Solved Google search redirects

Status
Not open for further replies.
I

idunnowho

Posts: 31   +0
I'm another victim of the redirects as well as the generic32 host closing. (don't remember the exact message)
I typically use Firefox but I'm pretty sure that It occurs on IE as well?
I'm on a Dell XPS 630 with WIndows XP SP3 that I share with my little brother. Since it's a Dell, if all else fails, I can do a factory state restore, but I have neither the patience nor time to reinstall all my programs, plus my flash drives and external hard drive I would save files on don't show up in My Computer and aren't detected. (side-effect of the virus?) Note that I can't copy files to or view the drives, but they do show up in "Safely Remove Hardware", oddly.
I've completed the 8 (now 6) virus removal steps. That means, TFC, MBAM, GMER, and DDS all used.
Note that I already had MalwareBytes installed, so if it is necessary to reinstall I can.
I also have done the full scan there, if that's needed I can post that log.

Another note: I tried scanning with my McAfee I have from AT&T internet and the scan completelly stalls at either 1% or 37%. If necessary, I can run that scan in safe mode, as well as any of the other scans.

Thank you for any help I receive. :grinthumb

Here goes the logs:

MBAM first (quick scan):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4996

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/30/2010 1:33:22 PM
mbam-log-2010-10-30 (13-33-22).txt

Scan type: Quick scan
Objects scanned: 149728
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Now GMER (split into two posts):

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 16:04:18
Windows 5.1.2600 Service Pack 3
Running: 4rkxpr06.exe; Driver: C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\axtdqpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB090078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0900821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0900738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB090074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0900835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB0900861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB09008CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB09008B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB09007CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB09008FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB090080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0900710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0900724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB090079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB0900937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB09008A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB090088D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB090084B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0900923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB090090F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0900776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0900762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB0900877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB09007F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB09008E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB09007E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB09007B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B09007B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7EC5380, 0x344E37, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008A0067
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A0056
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008A0F7C
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A0F8D
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A0F9E
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008A009A
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008A0089
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A0F26
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A0F37
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A0F0B
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A002F
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A0FE5
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008A0078
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008A0FD4
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A00B5
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920080
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00920065
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920054
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0FB7
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0038
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FD2
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0027
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0FE3
.text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 008C0FB9
.text C:\WINDOWS\system32\services.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB0FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0F61
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F7C
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0F8D
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB0FA8
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB0040
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0F33
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB007B
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB0F07
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB0F22
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EB0EF6
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EB0FB9
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB000A
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EB0F50
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EB0025
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EB00A0
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01190FDB
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01190087
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0119002C
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01190011
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0119006C
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01190000
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01190FCA
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [39, 89]
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01190047
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FA8
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0033
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FC3
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0022
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FDE
.text C:\WINDOWS\system32\lsass.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00ED0025
.text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00ED0036
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F7E
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80FA3
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8007D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F8006C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F41
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F52
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F01
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F8009A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800B5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F6D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FDB
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F26
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0047
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0FAF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0036
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FDB
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0058
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0F89
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0FA4
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FC6
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FE3
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FB5
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FA0038
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0071
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA004C
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00AE
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0093
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00DA
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00C9
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00F5
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0082
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F41
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0F94
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0FAF
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FC1
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD001D
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0042
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0095000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03030FE5
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03030F70
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03030F8B
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03030065
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0303004A
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03030025
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03030F3F
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03030091
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 030300BD
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 030300AC
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03030F09
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03030FA8
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03030FCA
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03030080
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03030FB9
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03030000
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03030F2E
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 030C0047
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 030C00A2
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 030C0036
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 030C001B
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 030C0FDB
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 030C0000
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 030C007D
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 030C006C
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E0000A
.text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D1000A
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 030B002C
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 030B0FA1
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 030B001B
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 030B0000
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 030B0FC6
.text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 030B0FE3
.text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 03060FD4
.text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 03060FE5
 
