Jump to content

Sirefef Rootkit, Attn: Aaflac


triger49
 Share

Recommended Posts

Hi; here are the DDS logs...thanks again!

 

DDS.TXT

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Alice at 7:12:13 on 2011-09-05

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.631 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.toshiba.com/search

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uURLSearchHooks: N/A: {e7472076-ff9d-4325-8eaf-613572008758} - c:\program files\dictionaryboss\bar\1.bin\v4SrcAs.dll

uURLSearchHooks: N/A: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - c:\program files\dailybibleguide\bar\1.bin\2vSrcAs.dll

uURLSearchHooks: Conduit Apps Toolbar: {e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97} - c:\program files\conduit_apps\prxtbCon0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Conduit Apps Toolbar: {e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97} - c:\program files\conduit_apps\prxtbCon0.dll

TB: DictionaryBoss: {3042df7a-e900-4389-9b94-923df0daa57e} - c:\program files\dictionaryboss\bar\1.bin\v4bar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Conduit Apps Toolbar: {e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97} - c:\program files\conduit_apps\prxtbCon0.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [DW6]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TPSMain] TPSMain.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TDispVol] TDispVol.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe

mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: &Search - http://tbedits.daily...66&n=2011072219

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6BC9AD25-6E7D-4B4A-A143-46C924A43637} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\alice\application data\mozilla\firefox\profiles\lwxgy2s0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll

FF - plugin: c:\program files\dictionaryboss\bar\1.bin\NPv4Stub.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: extentions.y2layers.installId - 8e7bd9ee-f97d-4216-8b25-4a7514fdca52

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-15 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-15 309848]

R1 SASDIFSV;SASDIFSV;c:\docume~1\alice\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\docume~1\alice\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-16 392824]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-15 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-15 42184]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 49414;49414;c:\windows\system32\49414.sys [2011-8-15 54624]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 cpuz134;cpuz134;\??\c:\docume~1\alice\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\alice\locals~1\temp\cpuz134\cpuz134_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]

.

=============== Created Last 30 ================

.

2011-09-04 16:41:11 -------- d-----w- c:\documents and settings\alice\application data\SUPERAntiSpyware.com

2011-09-04 16:41:10 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-08-24 19:43:33 -------- d-----w- c:\program files\ESET

2011-08-19 01:38:36 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

2011-08-18 22:44:56 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-08-15 15:22:14 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-15 15:21:34 40112 ----a-w- c:\windows\avastSS.scr

2011-08-15 15:11:24 54624 ----a-w- c:\windows\system32\49414.sys

2011-08-15 00:28:32 -------- d-----w- C:\bd_logs

2011-08-14 14:06:58 -------- d-----w- c:\windows\pss

2011-08-11 19:06:52 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-08-10 21:43:57 -------- d-----w- c:\documents and settings\alice\.realobjects

.

==================== Find3M ====================

.

2011-08-24 15:57:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-14 14:13:07 90112 ----a-w- c:\windows\DUMP3690.tmp

2011-08-14 13:09:31 90112 ----a-w- c:\windows\DUMP4650.tmp

2011-08-14 13:08:50 90112 ----a-w- c:\windows\DUMP440d.tmp

2011-08-14 13:06:48 90112 ----a-w- c:\windows\DUMP42e5.tmp

2011-08-14 13:05:25 90112 ----a-w- c:\windows\DUMP4277.tmp

2011-07-31 15:09:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-19 03:18:59 1409 ----a-w- c:\windows\QTFont.for

2011-07-16 08:36:55 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 7:13:12.15 ===============

 

Attach.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/16/2011 1:37:42 AM

System Uptime: 9/5/2011 7:00:17 AM (0 hours ago)

.

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U2E1 | 1596/mhz

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U2E1 | 1596/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 277.808 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 7/16/2011 1:37:52 AM - System Checkpoint

RP2: 7/16/2011 3:18:07 AM - Installed Windows XP KB932823-v3.

RP3: 7/16/2011 3:24:12 AM - Installed Windows Internet Explorer 8.

RP4: 7/16/2011 3:48:50 AM - avast! Free Antivirus Setup

RP5: 7/16/2011 4:18:39 AM - ZoneAlarm

RP6: 7/16/2011 12:16:53 PM - Installed Zune Desktop Theme

RP7: 7/16/2011 7:37:17 PM - Removed Adobe Reader 7.0

RP8: 7/16/2011 7:38:01 PM - Installed Adobe Reader X (10.1.0).

RP9: 7/17/2011 7:48:53 PM - System Checkpoint

RP10: 7/19/2011 7:20:14 AM - System Checkpoint

RP11: 7/20/2011 8:35:28 AM - System Checkpoint

RP12: 7/21/2011 5:19:36 PM - System Checkpoint

RP13: 7/22/2011 6:12:25 PM - System Checkpoint

RP14: 7/22/2011 7:28:42 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP15: 7/22/2011 7:53:14 PM - Installed iFinger

RP16: 7/22/2011 7:59:37 PM - Removed iFinger

RP17: 7/22/2011 7:59:58 PM - Removed iFinger

RP18: 7/25/2011 1:23:11 PM - System Checkpoint

RP19: 7/26/2011 6:45:23 PM - System Checkpoint

RP20: 7/27/2011 7:23:22 PM - System Checkpoint

RP21: 7/28/2011 8:41:05 PM - System Checkpoint

RP22: 7/30/2011 7:47:21 AM - System Checkpoint

RP23: 7/31/2011 8:18:53 AM - Removed MyConnect Special Offer

RP24: 7/31/2011 8:37:11 AM - Restore Operation

RP25: 7/31/2011 8:45:26 AM - Restore Operation

RP26: 8/1/2011 1:47:09 PM - System Checkpoint

RP27: 8/3/2011 1:07:58 PM - System Checkpoint

RP28: 8/4/2011 2:46:32 PM - System Checkpoint

RP29: 8/5/2011 3:24:46 PM - System Checkpoint

RP30: 8/7/2011 7:37:21 AM - System Checkpoint

RP31: 8/8/2011 8:20:14 AM - System Checkpoint

RP32: 8/9/2011 8:35:33 AM - System Checkpoint

RP33: 8/10/2011 12:32:50 PM - System Checkpoint

RP34: 8/11/2011 5:42:24 AM - avast! Free Antivirus Setup

RP35: 8/11/2011 6:01:49 AM - avast! Free Antivirus Setup

RP36: 8/12/2011 11:29:28 AM - System Checkpoint

RP37: 8/15/2011 7:19:42 AM - System Checkpoint

RP38: 8/15/2011 7:55:24 AM - avast! Free Antivirus Setup

RP39: 8/15/2011 8:21:16 AM - avast! Free Antivirus Setup

RP40: 8/24/2011 1:43:14 PM - System Checkpoint

RP41: 8/27/2011 9:39:25 PM - System Checkpoint

RP42: 9/4/2011 9:22:07 AM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe Acrobat Connect Add-in

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.6

Ask Toolbar

avast! Free Antivirus

Blasterball 2 Revolution

Bluetooth Stack for Windows by Toshiba

CCleaner

CD/DVD Drive Acoustic Silencer

Conduit Apps Toolbar

DVD-RAM Driver

ESET Online Scanner v3

FATE

GemMaster Mystic

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB894871)

Hotfix for Windows XP (KB895200)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD Creator 2

InterVideo WinDVD for TOSHIBA

J2SE Runtime Environment 5.0 Update 4

Macromedia Flash Player 8

Malwarebytes' Anti-Malware version 1.51.1.1800

mCore

mDrWiFi

Metamail (Toshiba Registration Utility)

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Office OneNote 2003

Microsoft Office Standard Edition 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

mIWA

mLogView

mMHouse

Mozilla Firefox 5.0.1 (x86 en-US)

mPfMgr

mPfWiz

mProSafe

mWlsSafe

mXML

MyDefrag v4.3.1

mZConfig

Office 2003 Trial Assistant

Otto

Polar Golfer

QuickTime

RealPlayer Basic

Realtek High Definition Audio Driver

SD Secure Module

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Sonic DLA

Sonic Encoders

Sonic RecordNow!

