|
-
November 29th, 2010, 11:32 AM
#1
[Inactive] Parents computer infected with Thinkpoint
My parents computer somehow got the rogue Thinkpoint fake scanner. I was hoping someone can take a look and see if I done everything to get rid of this
Here are the steps taken on the infected computer.
I opened Task Manager to quit the Thinkpoint, on the Processes tab, I scrolled down to find 'hotfixes' from the list and ended the task. Then I opened new task 'explorer' to bring up the Desktop. Then downloaded Antimalwarebytes and updated the program and scanned the entire C drive. Here are the logs below.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/29/2010 9:06:38 AM
mbam-log-2010-11-29 (09-06-38).txt
Scan type: Full scan (C:\|)
Objects scanned: 316379
Time elapsed: 55 minute(s), 42 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
C:\Documents and Settings\CrossFamily\Local Settings\Temp\dwm.exe (Trojan.Agent.Gen) -> Unloaded process successfully.
C:\Documents and Settings\CrossFamily\Application Data\Microsoft\svchost.exe (Trojan.Agent.Gen) -> Unloaded process successfully.
C:\Documents and Settings\CrossFamily\Application Data\Microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\bdlsypia.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ugeduxekuvayadep (Trojan.Hiloti) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\CrossFamily\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\bdlsypia.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\CrossFamily\Local Settings\Temp\dwm.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Application Data\Microsoft\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Application Data\Microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Local Settings\Application Data\654046.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Local Settings\Application Data\654047.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Local Settings\Application Data\657250.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Local Settings\Application Data\657251.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Local Settings\Temp\0.7416719995579742.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C980A5-EEB0-41BA-8431-59CDB4E7BA24}\RP1035\A0186406.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C980A5-EEB0-41BA-8431-59CDB4E7BA24}\RP1037\A0186477.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{56C980A5-EEB0-41BA-8431-59CDB4E7BA24}\RP1038\A0186528.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP00000012D2DD7B85DE190882 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Desktop\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
C:\Documents and Settings\CrossFamily\Start Menu\Programs\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
DDS (Ver_10-11-10.01) - NTFSx86
Run by CrossFamily at 9:18:13.01 on Mon 11/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.524 [GMT -6:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Photo Scanner\DigiPhoto.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CrossFamily\Local Settings\Temporary Internet Files\Content.IE5\UWFIZBAF\dds[1].pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - c:\program files\myfreezetoolbar\myfreezedx.dll
BHO: Dictionary.com: {11359f4a-b191-42d7-905a-594f8cf0387b} - c:\windows\downloaded program files\conflict.1\lexbar.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files\myfreezetoolbar\auxi\myfreezetoolbAu.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Dictionary.com: {11359f4a-b191-42d7-905a-594f8cf0387b} - c:\windows\downloaded program files\conflict.1\lexbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - c:\program files\myfreezetoolbar\myfreezedx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\crossf~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digiph~1.lnk - c:\program files\photo scanner\DigiPhoto.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Search &Dictionary - c:\program files\lexico\toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\lexico\toolbar\thesaurus.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - hxxp://dictionary.reference.com/tools/toolbar/lexico.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [2008-12-24 3264]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\U2KG54.SYS [2008-12-24 245376]
=============== Created Last 30 ================
2010-11-29 14:09:34 -------- d-----w- c:\docume~1\crossf~1\applic~1\Malwarebytes
