TechSpot

Google search redirects

Solved
By idunnowho
Oct 31, 2010
Topic Status:
Not open for further replies.
  1. I'm another victim of the redirects as well as the generic32 host closing. (don't remember the exact message)
    I typically use Firefox but I'm pretty sure that It occurs on IE as well?
    I'm on a Dell XPS 630 with WIndows XP SP3 that I share with my little brother. Since it's a Dell, if all else fails, I can do a factory state restore, but I have neither the patience nor time to reinstall all my programs, plus my flash drives and external hard drive I would save files on don't show up in My Computer and aren't detected. (side-effect of the virus?) Note that I can't copy files to or view the drives, but they do show up in "Safely Remove Hardware", oddly.
    I've completed the 8 (now 6) virus removal steps. That means, TFC, MBAM, GMER, and DDS all used.
    Note that I already had MalwareBytes installed, so if it is necessary to reinstall I can.
    I also have done the full scan there, if that's needed I can post that log.

    Another note: I tried scanning with my McAfee I have from AT&T internet and the scan completelly stalls at either 1% or 37%. If necessary, I can run that scan in safe mode, as well as any of the other scans.

    Thank you for any help I receive. :grinthumb

    Here goes the logs:

    MBAM first (quick scan):

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4996

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/30/2010 1:33:22 PM
    mbam-log-2010-10-30 (13-33-22).txt

    Scan type: Quick scan
    Objects scanned: 149728
    Time elapsed: 5 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Now GMER (split into two posts):

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-30 16:04:18
    Windows 5.1.2600 Service Pack 3
    Running: 4rkxpr06.exe; Driver: C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\axtdqpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB090078A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0900821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0900738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB090074C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0900835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB0900861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB09008CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB09008B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB09007CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB09008FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB090080D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0900710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0900724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB090079E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB0900937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB09008A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB090088D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB090084B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0900923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB090090F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0900776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0900762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB0900877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB09007F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB09008E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB09007E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB09007B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B09007B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7EC5380, 0x344E37, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A0000
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008A0067
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A0056
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008A0F7C
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A0F8D
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A0F9E
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008A009A
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008A0089
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A0F26
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A0F37
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A0F0B
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A002F
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A0FE5
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008A0078
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008A0FB9
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008A0FD4
    .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A00B5
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FDE
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920FB9
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0092001B
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920080
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00920065
    .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920054
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0FB7
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0038
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FD2
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0000
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0027
    .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0FE3
    .text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 008C0FD4
    .text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 008C0FE5
    .text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 008C000A
    .text C:\WINDOWS\system32\services.exe[760] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 008C0FB9
    .text C:\WINDOWS\system32\services.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008B0FEF
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB0FEF
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0F61
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F7C
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0F8D
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB0FA8
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB0040
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0F33
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB007B
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB0F07
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB0F22
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EB0EF6
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EB0FB9
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB000A
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EB0F50
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EB0FD4
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EB0025
    .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EB00A0
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01190FDB
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01190087
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0119002C
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01190011
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0119006C
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01190000
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01190FCA
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [39, 89]
    .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01190047
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FA8
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0033
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FC3
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0022
    .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FDE
    .text C:\WINDOWS\system32\lsass.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0000
    .text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00ED0FEF
    .text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00ED0000
    .text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00ED0025
    .text C:\WINDOWS\system32\lsass.exe[772] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00ED0036
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F7E
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F80FA3
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8007D
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F8006C
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FCA
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F41
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F52
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F01
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F8009A
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800B5
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80051
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80011
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F6D
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80036
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FDB
    .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F26
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0047
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0FAF
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0036
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD001B
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0FCA
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD000A
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FDB
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
    .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0058
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0F89
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0FA4
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FC6
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FE3
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FB5
    .text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0000
    .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00FA001B
    .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FA0000
    .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FA0FE5
    .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FA0038
    .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90000
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0071
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA004C
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F72
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F83
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0025
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00AE
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0093
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00DA
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00C9
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00F5
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F9E
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0082
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FB9
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FCA
    .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F41
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0040
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0F94
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC001B
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0FAF
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0000
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0FCA
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]
    .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0051
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FC1
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FD2
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD001D
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FE3
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0042
    .text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00BC0FDE
    .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00BC0025
    .text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FE5
    .text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0095000A
    .text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0096000A
    .text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03030FE5
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03030F70
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03030F8B
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03030065
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0303004A
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03030025
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03030F3F
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03030091
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 030300BD
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 030300AC
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03030F09
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03030FA8
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03030FCA
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03030080
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03030FB9
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03030000
    .text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03030F2E
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 030C0047
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 030C00A2
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 030C0036
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 030C001B
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 030C0FDB
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 030C0000
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 030C007D
    .text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 030C006C
    .text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E0000A
    .text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D1000A
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 030B002C
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 030B0FA1
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 030B001B
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 030B0000
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 030B0FC6
    .text C:\WINDOWS\System32\svchost.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 030B0FE3
    .text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 03060FD4
    .text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 03060FE5
  3. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    .text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 03060FB7
    .text C:\WINDOWS\System32\svchost.exe[1072] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0306000A
    .text C:\WINDOWS\System32\svchost.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03050FEF
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0000
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0055
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0044
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0033
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0022
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0011
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F0D
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0F2A
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F007A
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F0EE1
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0ED0
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0F8A
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F0FE5
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F45
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FAF
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FCA
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0EFC
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0090001B
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900040
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FD4
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FE5
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900F83
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900000
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900F94
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900FB9
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008F005D
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 008F0042
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008F001D
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008F0000
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008F0FD2
    .text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008F0FE3
    .text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 008E0FE5
    .text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 008E0000
    .text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 008E0FCA
    .text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 008E0FAF
    .text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F000A
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F008E
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F007D
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F006C
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0FAF
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0FC0
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F68
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F00BA
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F00F7
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F00DC
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0F4D
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0047
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F001B
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F009F
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FDB
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F002C
    .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F00CB
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FC3
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90040
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FD4
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9000A
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D9002F
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90F8D
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
    .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FA8
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80058
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80047
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80022
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FCD
    .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80011
    .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00D7000A
    .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00D70FEF
    .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00D70FD4
    .text C:\WINDOWS\system32\svchost.exe[1240] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00D7001B
    .text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60000
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0FEF
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0F72
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0067
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0F8D
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F004A
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0025
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F00B0
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0093
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F0F3C
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F00CB
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F0F21
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0FA8
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F000A
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0082
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0FC3
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FD4
    .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0F4D
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0047
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF009F
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0036
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0025
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0084
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0073
    .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0062
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0042
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FB7
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
    .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
    .text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00BD0FDE
    .text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00BD0031
    .text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FE5
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012C0FEF
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012C0085
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012C0060
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012C0F86
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012C0039
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012C0014
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012C00BD
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012C0F75
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012C0104
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012C00F3
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012C0F50
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012C0F97
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012C0FDE
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012C00A0
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012C0FA8
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012C0FC3
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012C00D8
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01300FD1
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01300F94
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01300022
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01300011
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01300FAF
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01300000
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01300047
    .text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01300FC0
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012F0F92
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!system 77C293C7 5 Bytes JMP 012F0FAD
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012F001D
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012F0000
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012F0FBE
    .text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012F0FE3
    .text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 012E0FCA
    .text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 012E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 012E0000
    .text C:\WINDOWS\System32\svchost.exe[1712] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 012E0011
    .text C:\WINDOWS\System32\svchost.exe[1712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012D0FEF
    .text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E3000A
    .text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E4000A
    .text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E2000C
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F55
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F66
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0040
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F8D
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0025
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0089
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0078
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F26
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00BF
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00DA
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0F9E
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FE5
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE005B
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FC3
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4
    .text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00AE
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01B80FD4
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01B80062
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01B80FE5
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01B8001B
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01B80051
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01B80000
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01B80040
    .text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01B80FB9
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B70FCA
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B7005F
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B70FEF
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B70000
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B7004E
    .text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B70029
    .text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 01480014
    .text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01480FEF
    .text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01480031
    .text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01480FD4
    .text C:\WINDOWS\Explorer.EXE[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FE5
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F80
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00075
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00058
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00047
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FAF
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00090
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F48
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000CD
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000BC
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F19
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00036
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FE5
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F65
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0001B
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FCA
    .text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000A1
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF001B
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F79
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F94
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FE5
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0036
    .text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FAF
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FA6
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FB7
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0016
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0031
    .text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FD2
    .text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 006F0FEF
    .text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 006F0000
    .text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 006F0031
    .text C:\WINDOWS\system32\svchost.exe[2248] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 006F004C