Spybot - Search & Destroy

swMSM

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Texas Instruments PCIxx21/x515/xx12 drivers.

The Weather Channel Desktop 6

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Game Console

TOSHIBA Hotkey Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

TOSHIBA SD Memory Card Format

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA TouchPad ON/Off Utility

TOSHIBA TV Tuner 4.0.12.73

TOSHIBA Utilities

TOSHIBA Virtual Sound

TOSHIBA Zooming Utility

Update for Windows Media Player 10 (KB910393)

Update for Windows XP (KB894391)

Update for Windows XP (KB912945)

Update for Windows XP (KB932823-v3)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

WebFldrs XP

Winamp (remove only)

Windows iLivid Toolbar

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884018

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885855

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890546

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893056

Windows XP Media Center Edition 2005 KB888316

Windows XP Media Center Edition 2005 KB894553

Windows XP Media Center Edition 2005 KB895678

Windows XP Media Center Edition 2005 KB908250

Yahoo! Music Engine

Yontoo Layers Runtime 1.10.01

ZoneAlarm

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

9/5/2011 7:01:58 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE061CB5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

9/4/2011 8:34:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: meiudf

.

==== End Of File ===========================

Link to comment
Share on other sites

triger49,

 

Thanks for the report!

 

Right off the top, a Rootkit does not appear, but you do have SearchQu showing, and that will cause some problems.

 

Please do the following:

 

If you have ComboFix (CF) already on your Desktop, please remove it! We'll download an updated version.

 

Download ComboFix

 

Save ComboFix.exe to your Desktop!!

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link

 

 

Double-click on ComboFix.exe to run the program.

 

When given the option, DO install the Recovery Console. This program can come in very handy at times.

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

Thanks.

Edited by Aaflac
Link to comment
Share on other sites

Hi;

 

You nailed it .....ZeroAccess Rootkit..... Here is the ComboFix Log...

 

ComboFix 11-09-05.03 - Alice 09/05/2011 17:03:48.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.678 [GMT -7:00]

Running from: c:\documents and settings\Alice\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Alice\Application Data\PriceGong

c:\documents and settings\Alice\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\83.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Alice\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Alice\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini

c:\documents and settings\Alice\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini

c:\documents and settings\Alice\My Documents\~WRL0173.tmp

c:\documents and settings\Alice\My Documents\~WRL1353.tmp

c:\documents and settings\Alice\My Documents\~WRL2018.tmp

c:\documents and settings\Alice\My Documents\~WRL3655.tmp

c:\documents and settings\Alice\WINDOWS

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\Default User\WINDOWS

c:\program files\DailyBibleGuideEI

c:\program files\DictionaryBossEI

c:\windows\$NtUninstallKB57296$

c:\windows\$NtUninstallKB57296$\2068726548

c:\windows\$NtUninstallKB57296$\3015152536\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB57296$\3015152536\L\pavtnywh

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.17e5e154.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.269f8317.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.86175743.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.935cd69c.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.a947503a.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c6ac0d4f.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.cb6c347c.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL12.tmp.a36f932a.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL15.tmp.6f34b02d.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL47.tmp.399291ec.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLBE.tmp.6a051d6c.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLDA.tmp.86ac63e6.ini

c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.9c9a95f4.ini

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))

.

.

2011-09-04 16:41 . 2011-09-04 16:41 -------- d-----w- c:\documents and settings\Alice\Application Data\SUPERAntiSpyware.com

2011-09-04 16:41 . 2011-09-04 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-08-24 19:43 . 2011-08-24 19:43 -------- d-----w- c:\program files\ESET

2011-08-19 01:38 . 2011-08-19 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2011-08-18 22:44 . 2011-08-18 22:46 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-08-15 15:22 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-08-15 15:22 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-08-15 15:22 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-08-15 15:22 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-08-15 15:22 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-15 15:22 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-08-15 15:22 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-08-15 15:22 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-08-15 15:21 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-08-15 15:21 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-08-15 15:11 . 2011-08-15 15:11 54624 ----a-w- c:\windows\system32\49414.sys

2011-08-15 00:28 . 2011-08-15 04:35 -------- d-----w- C:\bd_logs

2011-08-14 20:28 . 2011-08-14 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-08-14 18:14 . 2011-08-14 18:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-08-11 13:08 . 2011-08-11 13:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-08-11 13:03 . 2011-08-11 13:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-08-10 21:43 . 2011-08-10 21:43 -------- d-----w- c:\documents and settings\Alice\.realobjects

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-24 15:57 . 2011-07-20 17:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-14 14:13 . 2011-07-16 13:16 90112 ----a-w- c:\windows\DUMP3690.tmp

2011-08-14 13:09 . 2011-07-16 13:16 90112 ----a-w- c:\windows\DUMP4650.tmp

2011-08-14 13:08 . 2011-07-16 13:16 90112 ----a-w- c:\windows\DUMP440d.tmp

2011-08-14 13:06 . 2011-07-16 13:16 90112 ----a-w- c:\windows\DUMP42e5.tmp

2011-08-14 13:05 . 2011-07-16 13:16 90112 ----a-w- c:\windows\DUMP4277.tmp

2011-07-31 15:09 . 2011-07-30 23:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-19 03:18 . 2011-07-19 03:18 1409 ----a-w- c:\windows\QTFont.for

2011-07-16 13:24 . 2011-07-16 13:24 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

2011-07-16 13:24 . 2011-07-16 08:38 45056 ----a-r- c:\documents and settings\Alice\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

2011-07-16 13:24 . 2011-07-16 08:37 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

2011-07-16 08:36 . 2011-07-16 08:36 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-07-07 02:52 . 2011-07-16 10:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2011-07-16 10:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-08 07:16 . 2011-07-16 11:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}"= "c:\program files\Conduit_Apps\prxtbCon0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}]

2011-05-09 09:49 176936 ----a-w- c:\program files\Conduit_Apps\prxtbCon0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

"{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}"= "c:\program files\Conduit_Apps\prxtbCon0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

"{E3F0F2AD-5A4B-4944-A1BB-B13CF500AA97}"= "c:\program files\Conduit_Apps\prxtbCon0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{e3f0f2ad-5a4b-4944-a1bb-b13cf500aa97}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]

"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-03-11 73728]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"NDSTray.exe"="NDSTray.exe" [bU]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]

2011-07-04 11:43 3493720 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/15/2011 8:22 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/15/2011 8:22 AM 309848]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/15/2011 8:22 AM 19544]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alice\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alice\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alice\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Alice\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2011 6:03 AM 136176]

S3 49414;49414;c:\windows\system32\49414.sys [8/15/2011 8:11 AM 54624]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 cpuz134;cpuz134;\??\c:\docume~1\Alice\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Alice\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2011 6:03 AM 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 13:03]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 13:03]

.

2011-09-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 20:29]

.

2011-09-05 c:\windows\Tasks\User_Feed_Synchronization-{E38F0328-DE24-4CD6-8C3E-FA7C1587481C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Alice\Application Data\Mozilla\Firefox\Profiles\lwxgy2s0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=

FF - user.js: extentions.y2layers.installId - 8e7bd9ee-f97d-4216-8b25-4a7514fdca52

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{e7472076-ff9d-4325-8eaf-613572008758} - c:\program files\DictionaryBoss\bar\1.bin\v4SrcAs.dll

URLSearchHooks-{f15ff29f-85a1-43cd-9674-e5ba40016c97} - c:\program files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll

Toolbar-10 - (no file)

HKCU-Run-DW6 - (no file)

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-05 18:25

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1408)

c:\windows\system32\TDispVol.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\TPSMain.exe

c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\system32\TDispVol.exe

c:\windows\system32\TPSBattM.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\system32\igfxsrvc.exe

c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\TOSHIBA\ConfigFree\CFSServ.exe

c:\windows\AGRSMMSG.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2011-09-05 18:32:56 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-06 01:32

.