2010-11-29 14:09:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 14:09:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 14:09:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-29 14:09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 12:12:26 854 ----a-w- c:\windows\ijazeyes.dll
2010-11-29 12:10:32 278 ----a-w- c:\docume~1\crossf~1\applic~1\agtyjkj.bat
2010-11-29 01:05:07 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{87cd2c43-a06f-4c10-b14f-0c22a217aca4}\mpengine.dll
2010-11-25 01:47:08 -------- d-----w- c:\docume~1\crossf~1\locals~1\applic~1\Yahoo
==================== Find3M ====================
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 9:19:02.70 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2007 4:22:20 PM
System Uptime: 11/29/2010 9:08:32 AM (0 hours ago)
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 264.453 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Service: ati2mtag
==== System Restore Points ===================
RP940: 8/31/2010 9:05:30 AM - Software Distribution Service 3.0
RP941: 9/1/2010 9:50:53 AM - System Checkpoint
RP942: 9/2/2010 6:57:58 AM - Software Distribution Service 3.0
RP943: 9/3/2010 7:01:08 AM - System Checkpoint
RP944: 9/4/2010 6:00:12 AM - Software Distribution Service 3.0
RP945: 9/5/2010 6:55:38 AM - System Checkpoint
RP946: 9/6/2010 4:57:44 AM - Software Distribution Service 3.0
RP947: 9/7/2010 5:35:09 AM - Software Distribution Service 3.0
RP948: 9/8/2010 5:56:08 AM - Software Distribution Service 3.0
RP949: 9/9/2010 6:57:24 AM - Software Distribution Service 3.0
RP950: 9/10/2010 7:17:41 AM - System Checkpoint
RP951: 9/10/2010 3:05:26 PM - Software Distribution Service 3.0
RP952: 9/11/2010 3:54:07 PM - System Checkpoint
RP953: 9/12/2010 5:53:16 AM - Software Distribution Service 3.0
RP954: 9/13/2010 6:21:40 AM - System Checkpoint
RP955: 9/14/2010 5:07:27 AM - Software Distribution Service 3.0
RP956: 9/14/2010 5:16:20 AM - Software Distribution Service 3.0
RP957: 9/15/2010 5:48:20 AM - Software Distribution Service 3.0
RP958: 9/15/2010 8:25:54 PM - Software Distribution Service 3.0
RP959: 9/16/2010 8:30:47 PM - System Checkpoint
RP960: 9/17/2010 5:12:45 AM - Software Distribution Service 3.0
RP961: 9/18/2010 5:07:41 AM - Software Distribution Service 3.0
RP962: 9/19/2010 5:10:53 AM - System Checkpoint
RP963: 9/20/2010 5:01:22 AM - Software Distribution Service 3.0
RP964: 9/21/2010 5:49:29 AM - Software Distribution Service 3.0
RP965: 9/22/2010 6:00:53 AM - System Checkpoint
RP966: 9/22/2010 9:45:41 AM - Software Distribution Service 3.0
RP967: 9/23/2010 10:26:30 AM - System Checkpoint
RP968: 9/24/2010 10:35:13 AM - System Checkpoint
RP969: 9/25/2010 5:25:53 AM - Software Distribution Service 3.0
RP970: 9/26/2010 6:20:00 AM - Software Distribution Service 3.0
RP971: 9/27/2010 6:24:04 AM - System Checkpoint
RP972: 9/28/2010 4:58:51 AM - Software Distribution Service 3.0
RP973: 9/29/2010 5:13:18 AM - Software Distribution Service 3.0
RP974: 9/29/2010 8:06:52 PM - Software Distribution Service 3.0
RP975: 9/30/2010 5:23:03 AM - Software Distribution Service 3.0
RP976: 10/1/2010 5:49:26 AM - Software Distribution Service 3.0
RP977: 10/2/2010 6:14:17 AM - Software Distribution Service 3.0
RP978: 10/3/2010 7:15:30 AM - Software Distribution Service 3.0
RP979: 10/4/2010 7:20:05 AM - System Checkpoint
RP980: 10/5/2010 6:35:52 AM - Software Distribution Service 3.0
RP981: 10/5/2010 8:10:08 PM - Software Distribution Service 3.0
RP982: 10/7/2010 5:19:20 AM - Software Distribution Service 3.0
RP983: 10/8/2010 5:36:34 AM - Software Distribution Service 3.0
RP984: 10/9/2010 5:57:52 AM - Software Distribution Service 3.0
RP985: 10/10/2010 9:26:23 AM - Software Distribution Service 3.0
RP986: 10/11/2010 9:21:08 AM - Software Distribution Service 3.0
RP987: 10/12/2010 9:54:16 AM - System Checkpoint
RP988: 10/13/2010 6:03:25 AM - Software Distribution Service 3.0
RP989: 10/14/2010 3:00:21 AM - Software Distribution Service 3.0
RP990: 10/15/2010 6:33:38 AM - Software Distribution Service 3.0
RP991: 10/16/2010 7:31:42 AM - System Checkpoint
RP992: 10/17/2010 6:46:51 AM - Software Distribution Service 3.0
RP993: 10/18/2010 7:11:36 AM - Software Distribution Service 3.0
RP994: 10/19/2010 7:36:40 AM - System Checkpoint
RP995: 10/20/2010 7:04:55 AM - Software Distribution Service 3.0
RP996: 10/21/2010 7:22:55 AM - System Checkpoint
RP997: 10/22/2010 6:36:57 AM - Software Distribution Service 3.0
RP998: 10/23/2010 7:10:15 AM - System Checkpoint
RP999: 10/23/2010 7:57:56 AM - Software Distribution Service 3.0
RP1000: 10/24/2010 8:52:21 AM - System Checkpoint