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts1Port3Path1Target1Lun0 8AB32292
    Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts1 8AB32292
    Device \Driver\nvgts -> DriverStartIo \Device\Scsi\nvgts2 8AB32292

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \Device\Scsi\nvgts1Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDT725032VLA&Rev_V54O#4&3b9922aa&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
  4. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Now the first DDS log:


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Big Daddy at 16:04:59.37 on Sat 10/30/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2529 [GMT -7:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Big Daddy\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    mDefault_Page_URL = hxxp://www.dell.com
    mStart Page = hxxp://www.dell.com
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Google Update] "c:\documents and settings\big daddy\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\bigdad~1\applic~1\mozilla\firefox\profiles\nqdmrd2l.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=23-05-2010
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
    FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=62747&cuid=&userid=43676491&q=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\big daddy\application data\mozilla\firefox\profiles\nqdmrd2l.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\documents and settings\big daddy\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\big daddy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\big daddy\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 214664]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-5-22 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-22 203280]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-5-22 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-5-22 144704]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-22 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-22 35272]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\bigdad~1\locals~1\temp\gop78.tmp --> c:\docume~1\bigdad~1\locals~1\temp\GOP78.tmp [?]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-22 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-22 40552]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-5-22 167808]
    S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-5-22 13532]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-22 11520]
    S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
    S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
    S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-5-22 606736]

