Jump to content

Rather Nasty Rootkit


Recommended Posts

I can't seem to find C:\Program Files\pPnNkIk06510

I found C:\Users\George A\AppData\Roaming\QuickScan and deleted it; it was empty.

Here's a new DDS log but I haven't restarted yet, since I'm waiting to hear what to do about the first folder that I wasn't able to find.

DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by George A at 19:18:20.81 on Wed 02/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2873 [GMT -6:00]

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Combo-Fix\NirCmd.cfxxe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\George A\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [(Default)]

================= FIREFOX ===================

FF - ProfilePath - C:\Users\GEORGE~1\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-1-22 66728]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\250F.tmp [2011-1-31 6144]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-1-31 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

=============== Created Last 30 ================

2011-02-03 00:05:12 -------- d-s---w- C:\Combo-Fix
2011-02-03 00:01:38 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Malwarebytes
2011-02-03 00:01:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-03 00:01:34 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-03 00:01:31 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-03 00:01:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-02 20:58:08 98816 ----a-w- C:\Windows\sed.exe
2011-02-02 20:58:08 89088 ----a-w- C:\Windows\MBR.exe
2011-02-02 20:58:08 256512 ----a-w- C:\Windows\PEV.exe
2011-02-02 20:58:08 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-01 00:01:49 6144 ------w- C:\Windows\System32\250F.tmp
2011-02-01 00:00:40 6144 ------w- C:\Windows\System32\193B.tmp
2011-02-01 00:00:28 -------- d-----w- C:\Program Files (x86)\Sophos
2011-01-31 23:41:05 37600 ----a-w- C:\Windows\SysWow64\Partizan.exe
2011-01-31 23:41:05 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2011-01-31 23:41:00 2 --shatr- C:\Windows\winstart.bat
2011-01-31 23:40:55 12808 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-01-31 23:40:52 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-01-31 18:39:37 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\VS Revo Group
2011-01-31 18:39:35 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2011-01-31 18:39:34 -------- d-----w- C:\Program Files\VS Revo Group
2011-01-31 18:34:48 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-31 07:39:28 -------- d-----w- C:\PROGRA~3\pPnNkIk06510
2011-01-27 13:56:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-01-26 22:05:26 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-26 02:55:10 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-01-26 02:36:12 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Easeware
2011-01-22 07:23:42 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2011-01-22 07:23:41 -------- d-----w- C:\Program Files\Virtual Audio Cable
2011-01-22 05:27:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Acoustica
2011-01-22 05:26:54 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
2011-01-22 05:26:43 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\VST
2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 4
2011-01-22 05:25:51 -------- d-----w- C:\PROGRA~3\Acoustica
2011-01-22 05:10:38 -------- d-----w- C:\Program Files (x86)\AnalogX
2011-01-22 04:38:43 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Screaming Bee
2011-01-22 04:36:51 -------- d-----w- C:\Program Files (x86)\Screaming Bee
2011-01-12 10:50:57 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 10:50:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 10:50:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 10:50:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 10:50:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 10:50:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 10:50:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 10:50:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 10:50:57 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 10:50:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-10 14:06:32 -------- d-----w- C:\PROGRA~3\Canon IJ Network Tool
2011-01-10 14:06:29 -------- d-----w- C:\Program Files (x86)\Canon
2011-01-10 14:06:28 307200 ----a-w- C:\Windows\SysWow64\CNC6100L.dll
2011-01-10 14:06:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2011-01-10 14:06:28 106496 ----a-w- C:\Windows\SysWow64\CNC6100U.dll
2011-01-10 14:06:01 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2011-01-10 14:06:01 340992 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL
2011-01-10 14:06:01 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2011-01-10 14:06:01 -------- d-----w- C:\Windows\System32\STRING
2011-01-10 14:05:35 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL
2011-01-10 14:05:35 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL
2011-01-10 14:04:42 361472 ----a-w- C:\Windows\System32\CNMLMAG.DLL
2011-01-10 14:04:38 248320 ----a-w- C:\Windows\System32\CNMIUAG.DLL

==================== Find3M ====================

2010-12-14 23:53:08 319488 ----a-w- C:\Windows\HideWin.exe
2010-11-06 02:25:02 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

============= FINISH: 19:18:50.72 ===============

Link to post
Share on other sites

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Open Notepad. Copy and paste the following text into it:

@echo off
rd /s /q "C:\Program Files\pPnNkIk06510\"
del %0

Save it as dirlog.bat at the desktop. Make sure the Save as type: is All Files (*.*).

