BleepingComputer.com: Windows Vista - redirect/other viruses

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Windows Vista - redirect/other viruses Need help

#1 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 13 June 2011 - 12:16 AM

Per instructions from a previous thread -
http://www.bleepingcomputer.com/forums/topic401606.html

I've got a virus that does the following

Symptoms:
- redirects google searches to websites like www.aloneinthedark.com or www.weblinksonline.net etc.
and other random fake search engine sites (MBAM tries to block)
- iexplore is always open in the background
- a music or a video will play occasionally / randomly if i don't end the "iexplore" process
- my start menu, even though it has folders, when I click on a folder e.g. "Microsoft Office" it says its empty. (Even thought it is there in program files)
- in msconfig.exe - there's an unknown startup item LDGgl.exe



What I've tried to do:
- safe mode with Malware Bytes & Super anti spyware
- Also used "unhide" to get my icons back as the virus made them all hidden.


Appreciate any help,

Thanks,




.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Run by khoi at 14:18:37 on 2011-06-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1669 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\CNAB3RPK.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Telstra\Telstra Connection Manager\WaHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smh.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SmsDiscount] "c:\program files\smsdiscount.com\smsdiscount\SmsDiscount.exe" -nosplash -minimized
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ybaS886PuG6WQ] \LGDjl.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\telstra\telstra connection manager\WaHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3026B4E5-804E-4E92-9E32-217AC2342399} : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{61463C01-84EA-4D47-9395-7F5604333C7C} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C9D35FAD-5907-46E7-8DD9-DFF9336DA617} : DhcpNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\khoi\appdata\roaming\mozilla\firefox\profiles\6ljw1g95.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\khoi\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\khoi\appdata\roaming\idm\idmmzcc3
FF - Ext: XULRunner: {CF1C9541-EAC3-4D57-8E66-27A7E8161B1D} - c:\users\khoi\appdata\local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-3 73728]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-3-29 86792]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-20 366640]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-12-3 179712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 22712]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2008-12-3 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2008-12-3 234720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-20 39984]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-7-22 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
.
=============== Created Last 30 ================
.
2011-06-13 01:39:13 54016 ----a-w- c:\windows\system32\drivers\cmhi.sys
2011-06-13 00:27:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 15:25:29 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{856c1d40-0bc8-4768-9c85-25741d19ce0a}\mpengine.dll
2011-05-29 03:30:23 -------- d-----w- C:\SDFix
2011-05-29 03:29:14 -------- d-----w- c:\users\khoi\appdata\roaming\SUPERAntiSpyware.com
2011-05-29 03:29:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-29 03:29:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-29 03:20:37 -------- d-----w- c:\users\khoi\appdata\roaming\Fighters
2011-05-29 03:20:35 -------- d-----w- c:\users\khoi\appdata\local\PackageAware
2011-05-29 03:11:48 388096 ----a-r- c:\users\khoi\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-23 11:33:27 -------- d-----w- c:\users\khoi\appdata\roaming\Ibar
2011-05-23 11:33:27 -------- d-----w- c:\users\khoi\appdata\roaming\Ajcyko
2011-05-23 09:04:34 -------- d-----w- c:\users\khoi\appdata\roaming\Upjey
2011-05-23 09:04:34 -------- d-----w- c:\users\khoi\appdata\roaming\Pawagy
2011-05-21 10:17:39 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-21 10:17:25 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-21 10:13:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-21 10:13:08 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-21 00:13:43 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-20 15:53:38 0 ----a-w- c:\users\khoi\appdata\local\Fzasivewavadejuz.bin
2011-05-20 15:53:36 -------- d-----w- c:\users\khoi\appdata\local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}
2011-05-20 15:50:59 -------- d-----w- c:\programdata\aJ06509JhGdI06509
2011-05-19 04:56:12 -------- d-----w- c:\programdata\kP06509MiFnB06509
2011-05-14 13:04:59 94208 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-05-14 13:04:59 140864 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-14 13:04:56 -------- d-----w- c:\program files\Real Alternative
.
==================== Find3M ====================
.
2011-05-28 23:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 09:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 17:46:40 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
============= FINISH: 14:19:32.08 ===============

