Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown malware [RESOLVED]

Started by phantomas , Jun 16 2005 10:29 AM

  • This topic is locked This topic is locked

#61
Metallica
Posted 25 June 2005 - 02:57 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi phantomass,

Can you try this for me?

Click Start > Run > cmd > OK

Then type these commands (each line followed by a ENTER)
cd\
driverquery /FO List /v >drivers.txt & start Notepad drivers.txt

(you can also copy & paste the last one, might be easier)

It will open a file called drivers.txt
Post the content of that file.

Regards,
  • 0

Advertisements

#62
phantomas
Posted 25 June 2005 - 05:52 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I got this error: "invalid syntax: List/v value is not allowed for /FO option".
  • 0

#63
Metallica
Posted 25 June 2005 - 06:06 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Did you have the space between List and /V ?

If so try this one please:
DRIVERQUERY /FO LIST >drivers.txt & start Notepad drivers.txt

Regards,
  • 0

#64
phantomas
Posted 25 June 2005 - 11:11 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I did a stupid syntax mistake. You were right, i didn't left any space between them. :tazz:
Here's the drivers.txt file:


Module Name: ACPI
Display Name: Microsoft ACPI Driver
Description: Microsoft ACPI Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 41,984.00
Code(bytes): 110,336.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:35 AM
Path: C:\WINDOWS\system32\DRIVERS\ACPI.sys
Init(bytes): 4,864.00

Module Name: ACPIEC
Display Name: ACPIEC
Description: ACPIEC
Driver Type: Kernel
Start Mode: Disabled
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 1,536.00
Code(bytes): 4,352.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:57:55 PM
Path: C:\WINDOWS\system32\drivers\ACPIEC.sys
Init(bytes): 1,152.00

Module Name: aec
Display Name: Microsoft Kernel Acoustic Echo Canceller
Description: Microsoft Kernel Acoustic Echo Canceller
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 69,376.00
Code(bytes): 5,888.00
BSS(bytes): 0.00
Link Date: 2/13/2004 5:20:15 PM
Path: C:\WINDOWS\system32\drivers\aec.sys
Init(bytes): 2,176.00

Module Name: AFD
Display Name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 111,488.00
Code(bytes): 4,096.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:13 AM
Path: C:\WINDOWS\system32\drivers\afd.sys
Init(bytes): 8,448.00

Module Name: ALCXWDM
Display Name: Service for Avance AC97 Audio (WDM)
Description: Service for Avance AC97 Audio (WDM)
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 46,368.00
Code(bytes): 116,928.00
BSS(bytes): 0.00
Link Date: 10/31/2001 11:55:20 AM
Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Init(bytes): 1,536.00

Module Name: Aspi32
Display Name: Aspi32
Description: Aspi32
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 11,008.00
BSS(bytes): 0.00
Link Date: 12/23/1997 4:02:44 AM
Path: C:\WINDOWS\system32\drivers\Aspi32.sys
Init(bytes): 1,664.00

Module Name: AsyncMac
Display Name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 9,216.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:05:02 AM
Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Init(bytes): 1,280.00

Module Name: Atmarpc
Display Name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 48,256.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:29 AM
Path: C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Init(bytes): 3,456.00

Module Name: audstub
Display Name: Audio Stub Driver
Description: Audio Stub Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 512.00
Code(bytes): 128.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:59:40 PM
Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Init(bytes): 384.00

Module Name: awlegacy
Display Name: awlegacy
Description: awlegacy
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 5,984.00
BSS(bytes): 0.00
Link Date: 9/12/2000 1:19:37 AM
Path: C:\WINDOWS\system32\Drivers\awlegacy.sys
Init(bytes): 896.00

Module Name: AW_HOST
Display Name: AW_HOST
Description: AW_HOST
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 25,056.00
BSS(bytes): 0.00
Link Date: 2/11/2002 9:06:39 PM
Path: C:\WINDOWS\system32\drivers\aw_host5.sys
Init(bytes): 1,504.00

Module Name: Beep
Display Name: Beep
Description: Beep
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 1,152.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:47:33 PM
Path: C:\WINDOWS\system32\drivers\Beep.sys
Init(bytes): 768.00

Module Name: cbidf2k
Display Name: cbidf2k
Description: cbidf2k
Driver Type: Kernel
Start Mode: Disabled
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 11,008.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:52:06 PM
Path: C:\WINDOWS\system32\drivers\cbidf2k.sys
Init(bytes): 640.00

Module Name: CCDECODE
Display Name: Closed Caption Decoder
Description: Closed Caption Decoder
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 256.00
Code(bytes): 11,904.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:10:13 AM
Path: C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
Init(bytes): 640.00

Module Name: Cdaudio
Display Name: Cdaudio
Description: Cdaudio
Driver Type: Kernel
Start Mode: System
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 12,288.00
Code(bytes): 3,072.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:52:26 PM
Path: C:\WINDOWS\system32\drivers\Cdaudio.sys
Init(bytes): 768.00

Module Name: Cdfs
Display Name: Cdfs
Description: Cdfs
Driver Type: File System
Start Mode: Disabled
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 46,336.00
Code(bytes): 6,912.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:09 AM
Path: C:\WINDOWS\system32\drivers\Cdfs.sys
Init(bytes): 4,608.00

Module Name: Cdrom
Display Name: CD-ROM Driver
Description: CD-ROM Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 5,888.00
Code(bytes): 33,536.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:52 AM
Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Init(bytes): 3,072.00