    =============== Created Last 30 ================

    2010-10-27 04:45:47 -------- d-----w- c:\docume~1\bigdad~1\applic~1\Autodesk
    2010-10-27 04:36:00 -------- d-----w- C:\Autodesk
    2010-10-27 01:38:26 -------- d-----w- c:\program files\common files\Akamai
    2010-10-24 22:30:13 -------- d-----w- c:\program files\Nitto 1320 Legends
    2010-10-24 19:48:55 4992 ----a-w- c:\windows\system32\drivers\loop.sys
    2010-10-24 19:48:55 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
    2010-10-23 04:54:57 -------- d-----w- c:\windows\system32\Adobe
    2010-10-22 02:48:17 -------- d-----w- c:\program files\GameKiller.net
    2010-10-22 02:09:24 -------- d-----w- C:\Nexon
    2010-10-21 05:11:35 -------- d-----w- C:\Private Servers
    2010-10-14 01:18:17 28672 ----a-w- c:\windows\system32\AVEQT.dll
    2010-10-14 01:18:17 258048 ----a-w- c:\windows\system32\GplMpgDec.ax
    2010-10-14 01:18:17 129024 ----a-w- c:\windows\system32\AVERM.dll
    2010-10-14 01:18:17 -------- d-----w- c:\program files\Allok MPEG4 Converter
    2010-10-14 00:59:10 -------- d-----w- c:\program files\NCH Software
    2010-10-14 00:59:08 -------- d-----w- c:\docume~1\bigdad~1\applic~1\NCH Software
    2010-10-14 00:51:50 -------- d-----w- c:\program files\Sonic Foundry
    2010-10-14 00:51:50 -------- d-----w- c:\program files\Pure Motion
    2010-10-14 00:51:41 -------- d-----w- c:\program files\DebugMode
    2010-10-14 00:42:21 -------- d-----w- C:\VideoOutput
    2010-10-14 00:42:18 -------- d-----w- c:\program files\FLV Converter
    2010-10-13 02:10:49 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 02:10:49 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-13 02:10:49 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 02:10:37 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-08 05:22:48 -------- d-----w- c:\docume~1\bigdad~1\locals~1\applic~1\WMTools Downloaded Files

    ==================== Find3M ====================

    2010-10-11 23:55:12 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-11 23:55:12 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-10-09 02:11:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-09-19 02:10:56 22328 ----a-w- c:\docume~1\bigdad~1\applic~1\PnkBstrK.sys
    2010-09-19 02:10:40 669184 ----a-w- c:\windows\system32\pbsvc.exe
    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-30 08:27:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-08-30 08:27:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-12 04:07:46 133616 ------w- c:\windows\system32\PxAFS.DLL
    2010-08-12 04:07:46 126448 ------w- c:\windows\system32\pxinsi64.exe

    ============= FINISH: 16:06:32.18 ===============
  5. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    And lastly, the DDS "Attach" log:
    (again, if the full scan of MBAM is needed, I will be happy to post it up)


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/22/2010 4:49:19 PM
    System Uptime: 10/30/2010 1:23:06 PM (3 hours ago)