Attached File(s)

  • Attached File  Attach.txt (5.86K)
    Number of downloads: 2
  • Attached File  ark.txt (33.79K)
    Number of downloads: 7

This post has been edited by khoi242: 13 June 2011 - 12:17 AM

#2 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 14 June 2011 - 01:15 AM

Hello and :welcome:

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#3 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 15 June 2011 - 06:06 AM

My Computer is unable to open any programs now as I get the error,


"Illegal operation attempted on a registry key that has been marked for deletion"



COMBO LOG per below;



ComboFix 11-06-14.03 - khoi 15/06/2011 20:36:36.1.2 - x86
Running from: c:\users\khoi\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Fearghus
c:\users\khoi\AppData\Roaming\.#
c:\users\khoi\AppData\Roaming\.#\MBX@112C@1A42758.###
c:\users\khoi\AppData\Roaming\.#\MBX@112C@1A42788.###
c:\users\khoi\AppData\Roaming\.#\MBX@1474@1B02758.###
c:\users\khoi\AppData\Roaming\.#\MBX@1474@1B02788.###
c:\users\khoi\AppData\Roaming\.#\MBX@5B0@1C62758.###
c:\users\khoi\AppData\Roaming\.#\MBX@5B0@1C62788.###
c:\users\khoi\AppData\Roaming\.#\MBX@A14@1792758.###
c:\users\khoi\AppData\Roaming\.#\MBX@A14@1792788.###
c:\users\khoi\AppData\Roaming\.#\MBX@B60@1EA2758.###
c:\users\khoi\AppData\Roaming\.#\MBX@B60@1EA2788.###
c:\users\khoi\AppData\Roaming\Adobe\plugs
c:\users\khoi\AppData\Roaming\Adobe\plugs\mmc1.exe
c:\users\khoi\AppData\Roaming\Adobe\plugs\mmc123720680.txt
c:\users\khoi\AppData\Roaming\Adobe\shed
c:\users\khoi\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\khoi\AppData\Roaming\Microsoft\Windows\Recent\NEW nCODE RELEASES & BACKUPS DAiLY.url
c:\users\khoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\khoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\khoi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\windows\security\Database\tmp.edb
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 10:47 . 2011-06-15 10:50 -------- d-----w- c:\users\khoi\AppData\Local\temp
2011-06-15 10:47 . 2011-06-15 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-15 09:05 . 2011-06-15 09:05 -------- d-----w- C:\32788R22FWJFW
2011-06-13 00:27 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 15:25 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{856C1D40-0BC8-4768-9C85-25741D19CE0A}\mpengine.dll
2011-05-29 03:30 . 2011-05-29 04:43 -------- d-----w- C:\SDFix
2011-05-29 03:29 . 2011-05-29 03:29 -------- d-----w- c:\users\khoi\AppData\Roaming\SUPERAntiSpyware.com
2011-05-29 03:29 . 2011-05-29 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-29 03:29 . 2011-05-29 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-29 03:20 . 2011-05-29 03:20 -------- d-----w- c:\users\khoi\AppData\Roaming\Fighters
2011-05-29 03:20 . 2011-05-29 03:20 -------- d-----w- c:\users\khoi\AppData\Local\PackageAware
2011-05-29 03:11 . 2011-05-29 03:11 388096 ----a-r- c:\users\khoi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 11:33 . 2011-05-23 12:09 -------- d-----w- c:\users\khoi\AppData\Roaming\Ibar
2011-05-23 11:33 . 2011-05-23 11:40 -------- d-----w- c:\users\khoi\AppData\Roaming\Ajcyko
2011-05-23 09:04 . 2011-05-23 11:06 -------- d-----w- c:\users\khoi\AppData\Roaming\Pawagy
2011-05-23 09:04 . 2011-05-23 09:29 -------- d-----w- c:\users\khoi\AppData\Roaming\Upjey
2011-05-21 10:17 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-21 10:17 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-21 10:13 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-21 10:13 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-21 00:13 . 2011-05-21 00:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-21 00:03 . 2011-05-21 00:03 -------- d-----w- c:\windows\Sun