Module Name: d346bus
Display Name: d346bus
Description: d346bus
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 17,024.00
Code(bytes): 93,312.00
BSS(bytes): 0.00
Link Date: 3/12/2004 10:41:28 PM
Path: C:\WINDOWS\system32\DRIVERS\d346bus.sys
Init(bytes): 18,048.00

Module Name: d346prt
Display Name: d346prt
Description: d346prt
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 1,792.00
BSS(bytes): 0.00
Link Date: 3/12/2004 10:41:42 PM
Path: C:\WINDOWS\system32\Drivers\d346prt.sys
Init(bytes): 1,024.00

Module Name: Disk
Display Name: Disk Driver
Description: Disk Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 18,048.00
Code(bytes): 8,320.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:53 AM
Path: C:\WINDOWS\system32\DRIVERS\disk.sys
Init(bytes): 5,248.00

Module Name: dmboot
Display Name: dmboot
Description: dmboot
Driver Type: Kernel
Start Mode: Disabled
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 219,648.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:13 AM
Path: C:\WINDOWS\system32\drivers\dmboot.sys
Init(bytes): 1,536.00

Module Name: dmio
Display Name: Logical Disk Manager Driver
Description: Logical Disk Manager Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,280.00
Code(bytes): 120,960.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:13 AM
Path: C:\WINDOWS\system32\drivers\dmio.sys
Init(bytes): 3,072.00

Module Name: dmload
Display Name: dmload
Description: dmload
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 2,560.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:58:15 PM
Path: C:\WINDOWS\system32\drivers\dmload.sys
Init(bytes): 640.00

Module Name: DMusic
Display Name: Microsoft Kernel DLS Syntheiszer
Description: Microsoft Kernel DLS Syntheiszer
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 40,960.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:37 AM
Path: C:\WINDOWS\system32\drivers\DMusic.sys
Init(bytes): 1,280.00

Module Name: drmkaud
Display Name: Microsoft Kernel DRM Audio Descrambler
Description: Microsoft Kernel DRM Audio Descrambler
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 128.00
Code(bytes): 128.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:56 AM
Path: C:\WINDOWS\system32\drivers\drmkaud.sys
Init(bytes): 384.00

Module Name: Fastfat
Display Name: Fastfat
Description: Fastfat
Driver Type: File System
Start Mode: Disabled
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 114,304.00
Code(bytes): 8,960.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:15 AM
Path: C:\WINDOWS\system32\drivers\Fastfat.sys
Init(bytes): 8,576.00

Module Name: Fdc
Display Name: Floppy Disk Controller Driver
Description: Floppy Disk Controller Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 384.00
Code(bytes): 19,200.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:25 AM
Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Init(bytes): 3,968.00

Module Name: FETND5BV
Display Name: VIA Rhine-Family Fast Ethernet Adapter Driver Service
Description: VIA Rhine-Family Fast Ethernet Adapter Driver Service
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 32,768.00
BSS(bytes): 0.00
Link Date: 12/16/2004 7:36:28 AM
Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Init(bytes): 2,048.00

Module Name: FETNDIS
Display Name: VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver
Description: VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 18,432.00
BSS(bytes): 0.00
Link Date: 7/20/2001 2:40:24 PM
Path: C:\WINDOWS\system32\DRIVERS\fetnd5.sys
Init(bytes): 2,048.00

Module Name: FileDisk
Display Name: FileDisk
Description: FileDisk
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,536.00
Code(bytes): 1,792.00
BSS(bytes): 0.00
Link Date: 6/11/2003 10:55:05 PM
Path: C:\WINDOWS\system32\drivers\FileDisk.sys
Init(bytes): 1,920.00

Module Name: Fips
Display Name: Fips
Description: Fips
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 3,584.00
Code(bytes): 22,016.00
BSS(bytes): 0.00
Link Date: 8/18/2001 4:31:49 AM
Path: C:\WINDOWS\system32\drivers\Fips.sys
Init(bytes): 768.00

Module Name: Flpydisk
Display Name: Floppy Disk Driver
Description: Floppy Disk Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 11,776.00
Code(bytes): 2,048.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:24 AM
Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Init(bytes): 2,176.00

Module Name: FltMgr
Display Name: FltMgr
Description: FltMgr
Driver Type: File System
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 60,672.00
Code(bytes): 31,232.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:01:17 AM
Path: C:\WINDOWS\system32\drivers\fltmgr.sys
Init(bytes): 7,680.00

Module Name: Ftdisk
Display Name: Volume Manager Driver
Description: Volume Manager Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 102,400.00
Code(bytes): 5,888.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:52:41 PM
Path: C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Init(bytes): 4,096.00

Module Name: gameenum
Display Name: Game Port Enumerator
Description: Game Port Enumerator
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 5,376.00
Code(bytes): 1,280.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:08:20 AM
Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Init(bytes): 1,280.00

Module Name: genmcmn
Display Name: Scroll Mouse Driver
Description: Scroll Mouse Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,696.00
Code(bytes): 2,144.00
BSS(bytes): 0.00
Link Date: 5/29/2002 3:21:36 PM
Path: C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
Init(bytes): 960.00

Module Name: Gernuwa
Display Name: Gernuwa
Description: Gernuwa
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 11,488.00
BSS(bytes): 0.00
Link Date: 10/9/2001 11:14:34 PM
Path: C:\WINDOWS\system32\drivers\Gernuwa.sys
Init(bytes): 512.00

Module Name: Gpc
Display Name: Generic Packet Classifier
Description: Generic Packet Classifier
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 512.00
Code(bytes): 28,416.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:04:11 AM
Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Init(bytes): 1,152.00