.text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 03060FB7
.text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0306000A
.text C:\WINDOWS\System32\svchost.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03050FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0055
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0044
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0033
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0022
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0011
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F0D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0F2A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F007A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F0EE1
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0ED0
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0F8A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F45
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FAF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FCA
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0EFC
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900F83
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900F94
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008F005D
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 008F0042
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008F001D
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008F0FD2
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008F0FE3
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 008E0FAF
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F008E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F007D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F006C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0FC0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F68
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F00BA
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F00F7
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F00DC
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0F4D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0047
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F009F
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F002C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F00CB
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FC3
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90040
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D9002F
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90F8D
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FA8
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80058
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80047
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80022
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FCD
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80011
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0F72
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0067
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0F8D
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F004A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0025
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F00B0
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0093
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F0F3C
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F00CB
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0F21
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0FA8
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0082
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0F4D
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF009F
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0084
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0073
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0042
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FB7
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
.text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00BD0031
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012C0FEF
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012C0085
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012C0060
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012C0F86
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012C0039
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012C0014
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012C00BD
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012C0F75
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012C0104
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012C00F3
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012C0F50
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012C0F97
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012C0FDE
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012C00A0
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012C0FA8
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012C0FC3
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012C00D8
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01300FD1
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01300F94
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01300022
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01300011
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01300FAF
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01300000
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01300047
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01300FC0
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012F0F92
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!system 77C293C7 5 Bytes JMP 012F0FAD
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012F001D
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012F0000
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012F0FBE
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012F0FE3
.text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 012E0FCA
.text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 012E0FEF
.text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 012E0000
.text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 012E0011
.text C:\WINDOWS\System32\svchost.exe[1712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012D0FEF
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E3000A
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E4000A
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E2000C
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F55
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F66
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0040
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F8D
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0025
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0089
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0078
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F26
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00BF
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00DA
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE005B
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00AE
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01B80FD4
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01B80062
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01B80FE5
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01B8001B
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01B80051
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01B80000
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01B80040
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01B80FB9
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B70FCA
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B7005F
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B70FEF
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B70000
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B7004E
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B70029
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01480014
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01480FEF
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01480031
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01480FD4
.text C:\WINDOWS\Explorer.EXE[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F80
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00075
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00058
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00090
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F48
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000CD
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000BC
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F19
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F65
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000A1
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FA6
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FB7
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0031
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 006F0031
.text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 006F004C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts1Port3Path1Target1Lun0 8AB32292
Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts1 8AB32292
Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts2 8AB32292

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Device\Scsi\nvgts1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDT725032VLA&Rev_V54O#4&3b9922aa&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
Now the first DDS log:


DDS (Ver_10-10-21.02) - NTFSx86
Run by Big Daddy at 16:04:59.37 on Sat 10/30/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2529 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Big Daddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\big daddy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bigdad~1\applic~1\mozilla\firefox\profiles\nqdmrd2l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=23-05-2010
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=62747&cuid=&userid=43676491&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\big daddy\application data\mozilla\firefox\profiles\nqdmrd2l.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\big daddy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\big daddy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\big daddy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 214664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-5-22 66048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-22 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-22 144704]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-22 35272]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\bigdad~1\locals~1\temp\gop78.tmp --> c:\docume~1\bigdad~1\locals~1\temp\GOP78.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-22 40552]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-5-22 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-5-22 13532]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-22 11520]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-22 606736]

=============== Created Last 30 ================

2010-10-27 04:45:47 -------- d-----w- c:\docume~1\bigdad~1\applic~1\Autodesk
2010-10-27 04:36:00 -------- d-----w- C:\Autodesk
2010-10-27 01:38:26 -------- d-----w- c:\program files\common files\Akamai
2010-10-24 22:30:13 -------- d-----w- c:\program files\Nitto 1320 Legends
2010-10-24 19:48:55 4992 ----a-w- c:\windows\system32\drivers\loop.sys
2010-10-24 19:48:55 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
2010-10-23 04:54:57 -------- d-----w- c:\windows\system32\Adobe
2010-10-22 02:48:17 -------- d-----w- c:\program files\GameKiller.net
2010-10-22 02:09:24 -------- d-----w- C:\Nexon
2010-10-21 05:11:35 -------- d-----w- C:\Private Servers
2010-10-14 01:18:17 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-10-14 01:18:17 258048 ----a-w- c:\windows\system32\GplMpgDec.ax
2010-10-14 01:18:17 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-10-14 01:18:17 -------- d-----w- c:\program files\Allok MPEG4 Converter
2010-10-14 00:59:10 -------- d-----w- c:\program files\NCH Software
2010-10-14 00:59:08 -------- d-----w- c:\docume~1\bigdad~1\applic~1\NCH Software
2010-10-14 00:51:50 -------- d-----w- c:\program files\Sonic Foundry
2010-10-14 00:51:50 -------- d-----w- c:\program files\Pure Motion
2010-10-14 00:51:41 -------- d-----w- c:\program files\DebugMode
2010-10-14 00:42:21 -------- d-----w- C:\VideoOutput
2010-10-14 00:42:18 -------- d-----w- c:\program files\FLV Converter
2010-10-13 02:10:49 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 02:10:49 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 02:10:49 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 02:10:37 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 05:22:48 -------- d-----w- c:\docume~1\bigdad~1\locals~1\applic~1\WMTools Downloaded Files

==================== Find3M ====================

2010-10-11 23:55:12 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-11 23:55:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-09 02:11:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-19 02:10:56 22328 ----a-w- c:\docume~1\bigdad~1\applic~1\PnkBstrK.sys
2010-09-19 02:10:40 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 08:27:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-30 08:27:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 04:07:46 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-08-12 04:07:46 126448 ------w- c:\windows\system32\pxinsi64.exe