Pre-Run: 298,056,151,040 bytes free

Post-Run: 298,063,155,200 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 256992E62D012A4FDAA0A5909CAD476B

Link to comment
Share on other sites

Good job, triger49!! :)

 

Now, please remove any previous download of TDSSKiller (if used) and download the latest version: TDSSKiller.exe

 

Execute the file:

XP - Double-click tdsskiller.exe

 

Press the button: Start Scan

 

The tool scans and detects two object types:

Malicious (where the malware has been identified)

Suspicious (where the malware cannot be identified)

 

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

 

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

 

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

 

After clicking Next/Continue, the tool applies the selected actions.

 

 

A Reboot Required prompt may appear after a disinfection. Please reboot.

 

 

By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

 

Logs have a name like:

C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

 

Please post the TDSSKiller log in your reply.

Edited by Aaflac
Link to comment
Share on other sites

Here it is.....(kind of grabbed a short nap there, pardon me....LOL )

 

ÿþ2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 1 . 0 0 1 5 2 2 6 4 T D S S r o o t k i t r e m o v i n g t o o l 2 . 5 . 1 8 . 0 S e p 5 2 0 1 1 0 9 : 5 3 : 0 9

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 S y s t e m I n f o :

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 O S V e r s i o n : 5 . 1 . 2 6 0 0 S e r v i c e P a c k : 2 . 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 P r o d u c t t y p e : W o r k s t a t i o n

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 C o m p u t e r N a m e : T O S H I B A

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 U s e r N a m e : A l i c e

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 W i n d o w s d i r e c t o r y : C : \ W I N D O W S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 S y s t e m w i n d o w s d i r e c t o r y : C : \ W I N D O W S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 P r o c e s s o r a r c h i t e c t u r e : I n t e l x 8 6

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 N u m b e r o f p r o c e s s o r s : 2

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 P a g e s i z e : 0 x 1 0 0 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 B o o t t y p e : N o r m a l b o o t

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 3 . 0 0 1 5 2 2 6 4 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 1 5 . 0 6 8 7 2 2 6 4 I n i t i a l i z e s u c c e s s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 2 . 0 4 5 3 2 5 0 8 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 2 . 0 4 6 8 2 5 0 8 S c a n s t a r t e d

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 2 . 0 4 6 8 2 5 0 8 M o d e : M a n u a l ;