Module Name: hidgame
Display Name: Microsoft Hid to Joystick Port Enabler
Description: Microsoft Hid to Joystick Port Enabler
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 3,584.00
Code(bytes): 1,664.00
BSS(bytes): 0.00
Link Date: 8/18/2001 12:02:29 AM
Path: C:\WINDOWS\system32\DRIVERS\hidgame.sys
Init(bytes): 896.00

Module Name: HTTP
Display Name: HTTP
Description: HTTP
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 97,664.00
Code(bytes): 94,208.00
BSS(bytes): 0.00
Link Date: 10/9/2004 2:48:20 AM
Path: C:\WINDOWS\system32\Drivers\HTTP.sys
Init(bytes): 19,840.00

Module Name: i8042prt
Display Name: i8042 Keyboard and PS/2 Mouse Port Driver
Description: i8042 Keyboard and PS/2 Mouse Port Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 23,040.00
Code(bytes): 12,160.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:36 AM
Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Init(bytes): 3,840.00

Module Name: Imapi
Display Name: CD-Burning Filter Driver
Description: CD-Burning Filter Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 19,584.00
Code(bytes): 11,776.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:12 AM
Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Init(bytes): 2,560.00

Module Name: ip6fw
Display Name: IPv6 Windows Firewall Driver
Description: IPv6 Windows Firewall Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 384.00
Code(bytes): 16,896.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:04 AM
Path: C:\WINDOWS\system32\drivers\ip6fw.sys
Init(bytes): 3,584.00

Module Name: IpFilterDriver
Display Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 3,456.00
Code(bytes): 19,840.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:55:07 PM
Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Init(bytes): 2,816.00

Module Name: IpInIp
Display Name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 2,176.00
Code(bytes): 11,776.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:04:45 AM
Path: C:\WINDOWS\system32\DRIVERS\ipinip.sys
Init(bytes): 2,688.00

Module Name: IpNat
Display Name: IP Network Address Translator
Description: IP Network Address Translator
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 5,888.00
Code(bytes): 77,952.00
BSS(bytes): 0.00
Link Date: 9/30/2004 1:28:36 AM
Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Init(bytes): 3,328.00

Module Name: IPSec
Display Name: IPSEC driver
Description: IPSEC driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,536.00
Code(bytes): 62,464.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:27 AM
Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Init(bytes): 2,944.00

Module Name: IRENUM
Display Name: IR Enumerator Service
Description: IR Enumerator Service
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 4,864.00
Code(bytes): 1,664.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:45 AM
Path: C:\WINDOWS\system32\DRIVERS\irenum.sys
Init(bytes): 1,792.00

Module Name: isapnp
Display Name: PnP ISA/EISA Bus Driver
Description: PnP ISA/EISA Bus Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 18,688.00
Code(bytes): 8,704.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:58:01 PM
Path: C:\WINDOWS\system32\DRIVERS\isapnp.sys
Init(bytes): 1,920.00

Module Name: Kbdclass
Display Name: Keyboard Class Driver
Description: Keyboard Class Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 6,528.00
Code(bytes): 6,912.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:32 AM
Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Init(bytes): 4,352.00

Module Name: kmixer
Display Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 105,216.00
Code(bytes): 14,336.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:46 AM
Path: C:\WINDOWS\system32\drivers\kmixer.sys
Init(bytes): 3,072.00

Module Name: KSecDD
Display Name: KSecDD
Description: KSecDD
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 64,000.00
Code(bytes): 10,368.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:45 AM
Path: C:\WINDOWS\system32\drivers\KSecDD.sys
Init(bytes): 2,560.00

Module Name: MarxDev1
Display Name: MarxDev1
Description: MarxDev1
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 6,048.00
BSS(bytes): 0.00
Link Date: 4/12/1999 9:08:40 AM
Path: C:\WINDOWS\system32\drivers\MarxDev1.sys
Init(bytes): 608.00

Module Name: MarxDev2
Display Name: MarxDev2
Description: MarxDev2
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 6,048.00
BSS(bytes): 0.00
Link Date: 4/12/1999 9:08:59 AM
Path: C:\WINDOWS\system32\drivers\MarxDev2.sys
Init(bytes): 608.00

Module Name: MarxDev3
Display Name: MarxDev3
Description: MarxDev3
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 6,048.00
BSS(bytes): 0.00
Link Date: 4/12/1999 9:09:19 AM
Path: C:\WINDOWS\system32\drivers\MarxDev3.sys
Init(bytes): 608.00

Module Name: MMRTKRNL
Display Name: MMRTKRNL
Description: MMRTKRNL
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 5,312.00
Code(bytes): 30,816.00
BSS(bytes): 0.00
Link Date: 5/13/2002 3:08:13 AM
Path: C:\WINDOWS\system32\drivers\mmrtkrnl.sys
Init(bytes): 1,984.00

Module Name: mnmdd
Display Name: mnmdd
Description: mnmdd
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,792.00
Code(bytes): 0.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:57:28 PM
Path: C:\WINDOWS\system32\drivers\mnmdd.sys
Init(bytes): 384.00

Module Name: Modem
Display Name: Modem
Description: Modem
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 20,608.00
Code(bytes): 1,536.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:08:04 AM
Path: C:\WINDOWS\system32\drivers\Modem.sys
Init(bytes): 2,560.00

Module Name: Mouclass
Display Name: Mouse Class Driver
Description: Mouse Class Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 5,888.00
Code(bytes): 6,144.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:32 AM
Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Init(bytes): 4,224.00