2011-05-20 15:53 . 2011-05-20 15:53 0 ----a-w- c:\users\khoi\AppData\Local\Fzasivewavadejuz.bin
2011-05-20 15:53 . 2011-05-20 15:53 -------- d-----w- c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}
2011-05-20 15:50 . 2011-05-20 16:08 -------- d-----w- c:\programdata\aJ06509JhGdI06509
2011-05-19 04:56 . 2011-05-19 05:29 -------- d-----w- c:\programdata\kP06509MiFnB06509
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 23:11 . 2009-02-20 00:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 09:14 . 2009-10-04 01:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 17:46 . 2011-03-28 17:51 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-23 3270040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-12-03 36864]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-28 1047656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-15 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-15 92704]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-13 562456]
"WatcherHelper"="c:\program files\Telstra\Telstra Connection Manager\WaHelper.exe" [2009-08-14 62744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-28 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-28 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-02 06:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 15:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-09 24216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-28 39984]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-07-22 197504]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 148992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-08 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-28 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-28 22712]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-12-03 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-12-03 234720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 07:58]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 07:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smh.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: QQ - c:\program files\Tencent\QQIntl\Bin\AddEmotion.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\khoi\AppData\Roaming\Mozilla\Firefox\Profiles\6ljw1g95.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\khoi\AppData\Roaming\IDM\idmmzcc3
FF - Ext: XULRunner: {CF1C9541-EAC3-4D57-8E66-27A7E8161B1D} - c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SmsDiscount - c:\program files\SmsDiscount.com\SmsDiscount\SmsDiscount.exe
HKCU-Run-ybaS886PuG6WQ - \LGDjl.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3107805794-2489986136-2654191599-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,c4,65,8f,ff,3e,43,41,2a,3a,ff,3b,9e,08,b7,f5,91,e8,69,82,35,
35,81,d8,78,2d,51,f8,46,8d,66,63,cb,c0,87,d9,6f,86,49,b7,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3107805794-2489986136-2654191599-1000_Classes\CLSID\{98768bbb-7ab5-4c7e-a1a4-d5ca7f03edca}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000008f
"Therad"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2976)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\system32\STacSV.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\conime.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-06-15 20:56:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-15 10:56
ComboFix2.txt 2009-06-22 14:48
.
Pre-Run: 46,092,034,048 bytes free
Post-Run: 46,379,835,392 bytes free
.
- - End Of File - - 33B15FF6B1B47EEBFD9F175CBE2082E4