    Motherboard: Dell Inc | | 0PP150
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 295 GiB total, 137.219 GiB free.
    D: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP71: 8/1/2010 11:54:09 PM - System Checkpoint
    RP72: 8/3/2010 12:51:38 AM - System Checkpoint
    RP73: 8/3/2010 1:44:30 AM - Software Distribution Service 3.0
    RP74: 8/4/2010 4:15:07 PM - System Checkpoint
    RP75: 8/5/2010 8:22:48 PM - System Checkpoint
    RP76: 8/6/2010 8:49:29 PM - System Checkpoint
    RP77: 8/7/2010 10:58:01 PM - System Checkpoint
    RP78: 8/9/2010 12:43:13 AM - System Checkpoint
    RP79: 8/10/2010 12:26:17 PM - System Checkpoint
    RP80: 8/11/2010 1:06:31 AM - Installed SyncToy 2.1 (x86)
    RP81: 8/11/2010 1:08:10 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP82: 8/11/2010 1:08:27 AM - Installed Windows Media Format Runtime
    RP83: 8/11/2010 1:08:52 AM - Installed Windows XP Wudf01000.
    RP84: 8/11/2010 1:10:17 AM - Installed Sony Media Manager for PSP 3.0
    RP85: 8/12/2010 3:00:15 AM - Software Distribution Service 3.0
    RP86: 8/12/2010 6:15:16 PM - Installed DirectX
    RP87: 8/13/2010 8:31:46 PM - System Checkpoint
    RP88: 8/14/2010 9:40:53 PM - System Checkpoint
    RP89: 8/15/2010 10:45:17 PM - System Checkpoint
    RP90: 8/16/2010 10:48:37 PM - System Checkpoint
    RP91: 8/17/2010 11:07:37 PM - System Checkpoint
    RP92: 8/18/2010 11:45:13 PM - System Checkpoint
    RP93: 8/19/2010 11:29:24 PM - Removed ZiGGi
    RP94: 8/19/2010 11:30:22 PM - Installed ZiGGi
    RP95: 8/20/2010 5:09:20 PM - Installed ZiGGi
    RP96: 8/21/2010 8:51:21 PM - System Checkpoint
    RP97: 8/22/2010 8:53:29 PM - System Checkpoint
    RP98: 8/23/2010 10:47:00 PM - System Checkpoint
    RP99: 8/25/2010 7:25:31 PM - System Checkpoint
    RP100: 8/26/2010 10:45:21 PM - System Checkpoint
    RP101: 8/28/2010 9:18:21 PM - System Checkpoint
    RP102: 8/29/2010 9:26:00 PM - System Checkpoint
    RP103: 8/30/2010 1:27:53 AM - Installed Java(TM) 6 Update 20
    RP104: 8/31/2010 8:37:47 PM - System Checkpoint
    RP105: 9/1/2010 8:47:53 PM - System Checkpoint
    RP106: 9/2/2010 9:19:28 PM - System Checkpoint
    RP107: 9/4/2010 10:42:29 PM - System Checkpoint
    RP108: 9/5/2010 11:07:06 PM - System Checkpoint
    RP109: 9/6/2010 10:18:50 PM - Installed Steam
    RP110: 9/7/2010 10:46:51 PM - System Checkpoint
    RP111: 9/8/2010 9:22:03 PM - Installed Google SketchUp 8
    RP112: 9/9/2010 10:45:14 PM - System Checkpoint
    RP113: 9/11/2010 9:41:19 PM - System Checkpoint
    RP114: 9/12/2010 9:45:31 PM - System Checkpoint
    RP115: 9/13/2010 10:11:26 PM - System Checkpoint
    RP116: 9/14/2010 10:28:48 PM - System Checkpoint
    RP117: 9/15/2010 3:42:59 PM - Installed DirectX
    RP118: 9/16/2010 3:00:13 AM - Software Distribution Service 3.0
    RP119: 9/17/2010 4:45:41 PM - System Checkpoint
    RP120: 9/18/2010 5:01:33 PM - System Checkpoint
    RP121: 9/18/2010 6:56:23 PM - Installed Crysis(R).
    RP122: 9/18/2010 7:10:25 PM - Installed DirectX
    RP123: 9/18/2010 7:11:50 PM - Installed GameSpy Comrade.
    RP124: 9/19/2010 8:57:15 PM - System Checkpoint
    RP125: 9/20/2010 11:42:15 PM - System Checkpoint
    RP126: 9/22/2010 12:25:17 AM - System Checkpoint
    RP127: 9/23/2010 7:36:13 PM - System Checkpoint
    RP128: 9/24/2010 8:23:13 PM - System Checkpoint
    RP129: 9/25/2010 8:26:36 PM - System Checkpoint
    RP130: 9/25/2010 11:21:20 PM - Installed Supreme Commander (TM)
    RP131: 9/25/2010 11:21:33 PM - Installed DirectX
    RP132: 9/27/2010 8:26:36 PM - System Checkpoint
    RP133: 9/28/2010 10:15:20 PM - System Checkpoint
    RP134: 9/29/2010 12:23:27 AM - Software Distribution Service 3.0
    RP135: 9/30/2010 12:58:59 AM - System Checkpoint
    RP136: 10/1/2010 5:38:49 PM - System Checkpoint
    RP137: 10/2/2010 5:55:27 PM - System Checkpoint
    RP138: 10/3/2010 7:23:05 PM - Removed ZiGGi
    RP139: 10/3/2010 7:23:55 PM - Installed ZiGGi
    RP140: 10/5/2010 11:14:30 PM - System Checkpoint
    RP141: 10/7/2010 7:38:18 PM - System Checkpoint
    RP142: 10/8/2010 1:08:02 AM - Software Distribution Service 3.0
    RP143: 10/9/2010 6:56:48 PM - System Checkpoint
    RP144: 10/10/2010 9:01:24 PM - System Checkpoint
    RP145: 10/11/2010 10:17:18 PM - System Checkpoint
    RP146: 10/12/2010 10:33:40 PM - System Checkpoint
    RP147: 10/13/2010 3:00:13 AM - Software Distribution Service 3.0
    RP148: 10/14/2010 5:03:37 PM - System Checkpoint
    RP149: 10/15/2010 7:32:05 PM - Removed ZiGGi
    RP150: 10/15/2010 7:33:50 PM - Installed ZiGGi
    RP151: 10/16/2010 10:50:12 PM - System Checkpoint
    RP152: 10/17/2010 11:12:04 PM - System Checkpoint
    RP153: 10/19/2010 8:27:16 PM - System Checkpoint
    RP154: 10/20/2010 8:33:08 PM - System Checkpoint
    RP155: 10/21/2010 12:19:43 AM - Removed ZiGGi
    RP156: 10/21/2010 12:20:26 AM - Installed ZiGGi
    RP157: 10/21/2010 10:30:03 AM - Removed ZiGGi
    RP158: 10/21/2010 10:30:23 AM - Installed ZiGGi
    RP159: 10/21/2010 6:00:57 PM - Removed ZiGGi
    RP160: 10/21/2010 6:28:46 PM - Installed ZiGGi
    RP161: 10/21/2010 7:08:12 PM - Removed ZiGGi
    RP162: 10/21/2010 7:48:16 PM - Installed ZiGGi
    RP163: 10/22/2010 8:11:20 PM - System Checkpoint
    RP164: 10/23/2010 10:24:22 PM - System Checkpoint
    RP165: 10/25/2010 5:57:37 PM - System Checkpoint
    RP166: 10/26/2010 9:44:45 PM - Installed Windows NLSDownlevelMapping.
    RP167: 10/26/2010 9:45:25 PM - Installed Windows XP KB942288-v3.
    RP168: 10/30/2010 1:50:03 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    AIM 7
    AIM Toolbar
    Akamai NetSession Interface
    Allok MPEG4 Converter 5.1.0626
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BannedStory
    BannedStory 3.0
    Battlefield Heroes
    Bonjour
    Browser Address Error Redirector
    Compatibility Pack for the 2007 Office system
    Cross Fire En
    Crysis(R)
    Delayed Shutdown 3.0
    Dell Photo Printer 720
    Dell System Restore
    DivX Setup
    Documentation & Support Launcher
    Download Updater (AOL LLC)
    FLV Converter 3.2
    Fraps
    Games, Music, & Photos Launcher
    GameSpy Comrade
    Garena 2010
    Google Gmail Notifier
    Google SketchUp 8
    Google Talk (remove only)
    Google Talk Plugin
    GPGNet
    Handbrake 0.9.4
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Internet Service Offers Launcher
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 20
    Malwarebytes' Anti-Malware
    MapleStory
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch for Windows Media Player
    Need For Speed™ World
    Nitto 1320 Legends Public Beta 0.9.12.10
    NVIDIA Drivers
    NVIDIA Performance
    NVIDIA System Monitor
    Pando Media Booster
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PowerDVD
    PunkBuster Services
    QuickTime
    R.U.S.E. Demo
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio MyDVD DE
    Roxio Update Manager
    SearchAssist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic CinePlayer Decoder Pack
    Sony Media Manager for PSP 3.0
    Steam
    Supreme Commander
    SyncToy 2.1 (x86)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Viewpoint Media Player
    VLC media player 1.1.4
    Warcraft III: All Products
    WD SmartWare
    WebFldrs XP
    WG111v2 Configuration Utility
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Xfire (remove only)
    ZiGGi