Module Name: MountMgr
Display Name: Mount Point Manager
Description: Mount Point Manager
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 33,664.00
Code(bytes): 1,408.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:29 AM
Path: C:\WINDOWS\system32\drivers\MountMgr.sys
Init(bytes): 2,816.00

Module Name: MPE
Display Name: BDA MPE Filter
Description: BDA MPE Filter
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 128.00
Code(bytes): 11,264.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:10:12 AM
Path: C:\WINDOWS\system32\DRIVERS\MPE.sys
Init(bytes): 512.00

Module Name: MPFIREWL
Display Name: MPFIREWL
Description: MPFIREWL
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 256.00
Code(bytes): 51,296.00
BSS(bytes): 0.00
Link Date: 5/6/2004 7:23:59 PM
Path: C:\WINDOWS\system32\Drivers\MpFirewall.sys
Init(bytes): 2,080.00

Module Name: MRxDAV
Display Name: WebDav Client Redirector
Description: WebDav Client Redirector
Driver Type: File System
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 129,024.00
Code(bytes): 26,368.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:49 AM
Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Init(bytes): 6,912.00

Module Name: MRxSmb
Display Name: MRXSMB
Description: MRXSMB
Driver Type: File System
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 275,456.00
Code(bytes): 114,048.00
BSS(bytes): 0.00
Link Date: 1/19/2005 6:26:50 AM
Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Init(bytes): 10,880.00

Module Name: Msfs
Display Name: Msfs
Description: Msfs
Driver Type: File System
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 12,032.00
Code(bytes): 896.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:37 AM
Path: C:\WINDOWS\system32\drivers\Msfs.sys
Init(bytes): 2,560.00

Module Name: MSKSSRV
Display Name: Microsoft Streaming Service Proxy
Description: Microsoft Streaming Service Proxy
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 3,584.00
Code(bytes): 384.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:39 AM
Path: C:\WINDOWS\system32\drivers\MSKSSRV.sys
Init(bytes): 1,280.00

Module Name: MSPCLOCK
Display Name: Microsoft Streaming Clock Proxy
Description: Microsoft Streaming Clock Proxy
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 1,536.00
Code(bytes): 128.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:38 AM
Path: C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Init(bytes): 1,536.00

Module Name: MSPQM
Display Name: Microsoft Streaming Quality Manager Proxy
Description: Microsoft Streaming Quality Manager Proxy
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 1,664.00
Code(bytes): 0.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:39 AM
Path: C:\WINDOWS\system32\drivers\MSPQM.sys
Init(bytes): 1,152.00

Module Name: mssmbios
Display Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 3,840.00
Code(bytes): 4,480.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:47 AM
Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Init(bytes): 1,792.00

Module Name: MSTEE
Display Name: Microsoft Streaming Tee/Sink-to-Sink Converter
Description: Microsoft Streaming Tee/Sink-to-Sink Converter
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 2,560.00
Code(bytes): 0.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:58:38 AM
Path: C:\WINDOWS\system32\drivers\MSTEE.sys
Init(bytes): 512.00

Module Name: ms_mpu401
Display Name: Microsoft MPU-401 MIDI UART Driver
Description: Microsoft MPU-401 MIDI UART Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 384.00
Code(bytes): 128.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:59:59 PM
Path: C:\WINDOWS\system32\drivers\msmpu401.sys
Init(bytes): 256.00

Module Name: Mup
Display Name: Mup
Description: Mup
Driver Type: File System
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 72,832.00
Code(bytes): 14,592.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:15:20 AM
Path: C:\WINDOWS\system32\drivers\Mup.sys
Init(bytes): 5,504.00

Module Name: NABTSFEC
Display Name: NABTS/FEC VBI Codec
Description: NABTS/FEC VBI Codec
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 256.00
Code(bytes): 37,888.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:10:24 AM
Path: C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
Init(bytes): 896.00

Module Name: NaiFiltr
Display Name: NaiFiltr
Description: NaiFiltr
Driver Type: File System
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 11,456.00
Code(bytes): 3,616.00
BSS(bytes): 0.00
Link Date: 8/13/2001 10:14:37 PM
Path: C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
Init(bytes): 3,680.00

Module Name: NDIS
Display Name: NDIS System Driver
Description: NDIS System Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 131,328.00
Code(bytes): 22,272.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:27 AM
Path: C:\WINDOWS\system32\drivers\NDIS.sys
Init(bytes): 7,552.00

Module Name: NdisIP
Display Name: Microsoft TV/Video Connection
Description: Microsoft TV/Video Connection
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 6,912.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:10:12 AM
Path: C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Init(bytes): 1,024.00

Module Name: NdisTapi
Display Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 5,248.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:55:29 PM
Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Init(bytes): 1,152.00

Module Name: Ndisuio
Display Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 768.00
Code(bytes): 7,168.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:03:10 AM
Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Init(bytes): 2,048.00

Module Name: NdisWan
Display Name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 71,552.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:30 AM
Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Init(bytes): 8,192.00

Module Name: NDProxy
Display Name: NDIS Proxy
Description: NDIS Proxy
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 29,184.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:55:30 PM
Path: C:\WINDOWS\system32\drivers\NDProxy.sys
Init(bytes): 2,432.00

Module Name: NetBIOS
Display Name: NetBIOS Interface
Description: NetBIOS Interface
Driver Type: File System
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 12,160.00
Code(bytes): 14,976.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:03:19 AM
Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Init(bytes): 2,432.00

Module Name: NetBT
Display Name: NetBios over Tcpip
Description: NetBios over Tcpip
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 34,048.00
Code(bytes): 109,824.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:36 AM
Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Init(bytes): 6,784.00

