suspected malware/spyware mouse hangs regularly, cpu @100% when it happens.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:57:14.51 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.470 [GMT 1:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Tall Emu\Online Armor\OAui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Micronet Wireless Network Utility\RtWlan.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Device Detection] c:\program files\fujifilm\myfinepix studio\dd.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [<NO NAME>]
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micron~1.lnk - c:\program files\micronet wireless network utility\RtWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - hxxp://www.itb.ie/xplug.ocx
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209905435062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219358941921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {958C3114-567D-4B3A-820F-27F6B62D25D2} = 192.168.2.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\q2jzezui.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-5-9 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-5-9 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\oanet.sys [2008-5-9 29560]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-4-9 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-5-9 3360760]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-6 38224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-17 27632]
S0 cscm;cscm;c:\windows\system32\drivers\cyyw.sys --> c:\windows\system32\drivers\cyyw.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2008-2-22 4224]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S3 RTLWUSB;Micronet SP907GK Wireless LAN USB Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-5-2 172416]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-4-12 13532]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2010-8-1 131776]
=============== Created Last 30 ================
2010-08-21 19:20:53 3495784 -c--a-w- c:\windows\system32\d3dx9_33.dll
2010-08-21 19:20:14 0 dc----w- c:\docume~1\alluse~1\applic~1\FUJIFILM
2010-08-21 19:20:00 0 dc----w- c:\program files\FUJIFILM
2010-08-05 21:01:03 221568 -c----w- c:\windows\system32\MpSigStub.exe
2010-08-05 20:52:16 0 dc----w- c:\program files\Microsoft Security Essentials
2010-08-03 19:13:24 1580505 -c--a-w- c:\documents and settings\administrator\ckmmap.bmp
2010-08-03 19:09:46 1580547 -c--a-w- c:\documents and settings\administrator\castleknockmeetingmap
2010-08-01 17:55:30 49152 -c--a-w- c:\windows\system32\STVSCALE.DLL
2010-08-01 17:55:30 34860 -c--a-w- c:\windows\system32\STVqx3U.CFG
2010-08-01 17:55:30 30720 -c--a-w- c:\windows\system32\vvlcodec.dll
2010-08-01 17:55:30 237568 -c--a-w- c:\windows\system32\STVqx3U.DLL
2010-08-01 17:55:29 49152 -c--a-w- c:\windows\system32\STVqx3TG.DLL
2010-08-01 17:55:29 331776 -c--a-w- c:\windows\system32\g2video1.ocx
2010-08-01 17:55:29 131776 -c--a-w- c:\windows\system32\drivers\STVqx3.SYS
2010-08-01 17:53:57 737280 -c--a-w- c:\windows\system32\IBFX2.ax
2010-08-01 17:53:50 655360 -c--a-w- c:\windows\system32\IBFX.ax
2010-08-01 17:53:50 319488 -c--a-w- c:\windows\system32\MicroCap.ax
2010-08-01 17:53:50 24576 -c--a-w- c:\windows\system32\GatedPinTee.ax
2010-08-01 17:53:50 235520 -c--a-w- c:\windows\system32\simage.ax
2010-08-01 17:53:41 929844 -c--a-w- c:\windows\system32\MFC42D.DLL
2010-08-01 17:53:41 385100 -c--a-w- c:\windows\system32\MSVCRTD.DLL
2010-08-01 17:53:37 0 dc----w- c:\program files\Intel Play
2010-08-01 17:44:35 98224311 -c--a-w- C:\QX3Plus.exe
==================== Find3M ====================
2010-07-17 04:00:04 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 -c--a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 -c--a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 -c--a-w- c:\windows\system32\GPhotos.scr
2008-08-26 13:56:50 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat
============= FINISH: 20:05:46.48 ===============
Virustotal report, c:\windows\system32\drivers\SjyPkt.sys
I could not find c:\windows\system32\drivers\cyyw.sys
This is the report for c:\windows\system32\drivers\SjyPkt.sys
Is this what you wanted?