Double click on dirlog.bat to run it. Allow if prompted by any security software.

Post a new fresh DDS log file.

Link to post
Share on other sites

Done.

DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by George A at 15:35:31.72 on Thu 02/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2847 [GMT -6:00]

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\defrag.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\George A\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [(Default)]

================= FIREFOX ===================

FF - ProfilePath - C:\Users\GEORGE~1\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-1-22 66728]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\92E1.tmp [2011-2-2 6144]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

=============== Created Last 30 ================

2011-02-03 09:06:27 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\Adobe
2011-02-03 08:40:34 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-02-03 06:20:13 -------- d-s---w- C:\ComboFix
2011-02-03 06:16:27 20952 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys
2011-02-03 06:08:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AIM
2011-02-03 06:07:59 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AOL
2011-02-03 04:59:39 6144 ------w- C:\Windows\System32\92E1.tmp
2011-02-03 00:01:38 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Malwarebytes
2011-02-03 00:01:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-03 00:01:34 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-03 00:01:31 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-03 00:01:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-02 20:58:08 98816 ----a-w- C:\Windows\sed.exe
2011-02-02 20:58:08 89088 ----a-w- C:\Windows\MBR.exe
2011-02-02 20:58:08 256512 ----a-w- C:\Windows\PEV.exe
2011-02-02 20:58:08 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-01 00:01:49 6144 ------w- C:\Windows\System32\250F.tmp
2011-02-01 00:00:40 6144 ------w- C:\Windows\System32\193B.tmp
2011-02-01 00:00:28 -------- d-----w- C:\Program Files (x86)\Sophos
2011-01-31 23:41:05 37600 ----a-w- C:\Windows\SysWow64\Partizan.exe
2011-01-31 23:41:05 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2011-01-31 23:41:00 2 --shatr- C:\Windows\winstart.bat
2011-01-31 23:40:55 12808 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2011-01-31 23:40:52 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-01-31 18:39:37 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\VS Revo Group
2011-01-31 18:34:48 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-31 07:39:28 -------- d-----w- C:\PROGRA~3\pPnNkIk06510
2011-01-27 13:56:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-01-26 22:05:26 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-26 02:55:10 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-01-26 02:36:12 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Easeware
2011-01-22 07:23:42 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2011-01-22 07:23:41 -------- d-----w- C:\Program Files\Virtual Audio Cable
2011-01-22 05:27:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Acoustica
2011-01-22 05:26:54 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
2011-01-22 05:26:43 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\VST
2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 4
2011-01-22 05:25:51 -------- d-----w- C:\PROGRA~3\Acoustica
2011-01-22 05:10:38 -------- d-----w- C:\Program Files (x86)\AnalogX
2011-01-22 04:38:43 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Screaming Bee
2011-01-22 04:36:51 -------- d-----w- C:\Program Files (x86)\Screaming Bee
2011-01-12 10:50:57 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 10:50:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 10:50:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 10:50:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 10:50:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 10:50:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 10:50:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 10:50:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 10:50:57 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 10:50:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-10 14:06:32 -------- d-----w- C:\PROGRA~3\Canon IJ Network Tool
2011-01-10 14:06:29 -------- d-----w- C:\Program Files (x86)\Canon
2011-01-10 14:06:28 307200 ----a-w- C:\Windows\SysWow64\CNC6100L.dll
2011-01-10 14:06:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2011-01-10 14:06:28 106496 ----a-w- C:\Windows\SysWow64\CNC6100U.dll
2011-01-10 14:06:01 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2011-01-10 14:06:01 340992 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL
2011-01-10 14:06:01 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2011-01-10 14:06:01 -------- d-----w- C:\Windows\System32\STRING
2011-01-10 14:05:35 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL
2011-01-10 14:05:35 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL
2011-01-10 14:04:42 361472 ----a-w- C:\Windows\System32\CNMLMAG.DLL
2011-01-10 14:04:38 248320 ----a-w- C:\Windows\System32\CNMIUAG.DLL

==================== Find3M ====================

2010-12-14 23:53:08 319488 ----a-w- C:\Windows\HideWin.exe
2010-11-06 02:25:02 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

============= FINISH: 15:37:13.24 ===============

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

I launched the program and when it finally came to the main screen, it looked like it froze immediately. I forced it close and a box popped up saying it found infections. I found the log and moved it to my desktop. I then did the same thing again but let it keep going for an hour. The same box popped up when I forced it close. I'm going to post both of the logs.