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 2 . 0 4 6 8 2 5 0 8 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 3 1 2 2 5 0 8 4 9 4 1 4 ( 4 3 b 0 0 7 6 b 3 a b 8 9 9 6 b 8 4 d 2 c c 8 f 9 9 0 b 5 8 2 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ 4 9 4 1 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 3 9 0 2 5 0 8 A a v m k e r 4 ( d f c d d 5 9 3 6 c a d 0 1 3 8 7 7 5 d 5 a 1 0 5 d 4 c 7 7 1 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ A a v m k e r 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 4 5 3 2 5 0 8 A C P I ( a 1 0 c 7 5 3 4 f 7 2 2 3 f 4 a 7 3 a 9 4 8 9 6 7 d 0 0 e 6 9 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ A C P I . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 4 8 4 2 5 0 8 A C P I E C ( 9 8 5 9 c 0 f 6 9 3 6 e 7 2 3 e 4 8 9 2 d 7 1 4 1 b 1 3 2 7 d 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ A C P I E C . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 5 3 1 2 5 0 8 a e c ( 8 4 1 f 3 8 5 c 6 c f a f 6 6 b 5 8 f b d 8 9 8 7 2 2 b b 4 f 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a e c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 5 9 3 2 5 0 8 A e g i s P ( 1 2 d a f d 9 3 4 6 4 1 d c f 6 1 e 4 4 6 3 1 3 b c 2 6 1 e c 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ A e g i s P . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 6 4 0 2 5 0 8 A F D ( 5 a c 4 9 5 f 4 c b 8 0 7 b 2 b 9 8 a d 2 a d 5 9 1 e 6 d 9 2 e ) C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a f d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 5 . 0 8 4 3 2 5 0 8 A g e r e S o f t M o d e m ( b 3 1 9 2 3 7 6 c 7 a 3 8 1 4 b 5 3 4 1 e f c 2 2 0 2 0 2 2 f 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ A G R S M . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 1 7 1 2 5 0 8 A r p 1 3 9 4 ( f 0 d 6 9 2 b 0 b f f b 4 6 e 3 0 e b 3 c e a 1 6 8 b b c 4 9 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ a r p 1 3 9 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 2 6 5 2 5 0 8 A S C T R M ( d 8 8 0 8 3 1 2 7 9 e d 9 1 f 9 a 4 1 9 0 a 2 d b 9 5 3 9 e a 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ A S C T R M . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 3 4 3 2 5 0 8 a s w F s B l k ( 8 6 1 c b 5 1 2 e 4 e 8 5 0 e 8 7 d d 2 3 1 6 f 8 8 d 6 9 3 3 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w F s B l k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 4 3 7 2 5 0 8 a s w M o n 2 ( 7 8 5 7 e 0 b 4 c 8 1 7 f 6 9 f f 4 6 3 e e a 2 c 6 3 e 5 6 f 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w M o n 2 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 5 0 0 2 5 0 8 a s w R d r ( 8 d b 0 4 3 b f 9 6 b b 6 d 3 3 4 e 5 b 4 8 8 8 e 7 0 9 e 1 c 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w R d r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 5 9 3 2 5 0 8 a s w S n x ( 1 7 2 3 0 7 0 8 a 2 0 2 8 c d 9 9 5 6 5 6 d f 4 5 5 f 2 e 3 0 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w S n x . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 6 4 0 2 5 0 8 a s w S P ( d b e d d 9 d 4 3 b 0 0 6 3 0 9 6 6 e f 0 5 d 2 d 8 d 0 4 c e e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w S P . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 7 6 5 2 5 0 8 a s w T d i ( 9 8 4 c f c e 2 1 6 8 2 8 6 c 2 5 1 1 6 9 5 c 2 f 9 6 2 1 4 7 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ a s w T d i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 7 9 6 2 5 0 8 A s y n c M a c ( 0 2 0 0 0 a b f 3 4 a f 4 c 2 1 8 c 3 5 d 2 5 7 0 2 4 8 0 7 d 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ a s y n c m a c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 8 4 3 2 5 0 8 a t a p i ( c d f e 4 4 1 1 a 6 9 c 2 2 4 b d 1 d 1 1 b 2 d a 9 2 d a c 5 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ a t a p i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 8 9 0 2 5 0 8 A t m a r p c ( e c 8 8 d a 8 5 4 a b 7 d 7 7 5 2 e c 8 b e 1 1 a 7 4 1 b b 7 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ a t m a r p c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 9 3 7 2 5 0 8 a u d s t u b ( d 9 f 7 2 4 a a 2 6 c 0 1 0 a 2 1 7 c 9 7 6 0 6 b 1 6 0 e d 6 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ a u d s t u b . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 6 . 0 9 6 8 2 5 0 8 B e e p ( d a 1 f 2 7 d 8 5 e 0 d 1 5 2 5 f 6 6 2 1 3 7 2 e 7 b 6 8 5 e 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ B e e p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 0 3 1 2 5 0 8 c b i d f 2 k ( 9 0 a 6 7 3 f c 8 e 1 2 a 7 9 a f b e d 2 5 7 6 f 6 a 7 a a f 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ c b i d f 2 k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 0 9 3 2 5 0 8 C d a u d i o ( c 1 b 4 8 6 a 7 6 5 8 3 5 3 d 3 3 a 1 0 c c 1 5 2 1 1 a 8 7 3 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ C d a u d i o . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 1 0 9 2 5 0 8 C d f s ( c d 7 d 5 1 5 2 d f 3 2 b 4 7 f 4 e 3 6 f 7 1 0 b 3 5 a a e 0 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ C d f s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 1 4 0 2 5 0 8 C d r o m ( a f 9 c 1 9 b 3 1 0 0 f e 0 1 0 4 9 6 b 1 a 2 7 1 8 1 f b f 7 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ c d r o m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 2 0 3 2 5 0 8 C m B a t t ( 4 2 6 6 b e 8 0 8 f 8 5 8 2 6 a e d f 3 c 6 4 c 1 e 2 4 0 2 0 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ C m B a t t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 2 3 4 2 5 0 8 C o m p b a t t ( d f 1 b 1 a 2 4 b f 5 2 d 0 e b c 0 1 e d 4 e c e 8 9 7 9 f 5 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ c o m p b a t t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 3 4 3 2 5 0 8 c p u d r v ( d 0 1 f 6 8 5 f 8 b 4 5 9 8 d 1 4 4 b 0 c c e 9 f f 9 5 d 8 d 5 ) C : \ P r o g r a m F i l e s \ S y s t e m R e q u i r e m e n t s L a b \ c p u d r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 6 5 6 2 5 0 8 D i s k ( 0 0 c a 4 4 e 4 5 3 4 8 6 5 f 8 a 3 b 6 4 f 7 c 0 9 8 4 b f f 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ d i s k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 7 1 8 2 5 0 8 D L A B O I O M ( e e 4 3 2 5 b e c e f 5 1 b 8 c 3 2 b 4 3 2 9 0 9 7 e 4 f 3 0 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A B O I O M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 7 6 5 2 5 0 8 D L A C D B H M ( d 9 7 9 b e b c f 7 e d c c 9 c 9 e e 1 8 5 7 d 1 a 6 8 c 6 7 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ D L A C D B H M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 8 7 5 2 5 0 8 D L A D R e s N ( 1 e 6 c 6 5 9 7 8 3 3 a 0 4 c 2 1 5 7 b e 7 b 3 9 e a 9 2 c e 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A D R e s N . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 9 2 1 2 5 0 8 D L A I F S _ M ( 7 5 2 3 7 6 e 1 0 9 a 0 9 0 9 7 0 b f a 9 7 2 2 f 0 f 4 0 b 0 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A I F S _ M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 7 . 0 9 5 3 2 5 0 8 D L A O P I O M ( 6 2 e e 7 9 0 2 e 7 4 b 9 0 b f 1 c c c 4 6 4 3 f c 6 c 0 7 a 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A O P I O M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 0 0 0 2 5 0 8 D L A P o o l M ( 5 c 2 2 0 1 2 4 c 5 a f e a e e 8 4 a 9 b b 8 9 d 6 8 5 c 1 7 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A P o o l M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 0 3 1 2 5 0 8 D L A R T L _ N ( 7 e e 0 8 5 2 a e 8 9 0 7 6 8 9 d f 2 5 0 4 9 d c d 2 3 4 2 e 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ D L A R T L _ N . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 1 0 9 2 5 0 8 D L A U D F A M ( 4 e b b 7 8 d 9 b b f 0 7 2 1 1 9 3 6 3 b 3 5 b 9 b 3 e 5 1 8 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A U D F A M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 1 4 0 2 5 0 8 D L A U D F _ M ( 3 3 3 b 7 7 0 e 5 2 d 2 c e a 7 b d 8 6 3 9 1 1 2 0 4 6 6 e 4 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D L A \ D L A U D F _ M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 2 3 4 2 5 0 8 d m b o o t ( c 0 f b b 5 1 6 e 0 6 e 2 4 3 f 0 c f 3 1 f 5 9 7 e 7 e b f 7 d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ d m b o o t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 3 5 9 2 5 0 8 d m i o ( f 5 e 7 b 3 5 8 a 7 3 2 d 0 9 f 4 b c f 2 8 2 4 b 8 8 b 9 e 2 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ d m i o . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 3 7 5 2 5 0 8 d m l o a d ( e 9 3 1 7 2 8 2 a 6 3 c a 4 d 1 8 8 c 0 d f 5 e 0 9 c 6 a c 5 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ d m l o a d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 4 2 1 2 5 0 8 D M u s i c ( a 6 f 8 8 1 2 8 4 a c 1 1 5 0 e 3 7 d 9 a e 4 7 f f 6 0 1 2 6 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ D M u s i c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 4 6 8 2 5 0 8 d r m k a u d ( 1 e d 4 d b b a e 9 f 5 d 5 5 8 d b b a 4 c c 4 5 0 e 3 e b 2 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ d r m k a u d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 5 0 0 2 5 0 8 D R V M C D B ( f d 0 f 9 5 9 8 1 f e f 9 0 7 3 6 5 9 d 8 e c 5 8 e 4 0 a a 3 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ D R V M C D B . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 5 9 3 2 5 0 8 D R V N D D M ( b 4 8 6 9 d 3 2 0 4 2 8 c d c 5 e c 4 d 7 f 5 e 8 0 8 e 9 9 b 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ D R V N D D M . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 6 8 7 2 5 0 8 E 1 0 0 B ( 2 6 4 6 8 8 3 e 6 d d 8 6 7 c d 8 7 2 d 5 b 5 1 b 6 0 3 6 7 1 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ e 1 0 0 b 3 2 5 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 7 1 8 2 5 0 8 e 1 e x p r e s s ( e 1 f a 1 0 e d 8 f 9 f 7 0 0 c 1 b e 1 e a e 0 5 a 8 0 e f 5 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ e 1 e 5 1 3 2 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 8 1 2 2 5 0 8 F a s t f a t ( 3 1 1 7 f 5 9 5 e 9 6 1 5 e 0 4 f 0 5 a 5 4 f c 1 5 a 0 3 b 2 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ F a s t f a t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 9 0 6 2 5 0 8 F d c ( c e d 2 e 8 3 9 6 a 8 8 3 8 e 5 9 d 8 f d 5 2 9 c 6 8 0 e 0 2 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ F d c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 9 2 1 2 5 0 8 F i p s ( e 1 5 3 a b 8 a 1 1 d e 5 4 5 2 b c f 5 a c 7 6 5 2 d b f 3 e d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ F i p s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 9 5 3 2 5 0 8 F l p y d i s k ( 0 d d 1 d e 4 3 1 1 5 b 9 3 f 4 d 8 5 e 8 8 9 d 7 a 8 6 f 5 4 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ F l p y d i s k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 8 . 0 9 6 8 2 5 0 8 F l t M g r ( 1 5 7 7 5 4 f 0 d f 3 5 5 a 9 e 0 a 6 f 5 4 7 2 1 9 1 4 f 9 c 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ f l t M g r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 1 4 0 2 5 0 8 F s _ R e c ( 3 e 1 e 2 b d 4 f 3 9 b 0 e 2 b 7 d c 4 f 4 d 2 b c c 2 7 7 9 a ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ F s _ R e c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 1 8 7 2 5 0 8 F t d i s k ( 6 a c 2 6 7 3 2 7 6 2 4 8 3 3 6 6 c 3 9 6 9 c 9 e 4 d 2 2 5 9 d ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ f t d i s k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 3 1 2 2 5 0 8 G p c ( c 0 f 1 d 4 a 2 1 d e 5 a 4 1 5 d f 8 1 7 0 6 1 6 7 0 3 d e b f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m s g p c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 3 7 5 2 5 0 8 H D A u d B u s ( 3 f c c 1 2 4 b 6 e 0 8 e e 0 e 9 3 5 1 f 7 1 7 d d 1 3 6 9 3 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ H D A u d B u s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 4 6 8 2 5 0 8 H i d U s b ( 1 d e 6 7 8 3 b 9 1 8 f 5 4 0 1 4 9 a a 6 9 9 4 3 b d f e b a 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ h i d u s b . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 5 7 8 2 5 0 8 H T T P ( c 1 9 b 5 2 2 a 9 a e 0 b b c 3 2 9 3 3 9 7 f 3 0 5 5 e 8 0 a 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ H T T P . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 6 5 6 2 5 0 8 i 8 0 4 2 p r t ( 5 5 0 2 b 5 8 e e f 7 4 8 6 e e 6 f 9 3 f 3 f 1 6 4 d c b 8 0 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i 8 0 4 2 p r t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 3 9 . 0 8 5 9 2 5 0 8 i a l m ( 4 8 8 4 6 b 3 1 b e 5 a 4 f a 6 6 2 c c f d e 7 a 1 b a 8 6 b 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i g x p m p 3 2 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 0 6 2 2 5 0 8 I m a p i ( f 8 a a 3 2 0 c 6 a 0 4 0 9 c 0 3 8 0 e 5 d 8 a 9 9 d 7 6 e c 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i m a p i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 3 1 2 2 5 0 8 I n t c A z A u d A d d S e r v i c e ( b 1 2 a 9 f c 4 9 c d 2 7 6 5 a 4 3 8 2 9 d 8 3 4 f 5 1 8 a e d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ R t k H D A u d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 4 2 1 2 5 0 8 i n t e l p p m ( 2 7 9 f b 7 8 7 0 2 4 5 4 d f f 2 b b 4 4 5 f 2 3 8 c 0 4 8 d 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i n t e l p p m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 4 6 8 2 5 0 8 I p 6 F w ( 4 4 4 8 0 0 6 b 6 b c 6 0 e 6 c 0 2 7 9 3 2 c f c 3 8 d 6 8 5 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ I p 6 F w . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 5 0 0 2 5 0 8 I p F i l t e r D r i v e r ( 7 3 1 f 2 2 b a 4 0 2 e e 4 b 6 2 7 4 8 a d a f 6 3 6 3 c 1 8 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i p f l t d r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 5 1 5 2 5 0 8 I p I n I p ( e 1 e c 7 f 5 d a 7 2 0 b 6 4 0 c d 8 f b 8 4 2 4 f 1 b 1 4 b b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i p i n i p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 5 6 2 2 5 0 8 I p N a t ( e 2 1 6 8 c b c 7 0 9 8 f f e 9 6 3 c 6 f 2 3 f 4 7 2 a 3 5 9 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i p n a t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 7 5 0 2 5 0 8 I P S e c ( 6 4 5 3 7 a a 5 c 0 0 3 a 6 a f e e e 1 d f 8 1 9 0 6 2 d 0 d 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i p s e c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 7 9 6 2 5 0 8 I R E N U M ( 5 0 7 0 8 d a a 1 b 1 c b b 7 d 6 a c 1 c f 8 f 5 6 a 2 4 4 1 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i r e n u m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 0 . 0 9 6 8 2 5 0 8 i s a p n p ( e 5 0 4 f 7 0 6 c c b 6 9 9 c 2 5 9 6 e 9 a 3 d a 1 5 9 6 e 8 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ i s a p n p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 0 0 0 2 5 0 8 I v i a s p i ( f 5 9 c 3 5 6 9 a 2 f 2 c 4 6 4 b b 7 8 c b 1 b d c d c a 5 5 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ i v i a s p i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 1 5 6 2 5 0 8 K b d c l :filtered: ( e b d e e 8 a 2 e e 5 3 9 3 8 9 0 a 1 a c e e 9 7 1 c 4 c 2 4 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ k b d c l :filtered: . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 1 8 7 2 5 0 8 k m i x e r ( d 9 3 c a d 0 7 c 5 6 8 3 d b 0 6 6 b 0 b 2 d 2 d 3 7 9 0 e a d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ k m i x e r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 2 3 4 2 5 0 8 K R 1 0 N ( 0 0 c 1 e a 8 d e c f 8 1 0 b 8 e c c b 5 c 5 a 8 1 8 6 a 9 6 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ K R 1 0 N . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 2 5 0 2 5 0 8 K S e c D D ( e b 7 f f e 8 7 f d 3 6 7 e a 8 f c a 0 5 0 6 f 7 4 a 8 7 f b b ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ K S e c D D . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 3 4 3 2 5 0 8 M H N D R V ( 7 f 2 f 1 d 2 8 1 5 a 6 4 4 9 d 3 4 6 f c c c b c 5 6 9 f b d 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m h n d r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 3 9 0 2 5 0 8 m n m d d ( 4 a e 0 6 8 2 4 2 7 6 0 a 1 f b 6 e 1 a 4 4 b f 4 e 1 6 a f a 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ m n m d d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 4 2 1 2 5 0 8 M o d e m ( 6 f c 6 f 9 d 7 a c c 3 6 d c a 9 b 9 1 4 5 6 5 a 3 a e d a 0 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M o d e m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 4 3 7 2 5 0 8 M o u c l :filtered: ( 3 4 e 1 f 0 0 3 1 1 5 3 e 4 9 1 9 1 0 e 1 2 5 5 1 4 0 0 1 9 2 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m o u c l :filtered: . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 5 1 5 2 5 0 8 m o u h i d ( b 1 c 3 0 3 e 1 7 f b 9 d 4 6 e 8 7 a 9 8 e 4 b a 6 7 6 9 6 8 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m o u h i d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 6 5 6 2 5 0 8 M o u n t M g r ( 6 5 6 5 3 f 3 b 4 4 7 7 f 3 c 6 3 e 6 8 a 9 6 5 9 f 8 5 e e 2 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M o u n t M g r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 7 0 3 2 5 0 8 M R x D A V ( 4 6 e d c c 8 f 2 d b 2 f 3 2 2 c 2 4 f 4 8 7 8 5 c b 4 6 3 6 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m r x d a v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 7 3 4 2 5 0 8 M R x S m b ( 5 d d c 9 a 1 b 2 e b 5 a 4 b f 0 1 0 c e 8 c 0 1 9 a 1 8 c 1 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m r x s m b . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 7 6 5 2 5 0 8 M s f s ( 5 6 1 b 3 a 4 3 3 3 c a 2 d b d b a 2 8 b 5 b 9 5 6 8 2 2 5 1 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M s f s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 9 3 7 2 5 0 8 M S K S S R V ( a e 4 3 1 a 8 d d 3 c 1 d 0 d 0 6 1 0 c d b a c 1 6 0 5 7 a d 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M S K S S R V . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 9 5 3 2 5 0 8 M S P C L O C K ( 1 3 e 7 5 f e f 9 d f e b 0 8 e e d e d 9 d 0 2 4 6 e 1 f 4 4 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M S P C L O C K . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 1 . 0 9 6 8 2 5 0 8 M S P Q M ( 1 9 8 8 a 3 3 f f 1 9 2 4 2 5 7 6 c 3 d 0 e f 9 c e 7 8 5 d a 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M S P Q M . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 0 1 5 2 5 0 8 m s s m b i o s ( 4 6 9 5 4 1 f 8 b f d 2 b 3 2 6 5 9 d 5 d 4 6 3 a 6 7 1 4 b c e ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ m s s m b i o s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 1 8 7 2 5 0 8 M u p ( 8 2 0 3 5 e 0 f 4 1 c 2 d d 0 5 a e 4 1 d 2 7 f e 6 c f 7 d e 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ M u p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 2 3 4 2 5 0 8 N D I S ( 5 5 8 6 3 5 d 3 a f 1 c 7 5 4 6 d 2 6 0 6 7 d 5 d 9 b 6 9 5 9 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ N D I S . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 4 0 6 2 5 0 8 N d i s T a p i ( 0 8 d 4 3 b b d a c d f 2 3 f 3 4 d 7 9 e 4 4 e d 3 5 c 1 b 4 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n d i s t a p i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 4 5 3 2 5 0 8 N d i s u i o ( e e f a 1 c e 6 3 8 0 5 d 2 1 4 5 9 7 8 6 2 1 b e 5 c 6 d 9 5 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n d i s u i o . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 5 6 2 2 5 0 8 N d i s W a n ( 0 b 9 0 e 2 5 5 a 9 4 9 0 1 6 6 a b 3 6 8 c d 5 5 a 5 2 9 8 9 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n d i s w a n . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 5 9 3 2 5 0 8 N D P r o x y ( 5 9 f c 3 f b 4 4 d 2 6 6 9 b c 1 4 4 f d 8 7 8 2 6 b b 5 7 1 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ N D P r o x y . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 6 2 5 2 5 0 8 N e t B I O S ( 3 a 2 a c a 8 f c 1 d 7 7 8 6 9 0 2 c a 4 3 4 9 9 8 d 7 c e b 4 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n e t b i o s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 6 5 6 2 5 0 8 N e t B T ( 0 c 8 0 e 4 1 0 c d 2 f 4 7 1 3 4 4 0 7 e e 7 d d 1 9 c c 8 6 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n e t b t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 6 8 7 2 5 0 8 N e t d e v i o ( 1 2 6 5 e b 2 5 3 e d 4 e b e 4 a c b 3 b d 5 f 5 4 8 f f 7 9 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n e t d e v i o . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 7 1 8 2 5 0 8 N I C 1 3 9 4 ( 5 c 5 c 5 3 d b 4 f e f 1 6 c f 8 7 b 9 9 1 1 c 7 e 8 c 6 f b c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n i c 1 3 9 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 7 5 0 2 5 0 8 N p f s ( 4 f 6 0 1 b c b 8 f 6 4 e a 3 a c 0 9 9 4 f 9 8 f e d 0 3 f 8 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ N p f s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 7 8 1 2 5 0 8 N t f s ( b 7 8 b e 4 0 2 c 3 f 6 3 d d 5 5 5 2 1 f 7 3 8 7 6 9 5 1 c d d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ N t f s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 2 . 0 9 8 4 2 5 0 8 N u l l ( 7 3 c 1 e 1 f 3 9 5 9 1 8 b c 2 c 6 d d 6 7 a f 7 5 9 1 a 3 a d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ N u l l . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 0 3 1 2 5 0 8 N w l n k F l t ( b 3 0 5 f 3 f a d 3 5 0 8 3 8 3 7 e f 4 6 a 0 b b c e 2 f c 5 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n w l n k f l t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 1 0 9 2 5 0 8 N w l n k F w d ( c 9 9 b 3 4 1 5 1 9 8 d 1 a a b 7 2 2 7 f 2 c 8 8 f d 6 6 4 b 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ n w l n k f w d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 1 7 1 2 5 0 8 o h c i 1 3 9 4 ( 0 9 5 1 d b 8 e 5 8 2 3 e a 3 6 6 b 0 e 4 0 8 d 7 1 e 1 b a 2 a ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ o h c i 1 3 9 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 2 3 4 2 5 0 8 P a r p o r t ( 2 9 7 4 4 e b 4 c e 6 5 9 d f e 3 b 4 1 2 2 d e b 4 5 b c 4 7 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ P a r p o r t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 3 1 2 2 5 0 8 P a r t M g r ( 3 3 3 4 4 3 0 c 2 9 d c 3 3 8 0 9 2 f 7 9 c 3 8 e f 7 b 4 c d 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ P a r t M g r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 3 5 9 2 5 0 8 P a r V d m ( 7 0 e 9 8 b 3 f d 8 e 9 6 3 a 6 a 4 6 a 2 e 6 2 4 7 e 0 b e a 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ P a r V d m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 4 2 1 2 5 0 8 P C I ( 8 0 8 6 d 9 9 7 9 2 3 4 b 6 0 3 a d 5 b c 2 f 5 d 8 9 0 b 2 3 4 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ p c i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 4 5 3 2 5 0 8 P C I I d e ( c c f 5 f 4 5 1 b b 1 a 5 a 2 a 5 2 2 a 7 6 e 6 7 0 0 0 0 f f 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ p c i i d e . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 4 6 8 2 5 0 8 P c m c i a ( 8 2 a 0 8 7 2 0 7 d e c e c 8 4 5 6 f b e 8 5 3 7 9 4 7 d 5 7 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ p c m c i a . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 6 4 0 2 5 0 8 P f c ( 4 4 4 f 1 2 2 e 6 8 d b 4 4 c 0 5 8 9 2 2 7 7 8 1 f 3 c 8 b 3 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ p f c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 7 3 4 2 5 0 8 P p t p M i n i p o r t ( 1 c 5 c c 6 5 a a c 0 7 8 3 c 3 4 4 f 1 6 3 5 3 e 6 0 b 7 2 a c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r a s p p t p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 7 9 6 2 5 0 8 P S c h e d ( 4 8 6 7 1 f 3 2 7 5 5 3 d c f 1 d 2 7 f 6 1 9 7 f 6 2 2 a 6 6 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ p s c h e d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 8 7 5 2 5 0 8 P t i l i n k ( 8 0 d 3 1 7 b d 1 c 3 d b c 5 d 4 f e 7 b 1 6 7 8 c 6 0 c a d d ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ p t i l i n k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 3 . 0 9 0 6 2 5 0 8 P x H e l p 2 0 ( 8 6 7 2 4 4 6 9 c d 0 7 7 9 0 1 7 0 6 8 5 4 9 7 4 c d 1 3 c 3 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ D r i v e r s \ P x H e l p 2 0 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 0 3 1 2 5 0 8 R a s A c d ( f e 0 d 9 9 d 6 f 3 1 e 4 f a d 8 1 5 9 f 6 9 0 d 6 8 d e d 9 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r a s a c d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 0 7 8 2 5 0 8 R a s l 2 t p ( 9 8 f a e b 4 a 4 d c f 8 1 2 b a 1 c 6 f c a 4 a a 3 e 1 1 5 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r a s l 2 t p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 2 0 3 2 5 0 8 R a s P p p o e ( 7 3 0 6 e e e d 8 8 9 5 4 5 4 c b e d 4 6 6 9 b e 9 f 7 9 f a a ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r a s p p p o e . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 3 2 8 2 5 0 8 R a s p t i ( f d b b 1 d 6 0 0 6 6 f c f b b 7 4 5 2 f d 8 f 9 8 2 9 b 2 4 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r a s p t i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 3 5 9 2 5 0 8 R d b s s ( 8 0 9 c a 4 5 c a a 9 0 7 2 b 3 1 7 6 a d 4 4 5 7 9 d 7 f 6 8 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r d b s s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 4 3 7 2 5 0 8 R D P C D D ( 4 9 1 2 d 5 b 4 0 3 6 1 4 c e 9 9 c 2 8 4 2 0 f 7 5 3 5 3 3 3 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ R D P C D D . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 4 8 4 2 5 0 8 r d p d r ( a 2 c a e 2 c 6 0 b c 3 7 e 0 7 5 1 e f 9 d d a 7 c e a f 4 a d ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r d p d r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 5 9 3 2 5 0 8 R D P W D ( b 5 4 c d 3 8 a 9 e b f b f 2 b 3 5 6 1 4 2 6 e 3 f e 2 6 f 6 2 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ R D P W D . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 6 5 6 2 5 0 8 r e d b o o k ( b 3 1 b 4 5 8 8 e 4 0 8 6 d 8 d 8 4 a d b f 9 8 4 5 c 2 4 0 2 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ r e d b o o k . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 4 . 0 7 5 0 2 5 0 8 s 2 4 t r a n s ( 1 c c 0 7 4 e 0 d 4 8 3 8 3 d 4 e 9 b f f c 6 a 2 6 c 2 a 5 8 a ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s 2 4 t r a n s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 0 7 8 2 5 0 8 s d b u s ( 0 2 f c 7 1 b 0 2 0 e c 8 7 0 0 e e 8 a 4 6 c 5 8 b c 6 f 2 7 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s d b u s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 1 2 5 2 5 0 8 S e c d r v ( d 2 6 e 2 6 e a 5 1 6 4 5 0 a f 9 d 0 7 2 6 3 5 c 6 0 3 8 7 f 4 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s e c d r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 1 7 1 2 5 0 8 S e r i a l ( c d 9 4 0 4 d 1 1 5 a 0 0 d 2 4 9 f 7 0 a 3 7 1 b 4 6 d 5 a 2 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ S e r i a l . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 2 3 4 2 5 0 8 S f l o p p y ( 0 d 1 3 b 6 d f 6 e 9 e 1 0 1 0 1 3 a 7 a f b 0 c e 6 2 9 f e 0 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s f l o p p y . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 3 2 8 2 5 0 8 s p l i t t e r ( 8 e 1 8 6 b 8 f 2 3 2 9 5 d 1 e 4 2 c 5 7 3 b 8 2 b 8 0 d 5 4 8 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ s p l i t t e r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 3 7 5 2 5 0 8 s r ( e 4 1 b 6 d 0 3 7 d 6 c d 0 8 4 6 1 4 7 0 a f 0 4 5 0 0 d c 2 4 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s r . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 5 3 1 2 5 0 8 s r e s c a n ( 3 3 3 3 6 3 8 7 9 c 7 c 6 1 9 d a a 6 8 e 4 d d 6 e 3 b e 3 1 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ Z o n e L a b s \ s r e s c a n . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 6 2 5 2 5 0 8 S r v ( 5 5 3 0 0 7 e c c e 7 f 6 5 6 5 b b e 6 4 5 b e b 6 6 d 3 b 6 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 6 8 7 2 5 0 8 s w e n u m ( 0 3 c 1 b a e 4 7 6 6 e 2 4 5 0 2 1 9 d 2 0 b 9 9 3 d 6 e 0 4 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ s w e n u m . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 5 . 0 7 1 8 2 5 0 8 s w m i d i ( 9 4 a b c 8 0 8 f c 4 b 6 d 7 d 2 b b f 4 2 b 8 5 e 2 5 b b 4 d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ s w m i d i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 0 1 5 2 5 0 8 S y n T P ( e 2 9 5 f f f f f 3 a a f 9 a 6 a 4 0 b 2 9 4 9 7 9 0 1 9 0 8 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ S y n T P . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 0 4 6 2 5 0 8 s y s a u d i o ( 6 5 0 a d 0 8 2 d 4 6 b a c 0 e 6 4 c 9 c 0 e 0 9 2 8 4 9 2 f d ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ s y s a u d i o . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 0 9 3 2 5 0 8 t b i o s d r v ( 7 1 4 7 b 0 5 7 5 b c c 9 3 a 6 a b 7 d 5 c 9 0 f 4 7 c 0 b 9 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ t b i o s d r v . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 1 7 1 2 5 0 8 T c p i p ( 8 8 7 6 3 a 9 8 a 4 c 2 6 c 4 0 9 7 4 1 b 4 a a 1 6 2 7 2 0 c 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ t c p i p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 2 8 1 2 5 0 8 T D P I P E ( 3 8 d 4 3 7 c f 2 d 9 8 9 6 5 f 2 3 9 b 0 a b c d 6 6 d c b 0 f ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ T D P I P E . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 3 2 8 2 5 0 8 T D T C P ( e d 0 5 8 0 a f 0 2 5 0 2 d 0 0 a d 8 c 4 c 0 6 6 b 1 5 6 b e 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ T D T C P . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 4 0 6 2 5 0 8 T e r m D D ( a 5 4 0 a 9 9 c 2 8 1 d 9 3 3 f 3 d 6 9 d 5 5 e 4 8 7 2 7 f 4 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ t e r m d d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 6 2 5 2 5 0 8 t i f m 2 1 ( 2 4 4 c f b f f d e f b 7 7 f 3 d f 5 7 1 a 8 c d 1 0 8 f c 0 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ t i f m 2 1 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 7 0 3 2 5 0 8 t o s r f e c ( c c 0 6 9 3 4 2 e e 0 e a e 5 5 b 3 2 a 0 a e 9 9 c f 6 1 8 5 c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ t o s r f e c . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 8 7 5 2 5 0 8 T V A L D ( 6 7 6 d b 1 5 d d f 2 e 0 f f 6 e c 0 3 0 6 8 d e a 4 2 8 b 8 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ N B S M I . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 6 . 0 9 2 1 2 5 0 8 T v s ( c c 6 7 6 3 8 8 9 1 9 8 e f 9 7 5 b 1 4 3 d 4 9 7 8 9 b c f a 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ T v s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 0 1 5 2 5 0 8 U d f s ( 1 2 f 7 0 2 5 6 f 1 4 0 c d 7 d 5 2 c 5 8 c 7 0 4 8 f d e 6 5 7 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ U d f s . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 1 8 7 2 5 0 8 U p d a t e ( a f f 2 e 5 0 4 5 9 6 1 b b c 0 a 6 0 2 b b 6 f 9 5 e b 1 3 4 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ u p d a t e . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 2 6 5 2 5 0 8 u s b c c g p ( b f f d 9 f 1 2 0 c c 6 3 b c b a a 3 d 8 4 0 f 3 e e f 9 f 7 9 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ u s b c c g p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 2 9 6 2 5 0 8 u s b e h c i ( 1 5 e 9 9 3 b a 2 f 6 9 4 6 b 2 b f b b f c d 3 0 3 9 8 6 2 1 e ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ u s b e h c i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 3 2 8 2 5 0 8 u s b h u b ( c 7 2 f 4 0 9 4 7 f 9 2 c e a 5 6 a 8 f b 5 3 2 e d f 0 2 5 f 1 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ u s b h u b . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 4 0 6 2 5 0 8 U S B S T O R ( 6 c d 7 b 2 2 1 9 3 7 1 8 f 1 d 1 7 a 4 7 a 1 c d 6 d 3 7 e 7 5 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ U S B S T O R . S Y S