    ==== Event Viewer Messages From Past Week ========

    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The Performance Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:04 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/30/2010 1:21:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:03 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/30/2010 1:21:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/26/2010 9:37:26 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
    10/26/2010 9:29:57 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/26/2010 7:20:33 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/26/2010 2:27:21 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/26/2010 11:09:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    10/25/2010 9:40:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/25/2010 9:28:36 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    10/25/2010 6:25:21 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is BL-PC.
    10/25/2010 6:08:43 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.5. The machine with the IP address 10.0.0.7 did not allow the name to be claimed by this machine.
    10/23/2010 12:34:27 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow the name to be claimed by this machine.
    10/23/2010 12:34:27 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DAD.

    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Welcome aboard :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  7. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    And now TDSS log:

    2010/10/31 11:03:16.0859 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/10/31 11:03:16.0859 ================================================================================
    2010/10/31 11:03:16.0859 SystemInfo:
    2010/10/31 11:03:16.0859
    2010/10/31 11:03:16.0859 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/31 11:03:16.0859 Product type: Workstation
    2010/10/31 11:03:16.0859 ComputerName: BRIAN
    2010/10/31 11:03:16.0859 UserName: Big Daddy
    2010/10/31 11:03:16.0859 Windows directory: C:\WINDOWS
    2010/10/31 11:03:16.0859 System windows directory: C:\WINDOWS
    2010/10/31 11:03:16.0859 Processor architecture: Intel x86
    2010/10/31 11:03:16.0859 Number of processors: 4
    2010/10/31 11:03:16.0859 Page size: 0x1000
    2010/10/31 11:03:16.0859 Boot type: Normal boot
    2010/10/31 11:03:16.0859 ================================================================================
    2010/10/31 11:03:17.0234 Initialize success
    2010/10/31 11:03:21.0671 ================================================================================
    2010/10/31 11:03:21.0671 Scan started
    2010/10/31 11:03:21.0671 Mode: Manual;
    2010/10/31 11:03:21.0671 ================================================================================
    2010/10/31 11:03:22.0750 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/10/31 11:03:24.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/31 11:03:24.0546 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/31 11:03:24.0703 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/10/31 11:03:24.0937 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/31 11:03:25.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/31 11:03:25.0265 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/10/31 11:03:25.0390 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/10/31 11:03:25.0515 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/10/31 11:03:25.0640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/10/31 11:03:25.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/10/31 11:03:25.0953 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/10/31 11:03:26.0156 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/10/31 11:03:26.0312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/10/31 11:03:26.0453 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/10/31 11:03:26.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/31 11:03:26.0656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/10/31 11:03:26.0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/10/31 11:03:26.0890 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/10/31 11:03:27.0062 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/31 11:03:27.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/31 11:03:27.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/31 11:03:27.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/31 11:03:27.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/31 11:03:27.0734 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/10/31 11:03:27.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/31 11:03:27.0984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/10/31 11:03:28.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/31 11:03:28.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/31 11:03:28.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/31 11:03:28.0515 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/10/31 11:03:28.0671 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/10/31 11:03:28.0812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/10/31 11:03:28.0921 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/10/31 11:03:29.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/31 11:03:29.0234 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    2010/10/31 11:03:29.0359 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    2010/10/31 11:03:29.0421 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2010/10/31 11:03:29.0484 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    2010/10/31 11:03:29.0500 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    2010/10/31 11:03:29.0562 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    2010/10/31 11:03:29.0609 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    2010/10/31 11:03:29.0671 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2010/10/31 11:03:29.0718 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    2010/10/31 11:03:29.0796 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    2010/10/31 11:03:29.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/31 11:03:30.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/31 11:03:30.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/31 11:03:30.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/31 11:03:30.0546 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/10/31 11:03:30.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/31 11:03:30.0812 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2010/10/31 11:03:30.0906 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2010/10/31 11:03:30.0968 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/10/31 11:03:31.0171 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
    2010/10/31 11:03:31.0234 EAPPkt - detected Unsigned file (1)
    2010/10/31 11:03:31.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/31 11:03:31.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/31 11:03:31.0562 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/31 11:03:31.0671 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/31 11:03:31.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/31 11:03:31.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/31 11:03:32.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/31 11:03:32.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/10/31 11:03:32.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/31 11:03:32.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/31 11:03:32.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/31 11:03:32.0906 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/10/31 11:03:33.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/31 11:03:33.0140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/10/31 11:03:33.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/10/31 11:03:33.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/31 11:03:33.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/31 11:03:33.0671 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/10/31 11:03:33.0984 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/10/31 11:03:34.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/31 11:03:34.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/31 11:03:34.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/31 11:03:34.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/31 11:03:34.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/31 11:03:34.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/31 11:03:35.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/31 11:03:35.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/31 11:03:35.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/31 11:03:35.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/31 11:03:35.0515 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/31 11:03:35.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/31 11:03:35.0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/31 11:03:36.0031 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2010/10/31 11:03:36.0140 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