============= FINISH: 16:06:32.18 ===============
 
And lastly, the DDS "Attach" log:
(again, if the full scan of MBAM is needed, I will be happy to post it up)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/22/2010 4:49:19 PM
System Uptime: 10/30/2010 1:23:06 PM (3 hours ago)

Motherboard: Dell Inc | | 0PP150
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 137.219 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP71: 8/1/2010 11:54:09 PM - System Checkpoint
RP72: 8/3/2010 12:51:38 AM - System Checkpoint
RP73: 8/3/2010 1:44:30 AM - Software Distribution Service 3.0
RP74: 8/4/2010 4:15:07 PM - System Checkpoint
RP75: 8/5/2010 8:22:48 PM - System Checkpoint
RP76: 8/6/2010 8:49:29 PM - System Checkpoint
RP77: 8/7/2010 10:58:01 PM - System Checkpoint
RP78: 8/9/2010 12:43:13 AM - System Checkpoint
RP79: 8/10/2010 12:26:17 PM - System Checkpoint
RP80: 8/11/2010 1:06:31 AM - Installed SyncToy 2.1 (x86)
RP81: 8/11/2010 1:08:10 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP82: 8/11/2010 1:08:27 AM - Installed Windows Media Format Runtime
RP83: 8/11/2010 1:08:52 AM - Installed Windows XP Wudf01000.
RP84: 8/11/2010 1:10:17 AM - Installed Sony Media Manager for PSP 3.0
RP85: 8/12/2010 3:00:15 AM - Software Distribution Service 3.0
RP86: 8/12/2010 6:15:16 PM - Installed DirectX
RP87: 8/13/2010 8:31:46 PM - System Checkpoint
RP88: 8/14/2010 9:40:53 PM - System Checkpoint
RP89: 8/15/2010 10:45:17 PM - System Checkpoint
RP90: 8/16/2010 10:48:37 PM - System Checkpoint
RP91: 8/17/2010 11:07:37 PM - System Checkpoint
RP92: 8/18/2010 11:45:13 PM - System Checkpoint
RP93: 8/19/2010 11:29:24 PM - Removed ZiGGi
RP94: 8/19/2010 11:30:22 PM - Installed ZiGGi
RP95: 8/20/2010 5:09:20 PM - Installed ZiGGi
RP96: 8/21/2010 8:51:21 PM - System Checkpoint
RP97: 8/22/2010 8:53:29 PM - System Checkpoint
RP98: 8/23/2010 10:47:00 PM - System Checkpoint
RP99: 8/25/2010 7:25:31 PM - System Checkpoint
RP100: 8/26/2010 10:45:21 PM - System Checkpoint
RP101: 8/28/2010 9:18:21 PM - System Checkpoint
RP102: 8/29/2010 9:26:00 PM - System Checkpoint
RP103: 8/30/2010 1:27:53 AM - Installed Java(TM) 6 Update 20
RP104: 8/31/2010 8:37:47 PM - System Checkpoint
RP105: 9/1/2010 8:47:53 PM - System Checkpoint
RP106: 9/2/2010 9:19:28 PM - System Checkpoint
RP107: 9/4/2010 10:42:29 PM - System Checkpoint
RP108: 9/5/2010 11:07:06 PM - System Checkpoint
RP109: 9/6/2010 10:18:50 PM - Installed Steam
RP110: 9/7/2010 10:46:51 PM - System Checkpoint
RP111: 9/8/2010 9:22:03 PM - Installed Google SketchUp 8
RP112: 9/9/2010 10:45:14 PM - System Checkpoint
RP113: 9/11/2010 9:41:19 PM - System Checkpoint
RP114: 9/12/2010 9:45:31 PM - System Checkpoint
RP115: 9/13/2010 10:11:26 PM - System Checkpoint
RP116: 9/14/2010 10:28:48 PM - System Checkpoint
RP117: 9/15/2010 3:42:59 PM - Installed DirectX
RP118: 9/16/2010 3:00:13 AM - Software Distribution Service 3.0
RP119: 9/17/2010 4:45:41 PM - System Checkpoint
RP120: 9/18/2010 5:01:33 PM - System Checkpoint
RP121: 9/18/2010 6:56:23 PM - Installed Crysis(R).
RP122: 9/18/2010 7:10:25 PM - Installed DirectX
RP123: 9/18/2010 7:11:50 PM - Installed GameSpy Comrade.
RP124: 9/19/2010 8:57:15 PM - System Checkpoint
RP125: 9/20/2010 11:42:15 PM - System Checkpoint
RP126: 9/22/2010 12:25:17 AM - System Checkpoint
RP127: 9/23/2010 7:36:13 PM - System Checkpoint
RP128: 9/24/2010 8:23:13 PM - System Checkpoint