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 5 3 1 2 5 0 8 u s b u h c i ( f 8 f d 1 4 0 0 0 9 2 e 2 3 c 8 f 2 f 3 1 4 0 6 e f 0 6 1 6 7 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ u s b u h c i . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 5 4 6 2 5 0 8 V g a S a v e ( 8 a 6 0 e d d 7 2 b 4 e a 5 a e a 8 2 0 2 d a f 0 e 4 2 7 9 2 5 ) C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ v g a . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 7 6 5 2 5 0 8 V o l S n a p ( e e 4 6 6 0 0 8 3 d e b a 8 4 9 f f 6 c 4 8 5 d 9 4 4 b 3 7 9 b ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ V o l S n a p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 7 . 0 8 2 8 2 5 0 8 v s d a t a n t ( 0 b 3 d d 9 3 8 1 f b 9 d 8 3 b c 9 d c e 8 c d 2 4 5 9 b 1 4 d ) C : \ W I N D O W S \ s y s t e m 3 2 \ v s d a t a n t . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 0 6 2 2 5 0 8 w 3 9 n 5 1 ( b 1 f 1 2 6 e 7 e 2 8 8 7 7 1 0 6 d 6 0 e 6 f f 3 9 9 8 d 0 3 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ w 3 9 n 5 1 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 2 5 0 2 5 0 8 W a n a r p ( 9 8 4 e f 0 b 9 7 8 8 a b f 8 9 9 7 4 c f e d 4 b f b a a c b c ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ w a n a r p . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 2 9 6 2 5 0 8 w a n a t w ( 0 a 7 1 6 c 0 8 c b 1 3 c 3 a 8 f 4 f 5 1 e 8 8 2 d b f 7 4 1 6 ) C : \ W I N D O W S \ s y s t e m 3 2 \ D R I V E R S \ w a n a t w 4 . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 4 3 7 2 5 0 8 w d m a u d ( 2 7 9 7 f 3 3 e b f 5 0 4 6 6 0 2 0 c 4 3 0 e e 4 f 0 3 7 9 3 3 ) C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ w d m a u d . s y s