First log:

=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2011-02-03, 15:47:45 [GEORGEA][George A]
Command line: "C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6a098_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Professional x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fb80b954 - 2958 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d8b68364 - 7827 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7793bc66 - 14834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c8baa899 - 14185 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\40664487 - 13370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5326af8a - 7482 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\8535dae0 - 11624 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3d484606 - 10523 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\992698a2 - 10122 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\8256e80a - 10453 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\33ce0798 - 10778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c42d0b9c - 9822 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\20535044 - 14045 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f31a5c0d - 7028 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6d322995 - 8674 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f9291c06 - 8626 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5d534a8a - 8231 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\adb63c56 - 10397 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\03359482 - 11234 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1b554c7a - 10356 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0ce57456 - 11383 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5b09dfb1 - 8957 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\525f9389 - 11015 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\230adde5 - 11168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\ede6fb65 - 7798 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9442f29e - 7873 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\edd1bd4a - 6904 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3bbb2c59 - 6503 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f6b1a611 - 9823 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3f81ec9d - 7572 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0551cb93 - 6996 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\54c505a5 - 16360 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\24d98384 - 29168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a792c9d9 - 34202 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1c6cb55a - 28292 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\486dfb80 - 27164 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0440b414 - 25131 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5aa93838 - 31464 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a9008722 - 18281 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e08e8a7c - 18009 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fb1909c6 - 24685 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7c6eb141 - 13651 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\eb204193 - 16025 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\25afd933 - 15644 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9595c785 - 23265 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\4a8bd842 - 23135 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\b34067b6 - 20510 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\4d57f9cd - 25475 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7c080f83 - 16298 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\322df423 - 19357 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\918382f7 - 18381 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9dbd0732 - 19562 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\982ff438 - 27102 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\cfaaeb4c - 21223 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f3471986 - 24847 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f7de7125 - 23251 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d5906117 - 14982 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5b4e0ac5 - 16778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0abb5e40 - 18725 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9efb0a8c - 18429 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\eed72ddc - 6221 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\54ce1a24 - 142240 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\dc0448d9 - 66726 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f4ba17ba - 24512 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\209f7113 - 82762 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\46e2db2f - 508543 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c04ba8c2 - 640 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7896134d - 1578 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f458da90 - 1959 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a5f533f5 - 2033 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9c884e85 - 1812 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\de6584c9 - 1738 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6bbf2e83 - 1885 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\389619b8 - 2091 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6ba8b320 - 1569 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\ff31f640 - 1834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\82680b1a - 1023 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c19854a0 - 2229 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\816735a6 - 1833 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7d351006 - 1614 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0a0f9b5a - 2297 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a974f2c1 - 2110 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e792a6bd - 2007 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e9f89882 - 2370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5af433d9 - 2241 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1d4e0e57 - 2596 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\2109657f - 2024 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\71e3d970 - 1609 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\b2ac7afe - 1471 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fe33ccc2 - 1445 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d3545557 - 1895 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\07aaae39 - 2312 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\22b3ac5e - 3006 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fea35e13 - 2146 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\2506a7e5 - 1714 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e472dbfd - 2095 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\603276ff - 2715 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9f004525 - 2545 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\73e48e34 - 2801 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f2d4a922 - 6197 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\bc308f96 - 28348 virus records
Total virus records: 1858743
[Self-checking] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6a098_xp.exe
Key file: C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20