RP129: 9/25/2010 8:26:36 PM - System Checkpoint
RP130: 9/25/2010 11:21:20 PM - Installed Supreme Commander (TM)
RP131: 9/25/2010 11:21:33 PM - Installed DirectX
RP132: 9/27/2010 8:26:36 PM - System Checkpoint
RP133: 9/28/2010 10:15:20 PM - System Checkpoint
RP134: 9/29/2010 12:23:27 AM - Software Distribution Service 3.0
RP135: 9/30/2010 12:58:59 AM - System Checkpoint
RP136: 10/1/2010 5:38:49 PM - System Checkpoint
RP137: 10/2/2010 5:55:27 PM - System Checkpoint
RP138: 10/3/2010 7:23:05 PM - Removed ZiGGi
RP139: 10/3/2010 7:23:55 PM - Installed ZiGGi
RP140: 10/5/2010 11:14:30 PM - System Checkpoint
RP141: 10/7/2010 7:38:18 PM - System Checkpoint
RP142: 10/8/2010 1:08:02 AM - Software Distribution Service 3.0
RP143: 10/9/2010 6:56:48 PM - System Checkpoint
RP144: 10/10/2010 9:01:24 PM - System Checkpoint
RP145: 10/11/2010 10:17:18 PM - System Checkpoint
RP146: 10/12/2010 10:33:40 PM - System Checkpoint
RP147: 10/13/2010 3:00:13 AM - Software Distribution Service 3.0
RP148: 10/14/2010 5:03:37 PM - System Checkpoint
RP149: 10/15/2010 7:32:05 PM - Removed ZiGGi
RP150: 10/15/2010 7:33:50 PM - Installed ZiGGi
RP151: 10/16/2010 10:50:12 PM - System Checkpoint
RP152: 10/17/2010 11:12:04 PM - System Checkpoint
RP153: 10/19/2010 8:27:16 PM - System Checkpoint
RP154: 10/20/2010 8:33:08 PM - System Checkpoint
RP155: 10/21/2010 12:19:43 AM - Removed ZiGGi
RP156: 10/21/2010 12:20:26 AM - Installed ZiGGi
RP157: 10/21/2010 10:30:03 AM - Removed ZiGGi
RP158: 10/21/2010 10:30:23 AM - Installed ZiGGi
RP159: 10/21/2010 6:00:57 PM - Removed ZiGGi
RP160: 10/21/2010 6:28:46 PM - Installed ZiGGi
RP161: 10/21/2010 7:08:12 PM - Removed ZiGGi
RP162: 10/21/2010 7:48:16 PM - Installed ZiGGi
RP163: 10/22/2010 8:11:20 PM - System Checkpoint
RP164: 10/23/2010 10:24:22 PM - System Checkpoint
RP165: 10/25/2010 5:57:37 PM - System Checkpoint
RP166: 10/26/2010 9:44:45 PM - Installed Windows NLSDownlevelMapping.
RP167: 10/26/2010 9:45:25 PM - Installed Windows XP KB942288-v3.
RP168: 10/30/2010 1:50:03 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AIM 7
AIM Toolbar
Akamai NetSession Interface
Allok MPEG4 Converter 5.1.0626
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BannedStory
BannedStory 3.0
Battlefield Heroes
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Cross Fire En
Crysis(R)
Delayed Shutdown 3.0
Dell Photo Printer 720
Dell System Restore
DivX Setup
Documentation & Support Launcher
Download Updater (AOL LLC)
FLV Converter 3.2
Fraps
Games, Music, & Photos Launcher
GameSpy Comrade
Garena 2010
Google Gmail Notifier
Google SketchUp 8
Google Talk (remove only)
Google Talk Plugin
GPGNet
Handbrake 0.9.4
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
MapleStory
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Need For Speed™ World
Nitto 1320 Legends Public Beta 0.9.12.10
NVIDIA Drivers
NVIDIA Performance
NVIDIA System Monitor
Pando Media Booster
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
PunkBuster Services
QuickTime
R.U.S.E. Demo
RealPlayer Basic
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic CinePlayer Decoder Pack
Sony Media Manager for PSP 3.0
Steam
Supreme Commander
SyncToy 2.1 (x86)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Media Player
VLC media player 1.1.4
Warcraft III: All Products
WD SmartWare
WebFldrs XP
WG111v2 Configuration Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
ZiGGi