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 5 6 2 2 5 0 8 M B R ( 0 x 1 B 8 ) ( 0 9 c e 7 3 9 7 a f 2 3 d 4 c 0 b 3 3 1 b 8 9 d 0 2 9 7 c c 7 e ) \ D e v i c e \ H a r d d i s k 0 \ D R 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 3 4 2 5 0 8 M B R ( 0 x 1 B 8 ) ( 5 f b 3 8 4 2 9 d 5 d 7 7 7 6 8 8 6 7 c 7 6 d c b d b 3 5 1 9 4 ) \ D e v i c e \ H a r d d i s k 1 \ D R 4

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 5 0 2 5 0 8 B o o t ( 0 x 1 2 0 0 ) ( 3 1 8 6 e 3 3 4 c 2 f 3 8 1 2 3 3 5 e 2 3 0 b f b 8 9 4 b 7 1 5 ) \ D e v i c e \ H a r d d i s k 0 \ D R 0 \ P a r t i t i o n 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 6 5 2 5 0 8 B o o t ( 0 x 1 2 0 0 ) ( 0 0 8 1 5 e 1 0 1 d 8 a e f 3 9 0 c e 2 6 a 2 3 d f 7 a 4 f 2 b ) \ D e v i c e \ H a r d d i s k 1 \ D R 4 \ P a r t i t i o n 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 6 5 2 5 0 8 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 6 5 2 5 0 8 S c a n f i n i s h e d