Module Name: Npfs
Display Name: Npfs
Description: Npfs
Driver Type: File System
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 21,120.00
Code(bytes): 1,792.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:00:38 AM
Path: C:\WINDOWS\system32\drivers\Npfs.sys
Init(bytes): 3,584.00

Module Name: Ntfs
Display Name: Ntfs
Description: Ntfs
Driver Type: File System
Start Mode: Disabled
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 412,544.00
Code(bytes): 96,000.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:15:06 AM
Path: C:\WINDOWS\system32\drivers\Ntfs.sys
Init(bytes): 14,080.00

Module Name: Null
Display Name: Null
Description: Null
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 384.00
Code(bytes): 0.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:47:39 PM
Path: C:\WINDOWS\system32\drivers\Null.sys
Init(bytes): 384.00

Module Name: nv
Display Name: nv
Description: nv
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 24,032.00
Code(bytes): 1,543,296.00
BSS(bytes): 0.00
Link Date: 4/8/2004 5:30:48 AM
Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Init(bytes): 2,976.00

Module Name: nv4
Display Name: nv4
Description: nv4
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 26,240.00
Code(bytes): 413,696.00
BSS(bytes): 0.00
Link Date: 7/31/2001 6:09:03 AM
Path: C:\WINDOWS\system32\DRIVERS\nv4.sys
Init(bytes): 2,176.00

Module Name: NwlnkFlt
Display Name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 3,968.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:54:05 PM
Path: C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Init(bytes): 640.00

Module Name: NwlnkFwd
Display Name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 25,344.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:54:08 PM
Path: C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Init(bytes): 1,536.00

Module Name: Parport
Display Name: Parallel port driver
Description: Parallel port driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 256.00
Code(bytes): 67,072.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:04 AM
Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Init(bytes): 2,944.00

Module Name: PartMgr
Display Name: Partition Manager
Description: Partition Manager
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 11,136.00
Code(bytes): 1,920.00
BSS(bytes): 0.00
Link Date: 8/18/2001 4:32:23 AM
Path: C:\WINDOWS\system32\drivers\PartMgr.sys
Init(bytes): 2,432.00

Module Name: ParVdm
Display Name: ParVdm
Description: ParVdm
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 1,408.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:49:49 PM
Path: C:\WINDOWS\system32\drivers\ParVdm.sys
Init(bytes): 2,176.00

Module Name: PCI
Display Name: PCI Bus Driver
Description: PCI Bus Driver
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 34,176.00
Code(bytes): 16,000.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:45 AM
Path: C:\WINDOWS\system32\DRIVERS\pci.sys
Init(bytes): 5,632.00

Module Name: Pcmcia
Display Name: Pcmcia
Description: Pcmcia
Driver Type: Kernel
Start Mode: Disabled
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 24,960.00
Code(bytes): 34,816.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:45 AM
Path: C:\WINDOWS\system32\drivers\Pcmcia.sys
Init(bytes): 8,064.00

Module Name: PptpMiniport
Display Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 40,192.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:26 AM
Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Init(bytes): 2,048.00

Module Name: Processor
Display Name: Processor Driver
Description: Processor Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 10,752.00
Code(bytes): 8,192.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:14 AM
Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Init(bytes): 2,816.00

Module Name: PSched
Display Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 3,968.00
Code(bytes): 52,480.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:04:16 AM
Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Init(bytes): 4,480.00

Module Name: Ptilink
Display Name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 12,928.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:49:53 PM
Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Init(bytes): 1,280.00

Module Name: PxHelp20
Display Name: PxHelp20
Description: PxHelp20
Driver Type: Kernel
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 7,936.00
BSS(bytes): 0.00
Link Date: 10/28/2003 8:25:49 PM
Path: C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Init(bytes): 1,184.00

Module Name: RasAcd
Display Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 512.00
Code(bytes): 3,840.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:55:39 PM
Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Init(bytes): 1,664.00

Module Name: Rasl2tp
Display Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 44,672.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:14:21 AM
Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Init(bytes): 2,432.00

Module Name: RasPppoe
Display Name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 31,360.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:05:06 AM
Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Init(bytes): 1,792.00

Module Name: Raspti
Display Name: Direct Parallel
Description: Direct Parallel
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 11,008.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:55:32 PM
Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Init(bytes): 2,048.00

Module Name: Rdbss
Display Name: Rdbss
Description: Rdbss
Driver Type: File System
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 111,872.00
Code(bytes): 35,328.00
BSS(bytes): 0.00
Link Date: 10/28/2004 4:13:57 AM
Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Init(bytes): 8,704.00

Module Name: RDPCDD
Display Name: RDPCDD
Description: RDPCDD
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 1,792.00
Code(bytes): 0.00
BSS(bytes): 0.00
Link Date: 8/17/2001 11:46:56 PM
Path: C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Init(bytes): 384.00

Module Name: rdpdr
Display Name: Terminal Server Device Redirector Driver
Description: Terminal Server Device Redirector Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 92,160.00
Code(bytes): 75,520.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:01:10 AM
Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Init(bytes): 8,576.00

Module Name: RDPWD
Display Name: RDPWD
Description: RDPWD
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 4,224.00
Code(bytes): 121,856.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:01 AM
Path: C:\WINDOWS\system32\drivers\RDPWD.sys
Init(bytes): 1,664.00

Module Name: redbook
Display Name: Digital CD Audio Playback Filter Driver
Description: Digital CD Audio Playback Filter Driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 36,352.00
Code(bytes): 6,656.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:34 AM
Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Init(bytes): 2,048.00