RP1001: 10/25/2010 5:16:38 AM - Software Distribution Service 3.0
RP1002: 10/26/2010 6:48:40 AM - Software Distribution Service 3.0
RP1003: 10/27/2010 7:28:20 AM - Software Distribution Service 3.0
RP1004: 10/28/2010 7:53:45 AM - System Checkpoint
RP1005: 10/29/2010 7:16:08 AM - Software Distribution Service 3.0
RP1006: 10/30/2010 7:40:10 AM - Software Distribution Service 3.0
RP1007: 10/31/2010 8:38:21 AM - System Checkpoint
RP1008: 11/1/2010 7:16:00 AM - Software Distribution Service 3.0
RP1009: 11/2/2010 7:21:59 AM - System Checkpoint
RP1010: 11/3/2010 6:32:07 AM - Software Distribution Service 3.0
RP1011: 11/4/2010 7:16:55 AM - System Checkpoint
RP1012: 11/5/2010 5:43:09 AM - Software Distribution Service 3.0
RP1013: 11/6/2010 6:48:36 AM - Software Distribution Service 3.0
RP1014: 11/7/2010 6:59:21 AM - Software Distribution Service 3.0
RP1015: 11/8/2010 7:11:20 AM - System Checkpoint
RP1016: 11/9/2010 5:05:12 AM - Software Distribution Service 3.0
RP1017: 11/10/2010 6:10:08 AM - Software Distribution Service 3.0
RP1018: 11/10/2010 7:06:53 PM - Software Distribution Service 3.0
RP1019: 11/11/2010 6:58:56 AM - Software Distribution Service 3.0
RP1020: 11/12/2010 7:30:41 AM - System Checkpoint
RP1021: 11/13/2010 7:22:38 AM - Software Distribution Service 3.0
RP1022: 11/14/2010 7:42:31 AM - System Checkpoint
RP1023: 11/15/2010 5:23:45 AM - Software Distribution Service 3.0
RP1024: 11/16/2010 6:45:09 AM - Software Distribution Service 3.0
RP1025: 11/17/2010 7:27:29 AM - System Checkpoint
RP1026: 11/18/2010 6:06:19 AM - Software Distribution Service 3.0
RP1027: 11/19/2010 7:09:47 AM - Software Distribution Service 3.0
RP1028: 11/20/2010 7:18:50 AM - System Checkpoint
RP1029: 11/21/2010 6:18:07 AM - Software Distribution Service 3.0
RP1030: 11/21/2010 8:51:05 AM - Software Distribution Service 3.0
RP1031: 11/22/2010 8:58:35 AM - System Checkpoint
RP1032: 11/23/2010 6:55:12 AM - Software Distribution Service 3.0
RP1033: 11/24/2010 7:05:01 AM - Software Distribution Service 3.0
RP1034: 11/25/2010 7:27:14 AM - System Checkpoint
RP1035: 11/26/2010 7:26:48 AM - Software Distribution Service 3.0
RP1036: 11/27/2010 7:51:58 AM - System Checkpoint
RP1037: 11/27/2010 9:27:56 AM - Software Distribution Service 3.0
RP1038: 11/28/2010 9:24:40 AM - Software Distribution Service 3.0
RP1039: 11/28/2010 7:05:04 PM - Software Distribution Service 3.0
RP1040: 11/29/2010 8:01:56 AM - Installed Connect Service
==== Installed Programs ======================
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0
ABBYY FineReader OCR Engine for Microtek
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.5
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Big Fish Games Client
Bonjour
Broadcom Gigabit Integrated Controller
CCScore
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Family Tree Maker Version 16
fflink
Google Toolbar for Internet Explorer
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Information Please Almanac
InstallMgr
Intel(R) 537EP V9x DF PCI Modem
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KB408682
Kodak EasyShare software
LG USB Modem driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint North America 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Thunderbird (2.0.0.24)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Oasis
My.Freeze.com Toolbar (Remove Toolbar Only)
MyDVD
netbrdg
OfotoXMI
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Photo Scanner Software
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
ScanWizard 5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Shop to Win 2
skin0001
SKINXSDK
Sonic DLA
Sound Blaster Live! 24-bit
SpywareBlaster 4.1
staticcr
The Merriam-Webster Reference Library
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VPRINTOL
WeatherBug
WebFldrs XP
Webshots Desktop
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
11/29/2010 9:09:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
11/29/2010 8:01:40 AM, error: System Error [1003] - Error code 00008086, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
11/29/2010 8:00:27 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/29/2010 7:44:51 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 00:07:E9:7B:E3:78. Network operations on this system may be disrupted as a result.
11/29/2010 7:07:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0011116458C5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Eric
-
November 29th, 2010, 10:49 PM
#2
You did well 