SjyPkt.sys
Submission date:
2010-09-09 16:14:00 (UTC)
Current status:
queued (#3) queued (#3) analysing finished
Result:
0/ 43 (0.0%)
VT Community
goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.01 2010.09.09 -
AntiVir 8.2.4.50 2010.09.09 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.09 -
Avast 4.8.1351.0 2010.09.09 -
Avast5 5.0.594.0 2010.09.09 -
AVG 9.0.0.851 2010.09.09 -
BitDefender 7.2 2010.09.09 -
CAT-QuickHeal 11.00 2010.09.09 -
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6026 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 -
Emsisoft 5.0.0.37 2010.09.09 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7844 2010.09.09 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.09 -
Fortinet 4.1.143.0 2010.09.09 -
GData 21 2010.09.09 -
Ikarus T3.1.1.88.0 2010.09.09 -
Jiangmin 13.0.900 2010.09.09 -
K7AntiVirus 9.63.2483 2010.09.09 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 -
McAfee-GW-Edition 2010.1B 2010.09.09 -
Microsoft 1.6103 2010.09.09 -
NOD32 5437 2010.09.09 -
Norman 6.06.05 2010.09.09 -
nProtect 2010-09-09.03 2010.09.09 -
Panda 10.0.2.7 2010.09.08 -
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6852 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.25.0 2010.09.09 -
Additional information
Show all
MD5 : 3d7ef286e806f9bd9339aa52e28dcd67
SHA1 : 431d2dd1c273a1bbf59fd50fa277fc0c1ebfb29f
SHA256: 24d602b7ddf7718a1f149d35b24c2345d0dde6e8b8a7fdf35062c24a6d13226d
ssdeep: 192:X7xBY2LAtt25rdSEPkVijpmBrl+sJCdk+NI04u+Pt:X7xBY2+45aVijpmBRCkJO+Pt
File size : 13532 bytes
First seen: 2008-12-15 17:41:33
Last seen : 2010-09-09 16:14:00
TrID:
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Windows (R) 2000 DDK provider
copyright....: Copyright (C) Microsoft Corp. 1981-1999
product......: Windows (R) 2000 DDK driver
description..: Sample NDIS 5.0 Protocol Driver
original name: PACKET.SYS
internal name: PACKET.SYS
file version.: 5.00.2195.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x3A0
timedatestamp....: 0x3D9A4467 (Wed Oct 02 00:57:11 2002)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x2C0, 0x112A, 0x1140, 6.21, f812a1ddb11d35f538820fbf430d9a9f
.rdata, 0x1400, 0xE4, 0x100, 2.54, 524eadd31e9c3f9b8116648a754eb3eb
.data, 0x1500, 0x1426, 0x1440, 0.00, 599c0a883d09e059b38411330fd1794c
INIT, 0x2940, 0x398, 0x3A0, 4.98, aca4f180ad1f43fcab776be5cdef9741
.rsrc, 0x2CE0, 0x3B8, 0x3C0, 3.42, 89fe2fc24016f5e4fbff2a11f757817e
.reloc, 0x30A0, 0x156, 0x160, 4.95, 419aa13ee2f6298223ae58a82e844361
[[ 3 import(s) ]]
ntoskrnl.exe: KeInitializeSpinLock, IoFreeMdl, KeInitializeDpc, KeCancelTimer, KeSetTimer, KeInitializeTimer, MmMapLockedPages, RtlQueryRegistryValues, RtlCompareUnicodeString, IoCreateDevice, ExfInterlockedRemoveHeadList, ExfInterlockedInsertTailList, IofCompleteRequest, IoDeleteDevice, RtlInitUnicodeString, ExAllocatePoolWithTag, ExFreePool, MmMapLockedPagesSpecifyCache, IoBuildPartialMdl, IoAllocateMdl
HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock
NDIS.SYS: NdisUnchainBufferAtFront, NdisAllocatePacket, NdisCloseAdapter, NdisFreePacketPool, NdisAllocatePacketPool, NdisOpenAdapter, NdisRegisterProtocol, NdisDeregisterProtocol, NdisFreePacket
VT Community
1
User:
Anonymous
Reputation:
1 credits
Comment date:
2010-08-27 18:43:21 (UTC)
It's part of Realtec Wireless Driver.
For example: RTL8187 Wireless 802.11g
Tags: Goodware,
systemlook log for cyyw.sys
SystemLook 04.09.10 by jpshortstuff
Log created at 17:33 on 09/09/2010 by Administrator
Administrator - Elevation successful
========== filefind ==========
Searching for "c:\windows\system32\drivers\cyyw.sys"
No files found.
-= EOF =-