=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2011-02-03, 15:55:19 [GEORGEA][George A]
Command line: "C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6a098_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Professional x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fb80b954 - 2958 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d8b68364 - 7827 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7793bc66 - 14834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c8baa899 - 14185 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\40664487 - 13370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5326af8a - 7482 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\8535dae0 - 11624 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3d484606 - 10523 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\992698a2 - 10122 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\8256e80a - 10453 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\33ce0798 - 10778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c42d0b9c - 9822 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\20535044 - 14045 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f31a5c0d - 7028 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6d322995 - 8674 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f9291c06 - 8626 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5d534a8a - 8231 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\adb63c56 - 10397 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\03359482 - 11234 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1b554c7a - 10356 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0ce57456 - 11383 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5b09dfb1 - 8957 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\525f9389 - 11015 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\230adde5 - 11168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\ede6fb65 - 7798 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9442f29e - 7873 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\edd1bd4a - 6904 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3bbb2c59 - 6503 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f6b1a611 - 9823 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3f81ec9d - 7572 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0551cb93 - 6996 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\54c505a5 - 16360 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\24d98384 - 29168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a792c9d9 - 34202 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1c6cb55a - 28292 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\486dfb80 - 27164 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0440b414 - 25131 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5aa93838 - 31464 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a9008722 - 18281 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e08e8a7c - 18009 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fb1909c6 - 24685 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7c6eb141 - 13651 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\eb204193 - 16025 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\25afd933 - 15644 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9595c785 - 23265 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\4a8bd842 - 23135 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\b34067b6 - 20510 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\4d57f9cd - 25475 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7c080f83 - 16298 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\322df423 - 19357 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\918382f7 - 18381 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9dbd0732 - 19562 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\982ff438 - 27102 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\cfaaeb4c - 21223 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f3471986 - 24847 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f7de7125 - 23251 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d5906117 - 14982 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5b4e0ac5 - 16778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0abb5e40 - 18725 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9efb0a8c - 18429 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\eed72ddc - 6221 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\54ce1a24 - 142240 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\dc0448d9 - 66726 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f4ba17ba - 24512 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\209f7113 - 82762 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\46e2db2f - 508543 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c04ba8c2 - 640 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7896134d - 1578 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f458da90 - 1959 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a5f533f5 - 2033 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9c884e85 - 1812 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\de6584c9 - 1738 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6bbf2e83 - 1885 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\389619b8 - 2091 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6ba8b320 - 1569 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\ff31f640 - 1834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\82680b1a - 1023 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c19854a0 - 2229 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\816735a6 - 1833 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7d351006 - 1614 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0a0f9b5a - 2297 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a974f2c1 - 2110 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e792a6bd - 2007 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e9f89882 - 2370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5af433d9 - 2241 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1d4e0e57 - 2596 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\2109657f - 2024 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\71e3d970 - 1609 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\b2ac7afe - 1471 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fe33ccc2 - 1445 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d3545557 - 1895 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\07aaae39 - 2312 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\22b3ac5e - 3006 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fea35e13 - 2146 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\2506a7e5 - 1714 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e472dbfd - 2095 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\603276ff - 2715 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9f004525 - 2545 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\73e48e34 - 2801 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f2d4a922 - 6197 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\bc308f96 - 28348 virus records
Total virus records: 1858743
[Self-checking] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6a098_xp.exe
Key file: C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20