I still need other logs (GMER, MBRCheck).
-
November 30th, 2010, 01:11 AM
#3
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7B24000 \WINDOWS\system32\KDCOM.DLL
0xF7A34000 \WINDOWS\system32\BOOTVID.dll
0xF75D5000 ACPI.sys
0xF7B26000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75C4000 pci.sys
0xF7624000 isapnp.sys
0xF7BEC000 PCIIde.sys
0xF78A4000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7B28000 intelide.sys
0xF7634000 MountMgr.sys
0xF75A5000 ftdisk.sys
0xF7B2A000 dmload.sys
0xF757F000 dmio.sys
0xF78AC000 PartMgr.sys
0xF7644000 VolSnap.sys
0xF7567000 atapi.sys
0xF74F4000 iaStor.sys
0xF7654000 disk.sys
0xF7664000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74D4000 fltmgr.sys
0xF74C2000 sr.sys
0xF74AD000 drvmcdb.sys
0xF7496000 KSecDD.sys
0xF7483000 WudfPf.sys
0xF73F6000 Ntfs.sys
0xF73C9000 NDIS.sys
0xF73AF000 Mup.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF635C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6348000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF631A000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7984000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF62F6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF798C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF62D3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF61AC000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF6117000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF7994000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF799C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6049000 \SystemRoot\system32\drivers\P17.sys
0xF6025000 \SystemRoot\system32\drivers\portcls.sys
0xF76F4000 \SystemRoot\system32\drivers\drmk.sys
0xF5FF9000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xF5FD9000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xF79A4000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5FC5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7704000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6B56000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7B80000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF6B52000 \SystemRoot\system32\drivers\pfc.sys
0xF7714000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7724000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7744000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7C45000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7734000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5FAE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7754000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7764000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79B4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5F9D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7774000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79C4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5F6D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7784000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5F0F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AD8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77F4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9926000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BE2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xED859000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xECF4C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8819000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB8E31000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB79F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CCC000 \SystemRoot\System32\Drivers\Null.SYS
0xB757A000 \SystemRoot\System32\Drivers\Beep.SYS
0xED1D2000 \SystemRoot\system32\drivers\ssrtln.sys
0xED202000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xECF34000 \SystemRoot\System32\drivers\vga.sys
0xB7578000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB7576000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xECF2C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xECF3C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8582000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5154000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB50FB000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB50D3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB50B1000 \SystemRoot\System32\drivers\afd.sys