==== Event Viewer Messages From Past Week ========

10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The Performance Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:04 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 1:21:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/26/2010 9:37:26 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
10/26/2010 9:29:57 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/26/2010 7:20:33 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/26/2010 2:27:21 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/26/2010 11:09:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/25/2010 9:40:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/25/2010 9:28:36 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/25/2010 6:25:21 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is BL-PC.
10/25/2010 6:08:43 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.5. The machine with the IP address 10.0.0.7 did not allow the name to be claimed by this machine.
10/23/2010 12:34:27 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow the name to be claimed by this machine.
10/23/2010 12:34:27 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DAD.

==== End Of File ===========================
 
Welcome aboard :)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
And now TDSS log:

2010/10/31 11:03:16.0859 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 11:03:16.0859 ================================================================================
2010/10/31 11:03:16.0859 SystemInfo:
2010/10/31 11:03:16.0859
2010/10/31 11:03:16.0859 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/31 11:03:16.0859 Product type: Workstation
2010/10/31 11:03:16.0859 ComputerName: BRIAN
2010/10/31 11:03:16.0859 UserName: Big Daddy
2010/10/31 11:03:16.0859 Windows directory: C:\WINDOWS
2010/10/31 11:03:16.0859 System windows directory: C:\WINDOWS
2010/10/31 11:03:16.0859 Processor architecture: Intel x86
2010/10/31 11:03:16.0859 Number of processors: 4
2010/10/31 11:03:16.0859 Page size: 0x1000
2010/10/31 11:03:16.0859 Boot type: Normal boot
2010/10/31 11:03:16.0859 ================================================================================
2010/10/31 11:03:17.0234 Initialize success
2010/10/31 11:03:21.0671 ================================================================================
2010/10/31 11:03:21.0671 Scan started
2010/10/31 11:03:21.0671 Mode: Manual;
2010/10/31 11:03:21.0671 ================================================================================
2010/10/31 11:03:22.0750 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/31 11:03:24.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/31 11:03:24.0546 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/31 11:03:24.0703 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/31 11:03:24.0937 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/31 11:03:25.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/31 11:03:25.0265 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/31 11:03:25.0390 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/31 11:03:25.0515 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/31 11:03:25.0640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/31 11:03:25.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/31 11:03:25.0953 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/31 11:03:26.0156 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/31 11:03:26.0312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/31 11:03:26.0453 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/31 11:03:26.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/31 11:03:26.0656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/31 11:03:26.0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/31 11:03:26.0890 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/31 11:03:27.0062 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/31 11:03:27.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/31 11:03:27.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/31 11:03:27.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/31 11:03:27.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/31 11:03:27.0734 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/31 11:03:27.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/31 11:03:27.0984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/31 11:03:28.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/31 11:03:28.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/31 11:03:28.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/31 11:03:28.0515 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/31 11:03:28.0671 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/31 11:03:28.0812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/31 11:03:28.0921 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/31 11:03:29.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/31 11:03:29.0234 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/10/31 11:03:29.0359 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/10/31 11:03:29.0421 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/10/31 11:03:29.0484 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/10/31 11:03:29.0500 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/10/31 11:03:29.0562 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/10/31 11:03:29.0609 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/10/31 11:03:29.0671 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/10/31 11:03:29.0718 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/10/31 11:03:29.0796 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/10/31 11:03:29.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/31 11:03:30.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/31 11:03:30.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/31 11:03:30.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/31 11:03:30.0546 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/31 11:03:30.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/31 11:03:30.0812 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/10/31 11:03:30.0906 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/10/31 11:03:30.0968 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/31 11:03:31.0171 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2010/10/31 11:03:31.0234 EAPPkt - detected Unsigned file (1)
2010/10/31 11:03:31.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/31 11:03:31.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/31 11:03:31.0562 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/31 11:03:31.0671 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/31 11:03:31.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/31 11:03:31.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/31 11:03:32.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/31 11:03:32.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/31 11:03:32.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/31 11:03:32.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/31 11:03:32.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/31 11:03:32.0906 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/31 11:03:33.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/31 11:03:33.0140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/31 11:03:33.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/31 11:03:33.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/31 11:03:33.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/31 11:03:33.0671 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/31 11:03:33.0984 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/31 11:03:34.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/31 11:03:34.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/31 11:03:34.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/31 11:03:34.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/31 11:03:34.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/31 11:03:34.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/31 11:03:35.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/31 11:03:35.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/31 11:03:35.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/31 11:03:35.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/31 11:03:35.0515 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/31 11:03:35.