Second log:

=============================================================================
Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2011-02-03, 16:12:17 [GEORGEA][George A]
Command line: "C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6a098_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Professional x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fb80b954 - 2958 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d8b68364 - 7827 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7793bc66 - 14834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c8baa899 - 14185 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\40664487 - 13370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5326af8a - 7482 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\8535dae0 - 11624 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3d484606 - 10523 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\992698a2 - 10122 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\8256e80a - 10453 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\33ce0798 - 10778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c42d0b9c - 9822 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\20535044 - 14045 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f31a5c0d - 7028 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6d322995 - 8674 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f9291c06 - 8626 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5d534a8a - 8231 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\adb63c56 - 10397 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\03359482 - 11234 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1b554c7a - 10356 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0ce57456 - 11383 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5b09dfb1 - 8957 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\525f9389 - 11015 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\230adde5 - 11168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\ede6fb65 - 7798 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9442f29e - 7873 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\edd1bd4a - 6904 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3bbb2c59 - 6503 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f6b1a611 - 9823 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3f81ec9d - 7572 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0551cb93 - 6996 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\54c505a5 - 16360 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\24d98384 - 29168 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a792c9d9 - 34202 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1c6cb55a - 28292 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\486dfb80 - 27164 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0440b414 - 25131 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5aa93838 - 31464 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a9008722 - 18281 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e08e8a7c - 18009 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fb1909c6 - 24685 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7c6eb141 - 13651 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\eb204193 - 16025 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\25afd933 - 15644 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9595c785 - 23265 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\4a8bd842 - 23135 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\b34067b6 - 20510 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\4d57f9cd - 25475 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7c080f83 - 16298 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\322df423 - 19357 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\918382f7 - 18381 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9dbd0732 - 19562 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\982ff438 - 27102 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\cfaaeb4c - 21223 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f3471986 - 24847 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f7de7125 - 23251 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d5906117 - 14982 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5b4e0ac5 - 16778 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0abb5e40 - 18725 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9efb0a8c - 18429 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\eed72ddc - 6221 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\54ce1a24 - 142240 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\dc0448d9 - 66726 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f4ba17ba - 24512 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\209f7113 - 82762 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\46e2db2f - 508543 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c04ba8c2 - 640 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7896134d - 1578 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f458da90 - 1959 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a5f533f5 - 2033 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9c884e85 - 1812 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\de6584c9 - 1738 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6bbf2e83 - 1885 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\389619b8 - 2091 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6ba8b320 - 1569 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\ff31f640 - 1834 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\82680b1a - 1023 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c19854a0 - 2229 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\816735a6 - 1833 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7d351006 - 1614 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0a0f9b5a - 2297 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a974f2c1 - 2110 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e792a6bd - 2007 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e9f89882 - 2370 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5af433d9 - 2241 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1d4e0e57 - 2596 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\2109657f - 2024 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\71e3d970 - 1609 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\b2ac7afe - 1471 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fe33ccc2 - 1445 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d3545557 - 1895 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\07aaae39 - 2312 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\22b3ac5e - 3006 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fea35e13 - 2146 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\2506a7e5 - 1714 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e472dbfd - 2095 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\603276ff - 2715 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9f004525 - 2545 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\73e48e34 - 2801 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f2d4a922 - 6197 virus records
[Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\bc308f96 - 28348 virus records
Total virus records: 1858743
[Self-checking] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6a098_xp.exe
Key file: C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\setup.key
License key number: 0012913379
Registered to: An unauthorized User
License key activates on: 2010-09-17
License key expires on: 2011-03-20

Link to post
Share on other sites

They still don't work. :\

I forgot to mention, though, that whenever I restart, for some reason, multiple instances of wmpnscfg.exe begin to run; I've seen as many as 9 running at once. Apparently it's a Windows Media Player Network Configuration type of program, but it seems weird that they automatically run when I restart and that so many of them run. I never noticed this in the past. My computer is very laggy while they're running, and they eventually close on their own. Could this be anything?

Link to post
Share on other sites

It doesn't happen before the main screen, it happens when I push "run scan". It tries to scan for a minute or two, then that screen pops up saying that it crashed. It still looks frozen after I push continue and the screen just ends up popping up again, but I guess I'll keep pushing continue and see what that does.

Link to post
Share on other sites

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

28ukxgp.png

That's as far as I got, and I let it run all night.