    2010/10/31 11:03:36.0234 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
    2010/10/31 11:03:36.0328 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
    2010/10/31 11:03:36.0390 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
    2010/10/31 11:03:36.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/31 11:03:36.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/31 11:03:36.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/31 11:03:36.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/31 11:03:37.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/31 11:03:37.0187 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
    2010/10/31 11:03:37.0281 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/10/31 11:03:37.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/31 11:03:37.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/31 11:03:37.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/31 11:03:37.0859 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/31 11:03:38.0000 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
    2010/10/31 11:03:38.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/31 11:03:38.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/31 11:03:38.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/31 11:03:38.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/31 11:03:38.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/31 11:03:38.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/31 11:03:39.0046 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/31 11:03:39.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/31 11:03:39.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/31 11:03:39.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/31 11:03:39.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/31 11:03:39.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/31 11:03:39.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/31 11:03:39.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/31 11:03:40.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/31 11:03:40.0453 nv (95fdd27485f05b978d1af7bfe1f5785f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/10/31 11:03:40.0828 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2010/10/31 11:03:41.0000 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\drivers\nvgts.sys
    2010/10/31 11:03:41.0078 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2010/10/31 11:03:41.0218 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\WINDOWS\nvoclock.sys
    2010/10/31 11:03:41.0609 NVR0Dev - detected Unsigned file (1)
    2010/10/31 11:03:41.0718 nvrd32 (c9128fe14e5c1e55710781b5c276f2ed) C:\WINDOWS\system32\drivers\nvrd32.sys
    2010/10/31 11:03:41.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/31 11:03:41.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/31 11:03:42.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/31 11:03:42.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/31 11:03:42.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/31 11:03:42.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/31 11:03:42.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/31 11:03:42.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/31 11:03:42.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/31 11:03:43.0046 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/10/31 11:03:43.0234 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/10/31 11:03:43.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/31 11:03:43.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/31 11:03:43.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/31 11:03:43.0796 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/10/31 11:03:43.0875 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/10/31 11:03:44.0031 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/10/31 11:03:44.0140 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/10/31 11:03:44.0250 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/10/31 11:03:44.0375 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/10/31 11:03:44.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/31 11:03:44.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/31 11:03:44.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/31 11:03:44.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/31 11:03:45.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/31 11:03:45.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/31 11:03:45.0281 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/31 11:03:45.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/31 11:03:45.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/31 11:03:45.0718 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
    2010/10/31 11:03:45.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/31 11:03:46.0109 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/31 11:03:46.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/31 11:03:46.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/31 11:03:46.0500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/10/31 11:03:46.0687 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
    2010/10/31 11:03:46.0734 SjyPkt - detected Unsigned file (1)
    2010/10/31 11:03:46.0781 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/10/31 11:03:46.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/31 11:03:47.0031 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/31 11:03:47.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/31 11:03:47.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/31 11:03:47.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/31 11:03:47.0687 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/10/31 11:03:47.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/10/31 11:03:47.0968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/10/31 11:03:48.0078 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/10/31 11:03:48.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/31 11:03:48.0406 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/31 11:03:48.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/31 11:03:48.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/31 11:03:48.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/31 11:03:48.0890 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/10/31 11:03:49.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/31 11:03:49.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/10/31 11:03:49.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/31 11:03:49.0468 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/10/31 11:03:49.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/31 11:03:49.0718 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/31 11:03:49.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/31 11:03:50.0000 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/10/31 11:03:50.0125 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/31 11:03:50.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/31 11:03:50.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/31 11:03:50.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/31 11:03:50.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/31 11:03:50.0812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/10/31 11:03:50.0906 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/10/31 11:03:51.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/31 11:03:51.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/31 11:03:51.0343 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2010/10/31 11:03:51.0437 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    2010/10/31 11:03:51.0593 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/31 11:03:51.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/31 11:03:51.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/31 11:03:52.0078 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/10/31 11:03:52.0093 ================================================================================
    2010/10/31 11:03:52.0093 Scan finished
    2010/10/31 11:03:52.0093 ================================================================================
    2010/10/31 11:03:52.0203 Detected object count: 4
    2010/10/31 11:04:08.0703 Unsigned file(EAPPkt) - User select action: Skip
    2010/10/31 11:04:08.0718 Unsigned file(NVR0Dev) - User select action: Skip
    2010/10/31 11:04:08.0718 Unsigned file(SjyPkt) - User select action: Skip
    2010/10/31 11:04:08.0750 \HardDisk0\MBR - will be cured after reboot
    2010/10/31 11:04:08.0750 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
    2010/10/31 11:04:12.0250 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Very good :)

    I still need MBRCheck log.
  9. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Sorry about that, for some strange reason it said my post needed mod approval while yesterday it posted right up. And I just got home.
    Heres the MBRCheck log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 138):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xB9F00000 nvrd32.sys
    0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
    0xBA0D8000 VolSnap.sys
    0xB9EE8000 atapi.sys
    0xB9ECB000 nvgts.sys
    0xB9EB3000 \WINDOWS\system32\drivers\SCSIPORT.SYS
    0xBA0E8000 disk.sys
    0xB9E93000 fltmgr.sys
    0xB9E81000 sr.sys
    0xBA5AE000 DLACDBHM.SYS
    0xB9E6A000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9E53000 KSecDD.sys
    0xB9DC6000 Ntfs.sys
    0xB9D99000 NDIS.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D7F000 Mup.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB84A0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB848C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA430000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB8468000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8445000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB841D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB8336000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xBA71E000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB95CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB831F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB830E000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB82DE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8C47000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8280000 \SystemRoot\system32\DRIVERS\update.sys
    0xB95B0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB695B000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB694B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB8BB7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA62C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB16D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB16AD000 \SystemRoot\system32\drivers\portcls.sys
    0xBA228000 \SystemRoot\system32\drivers\drmk.sys
    0xB44F5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xAD43C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA74F000 \SystemRoot\System32\Drivers\Null.SYS
    0xAD43A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xAB3F9000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xAB3F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xAB3E9000 \SystemRoot\System32\drivers\vga.sys
    0xAD438000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xAD436000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xAAFCC000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xAAFC4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xACDDC000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA551000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA4F8000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAA4D2000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAA4AB000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xAB0AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAB09C000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xAA483000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAB08C000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAA461000 \SystemRoot\System32\drivers\afd.sys
    0xAB07C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAA436000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAA3C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAA393000 \SystemRoot\system32\drivers\mfehidk.sys
    0xAAD67000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAB9C5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xAAD37000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xAA36A000 \SystemRoot\system32\DRIVERS\wg111v2.sys
    0xAA359000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xAAFBC000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xAAF64000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xAAFAC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAF524000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB042C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xAA312000 \SystemRoot\System32\Drivers\dump_nvgts.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA584000 \SystemRoot\System32\drivers\Dxapi.sys
    0xAAFA4000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA6E3000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB7817000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA762000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0xAA0F9000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xBA3F0000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xB1635000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xB688F000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xB68CF000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0xAA0E3000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0xAA0CC000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0xAA093000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
    0xB1621000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9F9E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA9F11000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB20FB000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA9EB9000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA88BC000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBA4B0000 \??\C:\WINDOWS\nvoclock.sys
    0xAD3F4000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA85A2000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xBA268000 \SystemRoot\system32\drivers\mfesmfk.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    632 C:\WINDOWS\system32\smss.exe
    852 csrss.exe
    876 C:\WINDOWS\system32\winlogon.exe
    928 C:\WINDOWS\system32\services.exe
    940 C:\WINDOWS\system32\lsass.exe
    1164 C:\WINDOWS\system32\svchost.exe
    1208 svchost.exe
    1352 C:\WINDOWS\system32\svchost.exe
    1568 svchost.exe
    1628 svchost.exe
    1848 C:\WINDOWS\system32\LEXBCES.EXE
    1880 C:\WINDOWS\system32\spoolsv.exe
    1896 C:\WINDOWS\system32\LEXPPS.EXE
    128 svchost.exe
    156 C:\WINDOWS\system32\svchost.exe
    196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    236 C:\Program Files\Bonjour\mDNSResponder.exe
    432 C:\Program Files\Java\jre6\bin\jqs.exe
    536 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    808 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    1264 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    1284 C:\WINDOWS\explorer.exe
    1432 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    1644 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    280 C:\Program Files\McAfee\MPF\MpfSrv.exe
    528 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    784 C:\WINDOWS\system32\nvsvc32.exe
    900 C:\WINDOWS\system32\PnkBstrA.exe
    1996 C:\WINDOWS\system32\nvraidservice.exe
    2132 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2156 C:\WINDOWS\system32\svchost.exe
    2244 C:\Program Files\iTunes\iTunesHelper.exe
    2288 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2512 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    2736 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2824 C:\WINDOWS\system32\ctfmon.exe
    2948 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    3512 C:\WINDOWS\system32\wuauclt.exe
    1500 C:\Program Files\iPod\bin\iPodService.exe
    2588 wmiprvse.exe
    2748 alg.exe
    3164 wmiprvse.exe
    3552 C:\WINDOWS\system32\wbem\unsecapp.exe
    3344 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    448 C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT725032VLA360, Rev: V54OA73A

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
    SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  10. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Your MBR seems to be infected as well...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  11. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Broni, thanks for the continued help.
    Two questions, does it have to be a CD, can I use DVDs?
    And after going through the above steps, must I go back into the bios and change it back to hard drive boot?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    I never tried DVD, but if you don't mind wasting one, go ahead and let me know, if it worked.
    As for your other question - no.
  13. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Well I'm not sure if I have DVDs or CDs handy, so I was just wondering. I'm about to go on a house hunt for them after dinner/the World Series game ends. Not trying to hate if your a Rangers guy but I'm in San Francisco and GIANTS, BABY! :grinthumb
  14. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    I live near SF, however, I came from Europe a while ago, so football (soccer) all the way here :)
    I know nothing about baseball, but since all my friends are going crazy about Giants, so be it!
  15. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Yay heres the redone MBRCheck log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 139):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xB9F00000 nvrd32.sys
    0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
    0xBA0D8000 VolSnap.sys
    0xB9EE8000 atapi.sys
    0xB9ECB000 nvgts.sys
    0xB9EB3000 \WINDOWS\system32\drivers\SCSIPORT.SYS
    0xBA0E8000 disk.sys
    0xB9E93000 fltmgr.sys
    0xB9E81000 sr.sys
    0xBA5AE000 DLACDBHM.SYS
    0xB9E6A000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9E53000 KSecDD.sys
    0xB9DC6000 Ntfs.sys
    0xB9D99000 NDIS.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D7F000 Mup.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB84D3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB84BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA458000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB849B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA148000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8478000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB8450000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB8369000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xBA75A000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB95FF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8352000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8341000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8311000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8C7A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5DA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB82B3000 \SystemRoot\system32\DRIVERS\update.sys
    0xB95E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8C5A000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB8C3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB42F4000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB42D0000 \SystemRoot\system32\drivers\portcls.sys
    0xB6A5D000 \SystemRoot\system32\drivers\drmk.sys
    0xB8128000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA646000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA70B000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA648000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA400000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA3B0000 \SystemRoot\System32\drivers\vga.sys
    0xBA64A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA64C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA408000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA3A0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB3F45000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB14C5000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB146C000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB1445000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xB141F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB13F7000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB13D5000 \SystemRoot\System32\drivers\afd.sys
    0xB6A2D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB13AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB133A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB1307000 \SystemRoot\system32\drivers\mfehidk.sys
    0xB6A1D000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB3CE1000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xAD372000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xAD68B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xABB95000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAAB4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xAA2E1000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAAB3F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0xA9FF1000 \SystemRoot\System32\Drivers\dump_nvgts.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA20B000 \SystemRoot\System32\drivers\Dxapi.sys
    0xAA5DB000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA724000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xADAE0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xB380D000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0xA9DD8000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xBA388000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xAF88C000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xB3F1A000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xBA450000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0xA9DC2000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0xA9DAB000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0xA9D9A000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
    0xAD6A3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9D45000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA9CE0000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAFF42000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA9BEA000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8663000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB3F02000 \??\C:\WINDOWS\nvoclock.sys
    0xADF8C000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA8519000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xA8428000 \SystemRoot\system32\DRIVERS\wg111v2.sys
    0xA84C1000 \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
    0xA85E3000 \SystemRoot\system32\drivers\mfesmfk.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    640 C:\WINDOWS\system32\smss.exe
    692 csrss.exe
    716 C:\WINDOWS\system32\winlogon.exe
    764 C:\WINDOWS\system32\services.exe
    776 C:\WINDOWS\system32\lsass.exe
    972 C:\WINDOWS\system32\svchost.exe
    1020 svchost.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1188 svchost.exe
    1212 svchost.exe
    1360 C:\WINDOWS\system32\LEXBCES.EXE
    1396 C:\WINDOWS\system32\LEXPPS.EXE
    1384 C:\WINDOWS\system32\spoolsv.exe
    1544 svchost.exe
    1576 C:\WINDOWS\system32\svchost.exe
    1588 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1628 C:\Program Files\Bonjour\mDNSResponder.exe
    1728 C:\Program Files\Java\jre6\bin\jqs.exe
    1868 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1936 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    1972 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    2024 C:\WINDOWS\explorer.exe
    312 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    320 C:\WINDOWS\system32\nvraidservice.exe
    328 C:\Program Files\McAfee.com\Agent\mcagent.exe
    412 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    532 C:\Program Files\McAfee\MPF\MpfSrv.exe
    548 C:\Program Files\iTunes\iTunesHelper.exe
    404 C:\Program Files\AIM\aim.exe
    620 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    688 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    736 C:\WINDOWS\system32\ctfmon.exe
    1100 C:\WINDOWS\system32\nvsvc32.exe
    1328 C:\WINDOWS\system32\PnkBstrA.exe
    1552 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    1788 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    2224 C:\WINDOWS\system32\svchost.exe
    2300 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2368 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    3120 C:\Program Files\iPod\bin\iPodService.exe
    3152 wmiprvse.exe
    3508 alg.exe
    3516 C:\WINDOWS\system32\wbem\unsecapp.exe
    2792 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    3036 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    2044 C:\WINDOWS\system32\svchost.exe
    196 C:\Program Files\Mozilla Firefox\firefox.exe
    1768 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    1144 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5072 C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT725032VLA360, Rev: V54OA73A

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  16. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Looks good :)
    BTW, did you use CD, or DVD?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  17. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    ok I'll get to Combofix, but I'll answer your question first
    I found CDs lying around so I was a bit lazy to look for DVDs to test it out
    sorry about that
  18. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    That's fine :)
  19. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Uh-oh I just used ComboFix pretty much how your steps put it
    disabled EVERYTHING in McAfee SecurityCenter, but the ones that prompted me I put to re-enable on computer restart.
    Anyways at step/stage (whatever it called it I dont remember) 3 there was a McAfee pop-up informing me that it had blocked/removed a suspected trojan or worm (basically something bad)
    It disappeared faster than I could read it
    after that ComboFix kept scanning and I turned my monitor off to go away a bit.
    I came back and turned on my monitor to see the blue screen that says the computer turned off to prevent damage (BSOD?)
    I was wondering if this has ever occurred with COmboFix before? I've yet to re-run it.
  20. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Try to run Combofix from Safe Mode.
  21. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    would I still need to disable McAfee from in Safe mode?
  22. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    No.........
  23. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    uh-oh BSOD even from Safe Mode
  24. Broni

    Broni Malware Annihilator Posts: 46,765   +254

    Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Now, run broni.exe

    If normal mode still fails, run ALL three tools from Safe Mode.
  25. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Sorry, I'm really busy with school but I'll get to this ASAP.
    In the mean time I'm hoping leaving the infected computer off will stop any possible activity.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.