Module Name: Secdrv
Display Name: Secdrv
Description: Secdrv
Driver Type: Kernel
Start Mode: Auto
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 0.00
Code(bytes): 7,072.00
BSS(bytes): 0.00
Link Date: 7/1/2002 11:46:43 AM
Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Init(bytes): 512.00

Module Name: serenum
Display Name: Serenum Filter Driver
Description: Serenum Filter Driver
Driver Type: Kernel
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 7,808.00
Code(bytes): 2,944.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:06 AM
Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Init(bytes): 1,792.00

Module Name: Serial
Display Name: Serial port driver
Description: Serial port driver
Driver Type: Kernel
Start Mode: System
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 30,464.00
Code(bytes): 12,160.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:15:51 AM
Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Init(bytes): 9,344.00

Module Name: Sfloppy
Display Name: Sfloppy
Description: Sfloppy
Driver Type: Kernel
Start Mode: System
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 3,968.00
Code(bytes): 2,432.00
BSS(bytes): 0.00
Link Date: 8/4/2004 8:59:53 AM
Path: C:\WINDOWS\system32\drivers\Sfloppy.sys
Init(bytes): 1,664.00

Module Name: SLIP
Display Name: BDA Slip De-Framer
Description: BDA Slip De-Framer
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 128.00
Code(bytes): 6,400.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:10:13 AM
Path: C:\WINDOWS\system32\DRIVERS\SLIP.sys
Init(bytes): 512.00

Module Name: splitter
Display Name: Microsoft Kernel Audio Splitter
Description: Microsoft Kernel Audio Splitter
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop: FALSE
Accept Pause: FALSE
Paged Pool(bytes): 2,560.00
Code(bytes): 384.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:07:46 AM
Path: C:\WINDOWS\system32\drivers\splitter.sys
Init(bytes): 896.00

Module Name: sr
Display Name: System Restore Filter Driver
Description: System Restore Filter Driver
Driver Type: File System
Start Mode: Boot
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 54,784.00
Code(bytes): 2,048.00
BSS(bytes): 0.00
Link Date: 8/4/2004 9:06:22 AM
Path: C:\WINDOWS\system32\DRIVERS\sr.sys
Init(bytes): 4,096.00

Module Name: Srv
Display Name: Srv
Description: Srv
Driver Type: File System
Start Mode: Manual
State: Running
Status: OK
Accept Stop: TRUE
Accept Pause: FALSE
Paged Pool(bytes): 237,440.00
Code(bytes): 54,144.00
BSS(bytes): 0.00
Link Date: 5/10/2005 3:17:49 AM
Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Init(bytes): 7,936.00

Module Name: streamip
Display Name: BDA IPSink
Description: BDA IPSink
Driver Type: Kernel
Start Mode: Manual
State: Stopped
Status: OK
Accept Stop:
  • 0

#65
Metallica
Posted 25 June 2005 - 12:00 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Nothing unexplained in there.

Please download:
http://www.mythicsof...m/agentransack/

Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.

In the bottom bar type or paste UPX!
Then click Start Search.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Regards,
  • 0

#66
phantomas
Posted 26 June 2005 - 01:54 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
The contents file is to long and i have problems posting it. Isn't there any other way for u to view it? Or maybe it would be better if i removed some parts of it?
  • 0

#67
Metallica
Posted 26 June 2005 - 03:27 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
In the Save dialog box there should be an option to only list filenames.
Use that one please.

Regards,
  • 0

#68
phantomas
Posted 26 June 2005 - 05:08 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
This is what File Locator Pro found:

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\SpyData.dat 21,644 KB 6/26/2005 1:06:10 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\~DFE122.tmp 21,648 KB 6/18/2005 5:54:58 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\~DFD8B3.tmp 21,648 KB 6/20/2005 12:37:18 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\Getvlist.exe 35 KB 3/24/2005 3:50:48 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\MWAVL.exe 90 KB 5/9/2005 1:39:14 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\MWAVReg.EXE 172 KB 5/16/2005 7:15:30 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\mwavscan.com 191 KB 6/8/2005 12:34:12 AM
C:\Documents and Settings\zuzu\Local Settings\Temp\viewtcp.exe 342 KB 4/25/2005 12:25:34 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\~DFF456.tmp 21,648 KB 6/23/2005 8:34:06 PM
C:\Documents and Settings\zuzu\Local Settings\Temp\~DF8747.tmp 21,648 KB 6/24/2005 7:37:28 PM
C:\Documents and Settings\zuzu\Local Settings\Temporary Internet Files\Content.IE5\G54NUHW1\wbkC.tmp 93 KB 6/26/2005 9:51:54 AM
C:\Program Files\WinRAR\Default.SFX 46 KB 6/13/2005 10:00:06 AM
C:\Program Files\WinRAR\Dos.SFX 92 KB 6/13/2005 10:00:06 AM
C:\Program Files\WinRAR\WinCon.SFX 36 KB 3/4/2002 12:20:08 AM
C:\Program Files\WinRAR\Zip.SFX 31 KB 6/13/2005 10:00:06 AM
C:\Program Files\WinRAR\TSRH_WRAR3B4ENG_CRK.EXE 5 KB 6/13/2005 10:00:06 AM
C:\Program Files\RKFiles\rkfiles.bat 4 KB 1/17/2005 7:15:10 PM
C:\Program Files\RKFiles\log.txt 1 KB 6/22/2005 4:52:14 PM
C:\Program Files\WinAce\ace.dll 226 KB 6/13/2005 10:22:20 AM
C:\Program Files\WinAce\sfxfiles\dos32.sfx 64 KB 6/13/2005 10:22:24 AM
C:\Program Files\WinAce\sfxfiles\win32cl.sfx 46 KB 6/13/2005 10:22:26 AM
C:\Program Files\Winamp\Plugins\lame_enc.dll 132 KB 12/21/2001 9:48:44 AM
C:\Program Files\Winamp\Plugins\nsvdec_vp5.dll 65 KB 6/13/2005 10:22:48 AM
C:\Program Files\Winamp\Plugins\nsvdec_vp6.dll 67 KB 6/13/2005 10:22:48 AM
C:\Program Files\HijackThis\HijackThis.exe 213 KB 6/13/2005 10:25:04 AM
C:\Program Files\Find-It's\FindIt's.bat 7 KB 6/13/2005 10:25:06 AM
C:\Program Files\Find-It's\log.txt 2 KB 6/13/2005 10:25:06 AM
C:\Program Files\HJT and more 1\HijackThis.exe 213 KB 2/16/2005 11:06:16 AM
C:\Program Files\PFind\ah.exe 6 KB 4/15/2004 10:15:00 PM
C:\Program Files\PFind\grep.exe 38 KB 4/14/2003
C:\Program Files\PFind\locate.com 11 KB 12/9/2003 1:31:00 AM
C:\Program Files\PFind\patterns.txt 1 KB 5/18/2005 5:55:10 PM
C:\Program Files\PFind\strings.exe 18 KB 3/10/2004 7:01:00 AM
C:\Program Files\PFind\UNIX2DOS.EXE 21 KB 10/11/2000 11:55:00 AM
C:\Program Files\PFind\pfind.txt 22 KB 6/24/2005 1:20:12 PM
C:\Program Files\Webteh\BSPlayer\bsplay.exe 13 KB 6/13/2005 10:25:46 AM
C:\Program Files\Webteh\BSPlayer\bplay.exe 13 KB 6/13/2005 10:25:46 AM
C:\Program Files\Crystal Player\Crystal.exe 722 KB 6/13/2005 10:25:58 AM
C:\Program Files\Crystal Player\VPlayer.exe 606 KB 6/13/2005 10:26:00 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP324\A0187334.exe 45 KB 6/20/2005 12:32:10 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187471.exe 45 KB 6/20/2005 6:41:34 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187499.exe 45 KB 6/21/2005 10:37:32 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187556.exe 45 KB 6/21/2005 4:38:42 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187612.exe 223 KB 6/20/2005 10:00:36 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187641.exe 45 KB 6/22/2005 10:28:16 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187712.exe 45 KB 6/22/2005 6:22:20 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0187725.exe 45 KB 6/23/2005 10:07:18 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0188763.exe 45 KB 6/23/2005 4:26:32 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0188819.exe 45 KB 6/24/2005 10:03:56 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0188824.exe 45 KB 6/24/2005 4:17:54 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0188825.exe 169 KB 6/13/2005 10:54:56 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP325\A0190162.exe 45 KB 6/25/2005 7:19:20 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP326\A0190180.exe 45 KB 6/25/2005 2:25:48 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP326\A0190225.exe 45 KB 6/25/2005 8:26:16 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP313\A0175970.msi 813 KB 6/14/2005 3:33:32 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP316\A0177569.exe 92 KB 11/7/2002 2:13:20 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP322\A0184991.exe 107,212 KB 6/19/2005 6:30:36 PM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP327\A0190285.exe 45 KB 6/26/2005 7:18:14 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP327\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1715567821-920026266-1060284298-1003 4,924 KB 6/26/2005 11:15:52 AM
C:\System Volume Information\_restore{F6ADD3E3-49B3-474B-ACA4-923BC321744A}\RP328\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1715567821-920026266-1060284298-1003 4,924 KB 6/26/2005 11:24:18 AM
C:\WINDOWS\daemon.dll 68 KB 3/15/2004 7:28:50 PM
C:\WINDOWS\lhsp\tv\tv_enua.dll 1,247 KB 6/13/2005 10:34:10 AM
C:\WINDOWS\Downloaded Installations\DAEMON Tools 3.46\daemon.msi 813 KB 6/14/2005 3:33:32 PM
C:\WINDOWS\Driver Cache\i386\sp2.cab 21,724 KB 6/13/2005 10:58:20 AM
C:\WINDOWS\system32\ntfsnlpa.exe 45 KB 6/26/2005 7:18:14 AM
C:\WINDOWS\system32\Butterfly Oasis Screensaver.scr 1,934 KB 6/13/2005 10:54:40 AM
C:\WINDOWS\system32\dllcache\hwxcht.dll 9,860 KB 8/23/2001 3:00:00 PM
C:\WINDOWS\system32\dllcache\hwxkor.dll 9,892 KB 8/23/2001 3:00:00 PM
C:\WINDOWS\ServicePackFiles\i386\sp2.cab 21,724 KB 6/13/2005 10:58:20 AM
  • 0

#69
Metallica
Posted 26 June 2005 - 05:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Another clue that a rootkit is doing this.

Can you download and install:
http://www.sysintern...itRevealer.html
Post the log it makes after running it.