Here is what was in the .txt file:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: M51Sn
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 168):
0x02C49000 \SystemRoot\system32\ntoskrnl.exe
0x02C00000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CD8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1C000 \SystemRoot\system32\PSHED.dll
0x00D30000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EB3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F57000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F66000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\System32\drivers\partmgr.sys
0x00E48000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E51000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E5D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D8E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E72000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E7A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E8A000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EA4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01048000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01072000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0107D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01088000 \SystemRoot\system32\drivers\fltmgr.sys
0x010D4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010E8000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01146000 \SystemRoot\System32\Drivers\cng.sys
0x013ED000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01451000 \SystemRoot\system32\drivers\ndis.sys
0x01543000 \SystemRoot\system32\drivers\NETIO.SYS
0x015A3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0185E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018AA000 \SystemRoot\System32\Drivers\spldr.sys
0x018B2000 \SystemRoot\System32\drivers\rdyboost.sys
0x018EC000 \SystemRoot\System32\Drivers\mup.sys
0x018FE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01907000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01941000 \SystemRoot\system32\DRIVERS\disk.sys
0x01957000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01987000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019B1000 \SystemRoot\System32\Drivers\Null.SYS
0x019BA000 \SystemRoot\System32\Drivers\Beep.SYS
0x019C1000 \SystemRoot\System32\drivers\vga.sys
0x019CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01800000 \SystemRoot\System32\drivers\watchdog.sys
0x01810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01819000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01822000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0182B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01836000 \SystemRoot\System32\Drivers\Npfs.SYS
0x015DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01847000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C9E000 \SystemRoot\system32\drivers\afd.sys
0x02D28000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D31000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D57000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D66000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D81000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D95000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DE6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C00000 \SystemRoot\system32\hal.dll
0x02C0F000 \SystemRoot\system32\drivers\csc.sys
0x0120A000 \SystemRoot\System32\Drivers\dfsc.sys
0x01000000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01011000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FE24000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10A92000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x10A94000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10B88000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BCE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03AF5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03B4B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B5C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B80000 \SystemRoot\system32\DRIVERS\l160x64.sys
0x03C56000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x04191000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041CF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03B92000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03C1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03C2D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03C3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C49000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03C4E000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x041EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03BE9000 \SystemRoot\system32\drivers\ScreamingBAudio64.sys
0x03A00000 \SystemRoot\system32\drivers\portcls.sys
0x03A3D000 \SystemRoot\system32\drivers\drmk.sys
0x03A5F000 \SystemRoot\system32\drivers\ks.sys
0x03AA2000 \SystemRoot\system32\drivers\ksthunk.sys
0x03AA8000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x03AB7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03ACD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x10BDB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0447E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x044AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x044C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x044E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04503000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0450E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04510000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
0x04520000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04532000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0458C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x045A1000 \SystemRoot\system32\drivers\HdAudio.sys
0x07660000 \SystemRoot\system32\DRIVERS\SmSerl64.sys
0x0779A000 \SystemRoot\system32\drivers\modem.sys
0x077A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x077C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x077D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x077EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0762E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0763B000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0784F000 \SystemRoot\System32\Drivers\bthport.sys
0x07911000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x0793D000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x0794D000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0796D000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x0798B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0799E000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00060000 \SystemRoot\System32\win32k.sys
0x079B2000 \SystemRoot\System32\drivers\Dxapi.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x079CC000 \SystemRoot\system32\drivers\luafv.sys
0x07800000 \SystemRoot\system32\drivers\WudfPf.sys
0x07821000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0783E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x079EF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07653000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04400000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04413000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04428000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x10BE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0380A000 \SystemRoot\system32\drivers\HTTP.sys
0x038D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x038F0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03908000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03935000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03983000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x046E3000 \SystemRoot\system32\drivers\peauth.sys
0x04789000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04794000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x047C1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09CBB000 \SystemRoot\System32\DRIVERS\srv.sys
0x09C71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09D51000 \SystemRoot\System32\Drivers\usbvideo.sys
0x09DC4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x09DD2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x09DE0000 \SystemRoot\system32\drivers\usbaudio.sys
0x779A0000 \Windows\System32\ntdll.dll
0x48410000 \Windows\System32\smss.exe
0xFFCC0000 \Windows\System32\apisetschema.dll

Processes (total 55):
0 System Idle Process
4 System
212 C:\Windows\System32\smss.exe
332 csrss.exe
388 csrss.exe
396 C:\Windows\System32\wininit.exe
444 C:\Windows\System32\winlogon.exe
492 C:\Windows\System32\services.exe
500 C:\Windows\System32\lsass.exe
508 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\spoolsv.exe
1264 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\dwm.exe
1552 C:\Windows\SysWOW64\PnkBstrA.exe
1724 C:\Windows\System32\taskhost.exe
1792 C:\Windows\System32\svchost.exe
1820 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
1916 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
252 C:\Program Files (x86)\AIM\aim.exe
888 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2136 C:\Program Files\Ventrilo\Ventrilo.exe
2592 C:\Windows\System32\SearchIndexer.exe
2644 C:\Windows\System32\svchost.exe
3412 C:\Program Files\Windows Media Player\wmpnetwk.exe
4080 C:\Windows\SysWOW64\dllhost.exe
1672 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
8796 C:\Windows\servicing\TrustedInstaller.exe
1640 C:\Windows\System32\audiodg.exe
3728 C:\Windows\System32\VSSVC.exe
8488 C:\Windows\System32\svchost.exe
8132 C:\Windows\System32\Defrag.exe
4820 C:\Windows\System32\conhost.exe
7616 C:\Windows\System32\svchost.exe
9268 C:\Windows\System32\rundll32.exe
6120 rundll32.exe
3112 C:\Program Files (x86)\Skype\Phone\Skype.exe
1232 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
9576 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
9520 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
10780 C:\Windows\System32\taskhost.exe
11136 taskhost.exe
7528 C:\Windows\explorer.exe
2204 C:\Windows\explorer.exe
4968 C:\Users\George A\Desktop\MBRCheck.exe
10276 C:\Windows\System32\conhost.exe
9024 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: -->

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.