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/31 11:03:35.0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/31 11:03:36.0031 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/31 11:03:36.0140 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/31 11:03:36.0234 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/31 11:03:36.0328 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/10/31 11:03:36.0390 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/10/31 11:03:36.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/31 11:03:36.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/31 11:03:36.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/31 11:03:36.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/31 11:03:37.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/31 11:03:37.0187 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/10/31 11:03:37.0281 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/31 11:03:37.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/31 11:03:37.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/31 11:03:37.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/31 11:03:37.0859 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/31 11:03:38.0000 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2010/10/31 11:03:38.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/31 11:03:38.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/31 11:03:38.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/31 11:03:38.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/31 11:03:38.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/31 11:03:38.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/31 11:03:39.0046 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/31 11:03:39.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/31 11:03:39.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/31 11:03:39.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/31 11:03:39.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/31 11:03:39.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/31 11:03:39.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/31 11:03:39.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/31 11:03:40.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/31 11:03:40.0453 nv (95fdd27485f05b978d1af7bfe1f5785f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/31 11:03:40.0828 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/10/31 11:03:41.0000 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\drivers\nvgts.sys
2010/10/31 11:03:41.0078 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/10/31 11:03:41.0218 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\WINDOWS\nvoclock.sys
2010/10/31 11:03:41.0609 NVR0Dev - detected Unsigned file (1)
2010/10/31 11:03:41.0718 nvrd32 (c9128fe14e5c1e55710781b5c276f2ed) C:\WINDOWS\system32\drivers\nvrd32.sys
2010/10/31 11:03:41.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/31 11:03:41.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/31 11:03:42.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/31 11:03:42.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/31 11:03:42.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/31 11:03:42.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/31 11:03:42.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/31 11:03:42.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/31 11:03:42.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/31 11:03:43.0046 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/31 11:03:43.0234 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/31 11:03:43.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/31 11:03:43.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/31 11:03:43.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/31 11:03:43.0796 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/31 11:03:43.0875 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/31 11:03:44.0031 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/31 11:03:44.0140 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/31 11:03:44.0250 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/31 11:03:44.0375 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/31 11:03:44.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/31 11:03:44.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/31 11:03:44.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/31 11:03:44.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/31 11:03:45.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/31 11:03:45.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/31 11:03:45.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/31 11:03:45.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/31 11:03:45.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/31 11:03:45.0718 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2010/10/31 11:03:45.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/31 11:03:46.0109 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/31 11:03:46.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/31 11:03:46.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/31 11:03:46.0500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/31 11:03:46.0687 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
2010/10/31 11:03:46.0734 SjyPkt - detected Unsigned file (1)
2010/10/31 11:03:46.0781 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/31 11:03:46.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/31 11:03:47.0031 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/31 11:03:47.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/31 11:03:47.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/31 11:03:47.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/31 11:03:47.0687 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/31 11:03:47.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/31 11:03:47.0968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/31 11:03:48.0078 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/31 11:03:48.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/31 11:03:48.0406 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/31 11:03:48.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/31 11:03:48.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/31 11:03:48.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/31 11:03:48.0890 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/31 11:03:49.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/31 11:03:49.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/31 11:03:49.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/31 11:03:49.0468 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/31 11:03:49.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/31 11:03:49.0718 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/31 11:03:49.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/31 11:03:50.0000 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/31 11:03:50.0125 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/31 11:03:50.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/31 11:03:50.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/31 11:03:50.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/31 11:03:50.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/31 11:03:50.0812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/31 11:03:50.0906 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/31 11:03:51.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/31 11:03:51.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/31 11:03:51.0343 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/31 11:03:51.0437 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/10/31 11:03:51.0593 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/31 11:03:51.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/31 11:03:51.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/31 11:03:52.0078 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/31 11:03:52.0093 ================================================================================
2010/10/31 11:03:52.0093 Scan finished
2010/10/31 11:03:52.0093 ================================================================================
2010/10/31 11:03:52.0203 Detected object count: 4
2010/10/31 11:04:08.0703 Unsigned file(EAPPkt) - User select action: Skip
2010/10/31 11:04:08.0718 Unsigned file(NVR0Dev) - User select action: Skip
2010/10/31 11:04:08.0718 Unsigned file(SjyPkt) - User select action: Skip
2010/10/31 11:04:08.0750 \HardDisk0\MBR - will be cured after reboot
2010/10/31 11:04:08.0750 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/31 11:04:12.0250 Deinitialize success
 