Regards,
  • 0

#70
phantomas
Posted 26 June 2005 - 07:09 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I hope this log will help u more than the other ones did:

HKLM\SOFTWARE\Classes\ 12/7/2003 8:51 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341\ProductName 6/14/2005 3:34 PM 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 6/26/2005 4:01 PM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}\DisplayName 6/14/2005 3:34 PM 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\d346prt\Cfg\0Jf40 6/26/2005 12:51 PM 0 bytes Hidden from Windows API.
  • 0

Advertisements

#71
phantomas
Posted 26 June 2005 - 08:50 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Man i'm wondering if i'll ever get rid of this unknown malware. I encountered a new problem: I'm unable to set display properties in Windows XP. It was working but now when I right click on the desktop and click properties, all I get is the tab
to change my theme. I am missing the other tabs such as appearance, effects, settings & background. This is also true when I try to click the control panel
item Display Icon. I have already tried system restore but i didn't get any result.
There are 3 files that keep reinstalling on my computer (cisvvc.exe, x.exe, rdsndin.exe) and i think my problems are strongly related to them. I still can't see killbox.exe in the folder that i extracted it to and i keep being redirected to online poker rooms. But at least one good thing seems to have happened: those adult and spyware removal tools URLs didn't reappear in my favorites folder.
Did the above log help u?
  • 0

#72
Metallica
Posted 26 June 2005 - 09:08 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Copy the part in bold below into notepad and save it as permitall.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-


Doubleclick the file and confirm you want to merge it with the registry.

Reboot and check under Properties of your desktop if the Browse button is usable again.

Did you install the daemon tools yourself?

Regards,
  • 0

#73
phantomas
Posted 26 June 2005 - 09:46 AM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I performed the registry merging and rebooted. My current theme was changed to windows classic theme but i still can't customize the appearance, the background image and the screensaver. The only one available is the theme changing.
Yes I installed Daemon tools.
What should i do next?
  • 0

#74
Metallica
Posted 26 June 2005 - 01:15 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I haven't got the foggiest.

Can you post a new HijackThis log ?

I am curious to see if anything changed.

On second thought;

Can you download this customized version of HijackThis:
HJT + extra

and follow the instructions here to post a both.log
metallica site#BOTHLOG

Regards,
  • 0

#75
phantomas
Posted 26 June 2005 - 01:51 PM

phantomas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
The both.log u asked:
Logfile of HijackThis v1.99.1
Scan saved at 10:38:06 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ups.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\soundman.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\progra~1\mcafee\MCAFEE~3\MssCli.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HJT and more 1\HijackThis.exe
C:\WINDOWS\system32\ping.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\MssCli.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116515090922
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDA07E47-DA14-4C18-8C66-C9F7EDFE1D12}: NameServer = 213.157.176.3,213.157.176.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F27196C4-5FB7-405D-94F4-320A5D32799A}: NameServer = 213.157.176.3,213.157.176.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplorer.exe
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe"
"mouseElf"="C:\\PROGRA~1\\GENIUS~1\\GNETMOUS.EXE"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"McAfee Guardian"="C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe /SU"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~3\\MssCli.exe"
"MPFExe"="C:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.EXE"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"McRegWiz"="c:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu]
@="{85BBD920-42A0-1069-A2E4-08002B30309D}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido]
@="{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR]
@="{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail]
@="{5464D816-CF16-4784-B9F3-75C0DB52B499}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Scheduled Tasks Folder Contents
*
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-GD6EI2KFXM-zuzu).job
C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-GD6EI2KFXM-Arty).job
C:\WINDOWS\Tasks\McAfee.com Update Check (ATOMIC_BROTHERS-zuzu).job
C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-GD6EI2KFXM-Guest).job
C:\WINDOWS\Tasks\McAfee AntiSpyware.job


I also ran silent runners.vbs:

"Silent Runners.vbs", revision 38, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "soundman.exe" ["Avance Logic, Inc."]
"mouseElf" = "C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [" "]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"McAfee Guardian" = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU" ["Network Associates, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"_AntiSpyware" = "c:\progra~1\mcafee\MCAFEE~3\MssCli.exe" ["McAfee, Inc."]
"MPFExe" = "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE" ["McAfee Security"]
"WinPatrol" = "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" ["BillP Studios"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"McRegWiz" = "c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814}\(Default) = "McAfee Privacy Service Helper Object" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL" ["Network Associates, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\YAHOO!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee\mcafee antispyware\mssshell.dll" ["McAfee, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5}" = "McAfee Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee Privacy Service\GDSHEXT.DLL" ["Network Associates, Inc."]
INFECTION WARNING! "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee\mcafee antispyware\mssshell.dll" ["McAfee, Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csnxy.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! PCANotify\DLLName = "PCANotify.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\BUTTER~1.SCR" (Butterfly Oasis Screensaver.scr) ["GAIN Publishing"]


Startup items in "zuzu" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (HOME-GD6EI2KFXM-zuzu)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-GD6EI2KFXM-Arty)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (ATOMIC_BROTHERS-zuzu)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-GD6EI2KFXM-Guest)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee AntiSpyware" -> launches: "c:\progra~1\mcafee\MCAFEE~3\mcspy.exe /cmd:Schedule" ["McAfee, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{CC4B2EE6-4803-11D7-8A38-00B0D0C6B814}\ = "McAfee Privacy Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL" ["Network Associates, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{CC4B2EE5-4803-11D7-8A38-00B0D0C6B814}\
"ButtonText" = "Privacy Bar"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee Privacy Service, GuardDogEXE, ""C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE" ["Network Associates, Inc."]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "aw_host" [file not found]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Kaspersky online virus scanner foun this malware on my computer:
Trojan-Dropper.Win32.Small.zx

I hope this thread won't be closed until u find a solution for me... :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP