmp (Trojan.Agent) -> No action taken. c:\WINDOWS\temp\DWHE2F4.tmp (Trojan.Agent) -> No action taken. c:\WINDOWS\temp\DWHF5B1.tmp (Trojan.Agent) -> No action taken.
  13. Hello and thanks again. The results of the virustotal.com scan were: File name: AGP440.SYS Submission date: 2011-02-10 04:04:03 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) (there were no virustotal community users who rated this file.) I do not have a Windows CD that I'm aware of that came w/my Emachine - What I thought were my Emachine system/reinstallation discs, upon opening the package for the first time ever tonight, turns out they are actually just blank CD-R's for which i was intended to create a system restoration set. i obviously did not...sigh. The "D:" partiction is supposed to be a backup partition, though i've never tried accessing it. Incidentally, i booted the PC in Normal mode today for the first time and Prevx AV ran an autoscan upon boot and did not report finding malicious items. I then ran another Malwarebytes quick scan tonight which also detected no malicious items. Strangely, when i try to enable my Norton AV (ver 9.0), I get the following error: "Symantec antivirus Auto-protect failed to load." The malware is also still redirecting my browsers. FWIW, the first sign of malware I noticed was about 6 months ago. Prevx, MBAM and other program scans removed some infected .dll files called "wirepots.dll" "syspol32.dll" and others. Not sure if this helps. Thanks again very much for all of your help.
  14. Here is the TDSSKiller log you requested. The browser redirect is still occurring, though I am about to attempt a reboot of this machine at the TDSSkiller prompt....thanks again 2011/02/09 00:36:08.0890 1612 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/09 00:36:09.0265 1612 ================================================================================ 2011/02/09 00:36:09.0265 1612 SystemInfo: 2011/02/09 00:36:09.0265 1612 2011/02/09 00:36:09.0265 1612 OS Version: 5.1.2600 ServicePack: 2.0 2011/02/09 00:36:09.0265 1612 Product type: Workstation 2011/02/09 00:36:09.0265 1612 ComputerName: EMACHINE 2011/02/09 00:36:09.0265 1612 UserName: Owner 2011/02/09 00:36:09.0265 1612 Windows directory: C:\WINDOWS 2011/02/09 00:36:09.0265 1612 System windows directory: C:\WINDOWS 2011/02/09 00:36:09.0265 1612 Processor architecture: Intel x86 2011/02/09 00:36:09.0265 1612 Number of processors: 1 2011/02/09 00:36:09.0265 1612 Page size: 0x1000 2011/02/09 00:36:09.0265 1612 Boot type: Safe boot with network 2011/02/09 00:36:09.0265 1612 ================================================================================ 2011/02/09 00:36:09.0828 1612 Initialize success 2011/02/09 00:36:14.0375 1008 ================================================================================ 2011/02/09 00:36:14.0375 1008 Scan started 2011/02/09 00:36:14.0375 1008 Mode: Manual; 2011/02/09 00:36:14.0375 1008 ================================================================================ 2011/02/09 00:36:16.0359 1008 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/09 00:36:16.0437 1008 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/09 00:36:16.0640 1008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/09 00:36:16.0703 1008 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/09 00:36:16.0781 1008 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/02/09 00:36:17.0015 1008 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/02/09 00:36:17.0250 1008 agp440 (6e56cff4fb2bdba31a332841d15c008c) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/09 00:36:17.0265 1008 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 6e56cff4fb2bdba31a332841d15c008c, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb 2011/02/09 00:36:17.0281 1008 agp440 - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/02/09 00:36:17.0500 1008 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/09 00:36:17.0531 1008 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/09 00:36:17.0562 1008 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/09 00:36:17.0609 1008 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/09 00:36:17.0750 1008 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/02/09 00:36:18.0062 1008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/09 00:36:18.0109 1008 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/09 00:36:18.0140 1008 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/09 00:36:18.0171 1008 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/09 00:36:18.0234 1008 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/09 00:36:18.0296 1008 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/09 00:36:18.0328 1008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/09 00:36:18.0359 1008 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/09 00:36:18.0406 1008 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/02/09 00:36:18.0500 1008 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/09 00:36:18.0562 1008 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/09 00:36:18.0718 1008 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/09 00:36:18.0953 1008 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/09 00:36:19.0093 1008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/09 00:36:19.0156 1008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/09 00:36:19.0218 1008 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/09 00:36:19.0250 1008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/09 00:36:19.0312 1008 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/09 00:36:19.0390 1008 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/09 00:36:19.0421 1008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/09 00:36:19.0468 1008 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/09 00:36:19.0625 1008 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/09 00:36:19.0890 1008 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/09 00:36:20.0109 1008 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/09 00:36:20.0203 1008 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys 2011/02/09 00:36:20.0281 1008 CVPNDRVA (9aa4fda3bfc69e8332276a0a62af86d2) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 2011/02/09 00:36:20.0500 1008 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/09 00:36:20.0718 1008 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/09 00:36:20.0781 1008 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/09 00:36:20.0906 1008 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/09 00:36:21.0140 1008 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/09 00:36:21.0328 1008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/09 00:36:21.0390 1008 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/09 00:36:21.0453 1008 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys 2011/02/09 00:36:21.0671 1008 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/09 00:36:21.0734 1008 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/09 00:36:21.0890 1008 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/02/09 00:36:22.0156 1008 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/09 00:36:22.0375 1008 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/09 00:36:22.0437 1008 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/09 00:36:22.0468 1008 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/09 00:36:22.0546 1008 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/09 00:36:22.0765 1008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/09 00:36:22.0812 1008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/09 00:36:22.0875 1008 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/02/09 00:36:23.0015 1008 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/09 00:36:23.0218 1008 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2011/02/09 00:36:23.0296 1008 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/09 00:36:23.0546 1008 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/09 00:36:23.0609 1008 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/09 00:36:23.0687 1008 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/09 00:36:23.0734 1008 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/09 00:36:23.0796 1008 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/02/09 00:36:24.0031 1008 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/02/09 00:36:24.0265 1008 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/09 00:36:24.0500 1008 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/09 00:36:24.0703 1008 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/09 00:36:24.0750 1008 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/09 00:36:24.0796 1008 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/09 00:36:24.0843 1008 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/09 00:36:24.0875 1008 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/09 00:36:24.0937 1008 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/09 00:36:25.0156 1008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/09 00:36:25.0203 1008 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/09 00:36:25.0265 1008 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/09 00:36:25.0484 1008 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/09 00:36:25.0531 1008 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/09 00:36:25.0593 1008 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/09 00:36:25.0640 1008 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/09 00:36:25.0703 1008 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/09 00:36:25.0921 1008 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/09 00:36:26.0203 1008 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/09 00:36:26.0265 1008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/09 00:36:26.0500 1008 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/09 00:36:26.0531 1008 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/09 00:36:26.0578 1008 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/09 00:36:26.0625 1008 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/09 00:36:26.0703 1008 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/09 00:36:26.0937 1008 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/09 00:36:27.0171 1008 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/09 00:36:27.0421 1008 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/09 00:36:27.0625 1008 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/09 00:36:27.0671 1008 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/09 00:36:27.0734 1008 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/09 00:36:27.0812 1008 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/09 00:36:27.0875 1008 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/09 00:36:28.0078 1008 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys 2011/02/09 00:36:28.0140 1008 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/09 00:36:28.0328 1008 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110119.003\naveng.sys 2011/02/09 00:36:28.0406 1008 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110119.003\navex15.sys 2011/02/09 00:36:28.0656 1008 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/09 00:36:28.0859 1008 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/09 00:36:28.0921 1008 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/09 00:36:28.0953 1008 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/09 00:36:29.0171 1008 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/09 00:36:29.0203 1008 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/09 00:36:29.0218 1008 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/09 00:36:29.0265 1008 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/09 00:36:29.0531 1008 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/09 00:36:29.0734 1008 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/09 00:36:29.0812 1008 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/09 00:36:30.0062 1008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/09 00:36:30.0171 1008 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/09 00:36:30.0437 1008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/09 00:36:30.0484 1008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/09 00:36:30.0546 1008 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/09 00:36:30.0750 1008 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/02/09 00:36:30.0781 1008 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/09 00:36:31.0015 1008 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/09 00:36:31.0203 1008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/09 00:36:31.0250 1008 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/09 00:36:31.0328 1008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/09 00:36:31.0390 1008 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/09 00:36:31.0734 1008 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/09 00:36:31.0937 1008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/09 00:36:32.0031 1008 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/09 00:36:32.0078 1008 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/02/09 00:36:32.0125 1008 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/09 00:36:32.0156 1008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/09 00:36:32.0234 1008 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/09 00:36:32.0296 1008 pxkbf (02ef37613a26dde544a190fea2e5349f) C:\WINDOWS\system32\drivers\pxkbf.sys 2011/02/09 00:36:32.0359 1008 pxrts (3c666cd6cfa88f2495167bbcc5c01ccd) C:\WINDOWS\system32\drivers\pxrts.sys 2011/02/09 00:36:32.0406 1008 pxscan (307463334ece09e07136f8f6c9b9819e) C:\WINDOWS\system32\drivers\pxscan.sys 2011/02/09 00:36:32.0468 1008 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/09 00:36:32.0500 1008 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/09 00:36:32.0531 1008 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/09 00:36:32.0562 1008 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/09 00:36:32.0593 1008 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/09 00:36:32.0640 1008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/09 00:36:32.0687 1008 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/09 00:36:32.0734 1008 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/09 00:36:32.0781 1008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/09 00:36:32.0843 1008 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/09 00:36:33.0062 1008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/09 00:36:33.0125 1008 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/09 00:36:33.0328 1008 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/09 00:36:33.0390 1008 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/09 00:36:33.0500 1008 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/02/09 00:36:33.0625 1008 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/02/09 00:36:33.0687 1008 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/02/09 00:36:33.0781 1008 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys 2011/02/09 00:36:33.0828 1008 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2011/02/09 00:36:34.0046 1008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/09 00:36:34.0125 1008 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/09 00:36:34.0156 1008 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/09 00:36:34.0203 1008 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/09 00:36:34.0328 1008 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/09 00:36:34.0390 1008 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/09 00:36:34.0468 1008 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/09 00:36:34.0531 1008 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/09 00:36:34.0625 1008 sptd (d2f8c44f77504bd2a469638e6426d86e) C:\WINDOWS\system32\Drivers\sptd.sys 2011/02/09 00:36:34.0625 1008 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d2f8c44f77504bd2a469638e6426d86e 2011/02/09 00:36:34.0640 1008 sptd - detected Locked file (1) 2011/02/09 00:36:34.0843 1008 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/09 00:36:34.0937 1008 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/09 00:36:35.0156 1008 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/09 00:36:35.0218 1008 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys 2011/02/09 00:36:35.0296 1008 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/09 00:36:35.0359 1008 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/09 00:36:35.0437 1008 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/09 00:36:35.0468 1008 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/09 00:36:35.0609 1008 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS 2011/02/09 00:36:35.0828 1008 SYMREDRV (145eaae477f5b56f2621956150a143b0) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/02/09 00:36:35.0906 1008 SYMTDI (926efafc087d356bba50bdf6e640bc13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/02/09 00:36:36.0125 1008 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/09 00:36:36.0156 1008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/09 00:36:36.0218 1008 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/09 00:36:36.0328 1008 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/09 00:36:36.0531 1008 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/09 00:36:36.0593 1008 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/09 00:36:36.0640 1008 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/09 00:36:36.0703 1008 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/09 00:36:36.0765 1008 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/09 00:36:36.0828 1008 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/09 00:36:36.0875 1008 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/09 00:36:37.0109 1008 USBAAPL (7c9f1503245402b01c79bdfa8731cb2a) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/02/09 00:36:37.0187 1008 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/09 00:36:37.0390 1008 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/09 00:36:37.0437 1008 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/09 00:36:37.0500 1008 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/09 00:36:37.0562 1008 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/09 00:36:37.0640 1008 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/09 00:36:37.0703 1008 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/09 00:36:37.0765 1008 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/09 00:36:37.0828 1008 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/09 00:36:37.0890 1008 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/02/09 00:36:37.0953 1008 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys 2011/02/09 00:36:38.0171 1008 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/02/09 00:36:38.0375 1008 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/09 00:36:38.0421 1008 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/09 00:36:38.0468 1008 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/09 00:36:38.0562 1008 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys 2011/02/09 00:36:38.0781 1008 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/09 00:36:38.0937 1008 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/09 00:36:39.0031 1008 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/09 00:36:39.0343 1008 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/09 00:36:39.0437 1008 ================================================================================ 2011/02/09 00:36:39.0437 1008 Scan finished 2011/02/09 00:36:39.0437 1008 ================================================================================ 2011/02/09 00:36:39.0468 1868 Detected object count: 2 2011/02/09 00:37:34.0093 1868 agp440 (6e56cff4fb2bdba31a332841d15c008c) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/09 00:37:34.0093 1868 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 6e56cff4fb2bdba31a332841d15c008c, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb
  15. Thanks again. Here is the new Mbam quick scan log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5718 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702 2/9/2011 12:33:53 AM mbam-log-2011-02-09 (00-33-53).txt Scan type: Quick scan Objects scanned: 151643 Time elapsed: 3 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.