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 6 5 2 5 0 8 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 8 1 2 5 0 0 D e t e c t e d o b j e c t c o u n t : 0

 

2 0 1 1 / 0 9 / 0 6 0 0 : 4 7 : 4 8 . 0 7 8 1 2 5 0 0 A c t u a l d e t e c t e d o b j e c t c o u n t : 0

Link to comment
Share on other sites

Sorry for the delay!!! My bad. :surrender:

 

Please give an update as to whether you are experiencing any malware problems.

 

Greetings...:)

 

Thanks bunches for checking back! Was working my way

thru clean up detail on this thing. ((All the things that Zonealarm

was instructed to allow that should not have been)...defrag, etc etc)

The improvements are dramatic, but still occassional weird behavior.

It reminds me of a machine that went thru here awhile back that had

corrupted Smbus drivers.

 

Anyway, plan B was check back with you, rerun the Avira & Kav rescue

CD scans...then work my way thru driver updates. (it has been like an

apple with worms, everytime you peel away you find something else

lurking underneath) But decided it best to check with you before any

updates / fixes where applied.

 

Thanks

Jake

 

Ps: and this is a hobby.....so I get the ones nobody else wants ..LOL

Link to comment
Share on other sites

triger49,

 

Please download TFC to your Desktop.

  • Save any work in progress!! TFC will close open applications and will remove any unsaved work..
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

 

Let's search for any remnants that may be lurking by doing the scan that follows. You will need to use Internet Explorer for this scan.

 

Continue to disable your AntiVirus program and any AntiSpyware programs while performing the scan. This will preclude conflicts, and will speed up scan time.

 

Download ESET Online Scanner

 

Press the ESET Online Scanner download button

  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • *Scan for potentially unwanted applications

      *Scan for potentially unsafe applications

      *Enable Anti-Stealth Technology

  • Click Scan
  • Wait for the scan to finish
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.

Link to comment
Share on other sites

triger49,

 

Please download TFC to your Desktop.

  • Save any work in progress!! TFC will close open applications and will remove any unsaved work..
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

 

Let's search for any remnants that may be lurking by doing the scan that follows. You will need to use Internet Explorer for this scan.

 

Continue to disable your AntiVirus program and any AntiSpyware programs while performing the scan. This will preclude conflicts, and will speed up scan time.

 

Download ESET Online Scanner

 

Press the ESET Online Scanner download button

  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • *Scan for potentially unwanted applications

      *Scan for potentially unsafe applications

      *Enable Anti-Stealth Technology

  • Click Scan
  • Wait for the scan to finish
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.

 

 

Hi;

 

Sorry I am so slow getting back here...live in Pennsylvania and I thought for awhile I might need to build an Ark...

Here is the EsetScan Log ...the flaky behavior, as it turns out, was a memory module not seated down in the snap

holders....I have no idea who was tinkering with that....sigh

 

Eset Scan Log

 

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP12\A0004224.dll a variant of Win32/Toolbar.MyWebSearch application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP17\A0004644.dll a variant of Win32/Toolbar.MyWebSearch application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP17\A0004746.dll probably a variant of Win32/Adware.Bandoo.AA application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP22\A0019121.dll a variant of Win32/Adware.Yontoo.B application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP24\A0020177.dll Win32/Adware.Yontoo.A application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP24\A0020178.dll a variant of Win32/Adware.Yontoo.B application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP24\A0020234.dll Win32/Adware.Yontoo.A application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP25\A0020371.dll Win32/Adware.Yontoo.A application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP25\A0020372.dll a variant of Win32/Adware.Yontoo.B application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP25\A0020428.dll Win32/Adware.Yontoo.A application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP39\A0083978.dll a variant of Win32/Adware.Yontoo.B application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP39\A0083979.dll Win32/Adware.Yontoo.A application

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP39\A0083980.dll Win32/Adware.Yontoo.A application

 

Thanks a million...

Jake

Link to comment
Share on other sites

If your computer is operating correctly, please uninstall ComboFix as follows:

 

Go to Start > Run, and in the 'Open' field type (or copy/paste):

 

combofix /uninstall

 

(Note there is a space between combofix and /uninstall)

Click: OK

 

This will uninstall ComboFix and delete its quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which may contain previous infections, and create a clean System Restore Point.

 

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

 

 

~~~~

Please consider running the following program from Secunia to prevent future infections...

 

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer. You can use the

Secunia Personal Software Inspector to scan for vulnerable programs on your computer.

 

A tutorial on how to use the Secunia Personal Software Inspector to scan for vulnerable programs is found here.

 

Surf safely, triger49!! :adios:

Link to comment
Share on other sites

If your computer is operating correctly, please uninstall ComboFix as follows:

 

Go to Start > Run, and in the 'Open' field type (or copy/paste):

 

combofix /uninstall

 

(Note there is a space between combofix and /uninstall)

Click: OK

 

This will uninstall ComboFix and delete its quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which may contain previous infections, and create a clean System Restore Point.

 

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

 

 

~~~~

Please consider running the following program from Secunia to prevent future infections...

 

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer. You can use the

Secunia Personal Software Inspector to scan for vulnerable programs on your computer.

 

A tutorial on how to use the Secunia Personal Software Inspector to scan for vulnerable programs is found here.

 

Surf safely, triger49!! :adios:

 

Consider it done....and thanks for all your help!

 

Jake

Link to comment
Share on other sites

  • 3 weeks later...

It appears that the malware issue presented is resolved, therefore the topic is closed.

 

Please send me or any Moderator a Personal Message (PM) with this topic's link if there is a reason to re-open it.

 

 

Thanks.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...