Sorry about that, for some strange reason it said my post needed mod approval while yesterday it posted right up. And I just got home.
Heres the MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xB9F00000 nvrd32.sys
0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xBA0D8000 VolSnap.sys
0xB9EE8000 atapi.sys
0xB9ECB000 nvgts.sys
0xB9EB3000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xB9E93000 fltmgr.sys
0xB9E81000 sr.sys
0xBA5AE000 DLACDBHM.SYS
0xB9E6A000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9E53000 KSecDD.sys
0xB9DC6000 Ntfs.sys
0xB9D99000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D7F000 Mup.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB848C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8468000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8445000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB841D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB8336000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA71E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB95CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB831F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB830E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB82DE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8C47000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8280000 \SystemRoot\system32\DRIVERS\update.sys
0xB95B0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB695B000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB694B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8BB7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB16D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB16AD000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xB44F5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAD43C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA74F000 \SystemRoot\System32\Drivers\Null.SYS
0xAD43A000 \SystemRoot\System32\Drivers\Beep.SYS
0xAB3F9000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xAB3F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAB3E9000 \SystemRoot\System32\drivers\vga.sys
0xAD438000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAD436000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAAFCC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAAFC4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xACDDC000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA551000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA4F8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA4D2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA4AB000 \SystemRoot\System32\Drivers\Mpfp.sys
0xAB0AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB09C000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xAA483000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB08C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA461000 \SystemRoot\System32\drivers\afd.sys
0xAB07C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA436000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA393000 \SystemRoot\system32\drivers\mfehidk.sys
0xAAD67000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB9C5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAAD37000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAA36A000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0xAA359000 \SystemRoot\System32\Drivers\Udfs.SYS
0xAAFBC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAAF64000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAAFAC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAF524000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB042C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xAA312000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA584000 \SystemRoot\System32\drivers\Dxapi.sys
0xAAFA4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB7817000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA762000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xAA0F9000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xB1635000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xB688F000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xB68CF000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xAA0E3000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xAA0CC000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xAA093000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
0xB1621000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9F9E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9F11000 \SystemRoot\system32\drivers\wdmaud.sys
0xB20FB000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9EB9000 \SystemRoot\system32\DRIVERS\srv.sys
0xA88BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA4B0000 \??\C:\WINDOWS\nvoclock.sys
0xAD3F4000 \SystemRoot\system32\drivers\mfebopk.sys
0xA85A2000 \SystemRoot\system32\drivers\mfeavfk.sys
0xBA268000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
852 csrss.exe
876 C:\WINDOWS\system32\winlogon.exe
928 C:\WINDOWS\system32\services.exe
940 C:\WINDOWS\system32\lsass.exe
1164 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1352 C:\WINDOWS\system32\svchost.exe
1568 svchost.exe
1628 svchost.exe
1848 C:\WINDOWS\system32\LEXBCES.EXE
1880 C:\WINDOWS\system32\spoolsv.exe
1896 C:\WINDOWS\system32\LEXPPS.EXE
128 svchost.exe
156 C:\WINDOWS\system32\svchost.exe
196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
236 C:\Program Files\Bonjour\mDNSResponder.exe
432 C:\Program Files\Java\jre6\bin\jqs.exe
536 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
808 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1264 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1284 C:\WINDOWS\explorer.exe
1432 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1644 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
280 C:\Program Files\McAfee\MPF\MpfSrv.exe
528 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
784 C:\WINDOWS\system32\nvsvc32.exe
900 C:\WINDOWS\system32\PnkBstrA.exe
1996 C:\WINDOWS\system32\nvraidservice.exe
2132 C:\Program Files\McAfee.com\Agent\mcagent.exe
2156 C:\WINDOWS\system32\svchost.exe
2244 C:\Program Files\iTunes\iTunesHelper.exe
2288 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2512 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2736 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2824 C:\WINDOWS\system32\ctfmon.exe
2948 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3512 C:\WINDOWS\system32\wuauclt.exe
1500 C:\Program Files\iPod\bin\iPodService.exe
2588 wmiprvse.exe
2748 alg.exe
3164 wmiprvse.exe
3552 C:\WINDOWS\system32\wbem\unsecapp.exe
3344 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
448 C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725032VLA360, Rev: V54OA73A

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Your MBR seems to be infected as well...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Broni, thanks for the continued help.
Two questions, does it have to be a CD, can I use DVDs?
And after going through the above steps, must I go back into the bios and change it back to hard drive boot?
 
I never tried DVD, but if you don't mind wasting one, go ahead and let me know, if it worked.
As for your other question - no.
 
Well I'm not sure if I have DVDs or CDs handy, so I was just wondering. I'm about to go on a house hunt for them after dinner/the World Series game ends. Not trying to hate if your a Rangers guy but I'm in San Francisco and GIANTS, BABY! :grinthumb
 
I live near SF, however, I came from Europe a while ago, so football (soccer) all the way here :)
I know nothing about baseball, but since all my friends are going crazy about Giants, so be it!
 
Yay heres the redone MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xB9F00000 nvrd32.sys
0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xBA0D8000 VolSnap.sys
0xB9EE8000 atapi.sys
0xB9ECB000 nvgts.sys
0xB9EB3000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xB9E93000 fltmgr.sys
0xB9E81000 sr.sys
0xBA5AE000 DLACDBHM.SYS
0xB9E6A000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9E53000 KSecDD.sys
0xB9DC6000 Ntfs.sys
0xB9D99000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D7F000 Mup.sys
0xBA298000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA308000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB84D3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB84BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB849B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8478000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8450000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB8369000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA75A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB95FF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8352000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA478000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8341000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8311000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8C7A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB82B3000 \SystemRoot\system32\DRIVERS\update.sys
0xB95E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8C5A000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB8C3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB42F4000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB42D0000 \SystemRoot\system32\drivers\portcls.sys
0xB6A5D000 \SystemRoot\system32\drivers\drmk.sys
0xB8128000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA646000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70B000 \SystemRoot\System32\Drivers\Null.SYS
0xBA648000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA400000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3B0000 \SystemRoot\System32\drivers\vga.sys
0xBA64A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA64C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB3F45000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB14C5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB146C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1445000 \SystemRoot\System32\Drivers\Mpfp.sys
0xB141F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB13F7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA228000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB13D5000 \SystemRoot\System32\drivers\afd.sys
0xB6A2D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB13AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB133A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1307000 \SystemRoot\system32\drivers\mfehidk.sys
0xB6A1D000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3CE1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD372000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAD68B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xABB95000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAAB4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAA2E1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAAB3F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA9FF1000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA20B000 \SystemRoot\System32\drivers\Dxapi.sys
0xAA5DB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA724000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xADAE0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB380D000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xA9DD8000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xBA388000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAF88C000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xB3F1A000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xBA450000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xA9DC2000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xA9DAB000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xA9D9A000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
0xAD6A3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9D45000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9CE0000 \SystemRoot\system32\drivers\wdmaud.sys
0xAFF42000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9BEA000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8663000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3F02000 \??\C:\WINDOWS\nvoclock.sys
0xADF8C000 \SystemRoot\system32\drivers\mfebopk.sys
0xA8519000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA8428000 \SystemRoot\system32\DRIVERS\wg111v2.sys
0xA84C1000 \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
0xA85E3000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
972 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1212 svchost.exe
1360 C:\WINDOWS\system32\LEXBCES.EXE
1396 C:\WINDOWS\system32\LEXPPS.EXE
1384 C:\WINDOWS\system32\spoolsv.exe
1544 svchost.exe
1576 C:\WINDOWS\system32\svchost.exe
1588 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1628 C:\Program Files\Bonjour\mDNSResponder.exe
1728 C:\Program Files\Java\jre6\bin\jqs.exe
1868 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1936 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1972 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
2024 C:\WINDOWS\explorer.exe
312 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
320 C:\WINDOWS\system32\nvraidservice.exe
328 C:\Program Files\McAfee.com\Agent\mcagent.exe
412 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
532 C:\Program Files\McAfee\MPF\MpfSrv.exe
548 C:\Program Files\iTunes\iTunesHelper.exe
404 C:\Program Files\AIM\aim.exe
620 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
688 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
736 C:\WINDOWS\system32\ctfmon.exe
1100 C:\WINDOWS\system32\nvsvc32.exe
1328 C:\WINDOWS\system32\PnkBstrA.exe
1552 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
1788 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
2224 C:\WINDOWS\system32\svchost.exe
2300 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2368 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
3120 C:\Program Files\iPod\bin\iPodService.exe
3152 wmiprvse.exe
3508 alg.exe
3516 C:\WINDOWS\system32\wbem\unsecapp.exe
2792 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
3036 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
2044 C:\WINDOWS\system32\svchost.exe
196 C:\Program Files\Mozilla Firefox\firefox.exe
1768 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
1144 C:\Program Files\Mozilla Firefox\plugin-container.exe
5072 C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725032VLA360, Rev: V54OA73A

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Looks good :)
BTW, did you use CD, or DVD?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ok I'll get to Combofix, but I'll answer your question first
I found CDs lying around so I was a bit lazy to look for DVDs to test it out
sorry about that
 
Uh-oh I just used ComboFix pretty much how your steps put it
disabled EVERYTHING in McAfee SecurityCenter, but the ones that prompted me I put to re-enable on computer restart.
Anyways at step/stage (whatever it called it I dont remember) 3 there was a McAfee pop-up informing me that it had blocked/removed a suspected trojan or worm (basically something bad)
It disappeared faster than I could read it
after that ComboFix kept scanning and I turned my monitor off to go away a bit.
I came back and turned on my monitor to see the blue screen that says the computer turned off to prevent damage (BSOD?)
I was wondering if this has ever occurred with COmboFix before? I've yet to re-run it.
 
Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe


  • * Double-click on the Rkill desktop icon to run the tool.
    * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    * If not, delete the file, then download and use the one provided in Link 2.
    * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    * Do not reboot until instructed.
    * If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.


  • * Please download exeHelper from Raktor to your desktop.
    * Double-click on exeHelper.com to run the fix.
    * A black window should pop up, press any key to close once the fix is completed.
    * A log file named log.txt will be created in the directory where you ran exeHelper.com
    * Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now, run broni.exe

If normal mode still fails, run ALL three tools from Safe Mode.
 
Sorry, I'm really busy with school but I'll get to this ASAP.
In the mean time I'm hoping leaving the infected computer off will stop any possible activity.
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
831
losdavos
losdavos
E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
222
p51d007
p51d007
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
404
Fastturtle
F

Latest posts

Back