0xB7DD0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5086000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7BF6000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB5016000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB7DB0000 \SystemRoot\System32\Drivers\Fips.SYS
0xAFCA3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB106A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB17C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB105A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB17C3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB1248000 \SystemRoot\system32\DRIVERS\point32.sys
0xB17BB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB17B7000 \??\C:\WINDOWS\system32\BUFADPT.SYS
0xB0997000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAFC30000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1104000 \SystemRoot\System32\drivers\Dxapi.sys
0xB1238000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAFCE3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF34D000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB51E7000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C05000 \SystemRoot\system32\dla\tfsndres.sys
0xADC1A000 \SystemRoot\system32\dla\tfsnifs.sys
0xF736E000 \SystemRoot\system32\dla\tfsnopio.sys
0xB7A02000 \SystemRoot\system32\dla\tfsnpool.sys
0xB0DBD000 \SystemRoot\system32\dla\tfsnboio.sys
0xB51D7000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C06000 \SystemRoot\system32\dla\tfsndrct.sys
0xADC01000 \SystemRoot\system32\dla\tfsnudf.sys
0xADBE8000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB085D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADAD4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xADABF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7824000 \SystemRoot\system32\drivers\sysaudio.sys
0xAD8D4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB5507000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAD935000 \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
0xF7854000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xAD5FC000 \SystemRoot\system32\DRIVERS\srv.sys
0xAD1FB000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD4D8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 55):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\ati2evxx.exe
952 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1124 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1164 C:\WINDOWS\system32\svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1520 C:\WINDOWS\explorer.exe
1572 svchost.exe
1732 svchost.exe
1860 C:\WINDOWS\system32\spoolsv.exe
532 C:\WINDOWS\system32\rundll32.exe
572 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
580 C:\WINDOWS\system32\dla\tfswctrl.exe
592 C:\Program Files\Microsoft IntelliType Pro\itype.exe
444 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
616 C:\Program Files\Microsoft Security Essentials\msseces.exe
824 C:\WINDOWS\system32\ctfmon.exe
896 C:\Program Files\AWS\WeatherBug\Weather.exe
980 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1140 C:\Program Files\Photo Scanner\DigiPhoto.exe
1272 svchost.exe
1492 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1552 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
1600 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1744 C:\Program Files\Bonjour\mDNSResponder.exe
1232 C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
1964 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2036 C:\WINDOWS\system32\CTSVCCDA.EXE
2112 C:\PROGRA~1\Webshots\Webshots.scr
2204 C:\Program Files\Java\jre6\bin\jqs.exe
2324 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2508 C:\WINDOWS\system32\svchost.exe
2620 C:\WINDOWS\system32\MsPMSPSv.exe
2672 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3636 alg.exe
2832 C:\WINDOWS\system32\mshta.exe
552 C:\WINDOWS\system32\mshta.exe
1056 C:\WINDOWS\system32\mshta.exe
904 C:\WINDOWS\system32\mshta.exe
1836 C:\WINDOWS\system32\mshta.exe
2200 C:\WINDOWS\system32\mshta.exe
3796 C:\WINDOWS\system32\mshta.exe
524 C:\WINDOWS\system32\mshta.exe
640 C:\WINDOWS\system32\mshta.exe
2804 C:\Program Files\Internet Explorer\iexplore.exe
3732 C:\Program Files\Internet Explorer\iexplore.exe
1772 C:\Program Files\Internet Explorer\iexplore.exe
608 C:\Documents and Settings\CrossFamily\Local Settings\Temporary Internet Files\Content.IE5\MLC8K9RQ\MBRCheck[1].exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200AAKS-00VYA0, Rev: 12.01B02
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Eric
-
December 1st, 2010, 01:26 AM
#4
Still waiting for GMER log.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