#4 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 15 June 2011 - 06:17 AM

Download and Run RKill

Please download and run the following tool to help allow other programs to run. (Thanks to Grinler of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of these to run, not all of them.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once it is downloaded, right-click and choose Run as Administrator[/] on the rkill.com in order to automatically try to stop any processes associated with rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next steps.

If you get a message rkill is an infection, do not be concerned. The message is just a fake warning by some rogue programs when it terminates programs that may potentially remove it. The trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this should allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue processes. Continue to try running Rkill until the malware is no longer running. You will then be able to proceed with the next steps.

Do not reboot your computer after running rkill as the malware programs will start again.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and right-click and choose [i]Run as Administrator on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Can you please also advise how your system is running now?
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#5 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 15 June 2011 - 06:37 AM

I'm not able to run Rkill "com,exe, and scr"

Same error of "Illegal operation attempted on registry key that has been marked for deletion"

Also, can't download the 4th one due to dead link.

Should I still proceed with tdss program?

also,
I've just restarted my computer. (not sure if i should do this)

This post has been edited by khoi242: 15 June 2011 - 07:30 AM

#6 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 15 June 2011 - 07:27 AM

Please give it a try. Be sure to right-click and choose Run as Administrator on it. If it doesn't work let me know.
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#7 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 15 June 2011 - 07:47 AM

Restarted the computer.
Rkill now works.
doing TDSS now.

#8 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 15 June 2011 - 07:51 AM

2011/06/15 22:46:05.0988 2492 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 22:46:07.0050 2492 ================================================================================
2011/06/15 22:46:07.0050 2492 SystemInfo:
2011/06/15 22:46:07.0050 2492
2011/06/15 22:46:07.0050 2492 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/15 22:46:07.0050 2492 Product type: Workstation
2011/06/15 22:46:07.0050 2492 ComputerName: DEFAULT
2011/06/15 22:46:07.0050 2492 UserName: khoi
2011/06/15 22:46:07.0050 2492 Windows directory: C:\Windows
2011/06/15 22:46:07.0050 2492 System windows directory: C:\Windows
2011/06/15 22:46:07.0050 2492 Processor architecture: Intel x86
2011/06/15 22:46:07.0050 2492 Number of processors: 2
2011/06/15 22:46:07.0050 2492 Page size: 0x1000
2011/06/15 22:46:07.0050 2492 Boot type: Normal boot
2011/06/15 22:46:07.0050 2492 ================================================================================
2011/06/15 22:46:07.0565 2492 Initialize success
2011/06/15 22:47:27.0253 5076 ================================================================================
2011/06/15 22:47:27.0253 5076 Scan started
2011/06/15 22:47:27.0253 5076 Mode: Manual;
2011/06/15 22:47:27.0253 5076 ================================================================================
2011/06/15 22:47:28.0051 5076 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/15 22:47:28.0213 5076 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/15 22:47:28.0290 5076 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/15 22:47:28.0330 5076 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/15 22:47:28.0368 5076 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/15 22:47:28.0499 5076 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/15 22:47:28.0608 5076 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/15 22:47:28.0663 5076 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/15 22:47:28.0717 5076 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/15 22:47:28.0754 5076 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/15 22:47:28.0790 5076 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/15 22:47:28.0851 5076 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/15 22:47:28.0881 5076 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/15 22:47:28.0958 5076 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/15 22:47:29.0003 5076 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/15 22:47:29.0071 5076 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 22:47:29.0119 5076 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/15 22:47:29.0281 5076 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/15 22:47:29.0385 5076 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/15 22:47:29.0473 5076 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/15 22:47:29.0563 5076 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 22:47:29.0649 5076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/15 22:47:29.0677 5076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/15 22:47:29.0717 5076 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/15 22:47:29.0752 5076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/15 22:47:29.0793 5076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/15 22:47:29.0846 5076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/15 22:47:29.0916 5076 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/15 22:47:29.0994 5076 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/15 22:47:30.0095 5076 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/15 22:47:30.0200 5076 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/15 22:47:30.0289 5076 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/15 22:47:30.0401 5076 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/06/15 22:47:30.0476 5076 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/06/15 22:47:30.0544 5076 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/15 22:47:30.0636 5076 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 22:47:30.0761 5076 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 22:47:30.0817 5076 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/15 22:47:30.0891 5076 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/15 22:47:31.0029 5076 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/15 22:47:31.0087 5076 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/15 22:47:31.0129 5076 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/15 22:47:31.0147 5076 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/15 22:47:31.0216 5076 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/15 22:47:31.0322 5076 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 22:47:31.0536 5076 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/15 22:47:31.0596 5076 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 22:47:31.0660 5076 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 22:47:31.0770 5076 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/15 22:47:31.0854 5076 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/15 22:47:31.0967 5076 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/15 22:47:32.0082 5076 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/15 22:47:32.0164 5076 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/15 22:47:32.0288 5076 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/15 22:47:32.0385 5076 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 22:47:32.0522 5076 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 22:47:32.0650 5076 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 22:47:32.0697 5076 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 22:47:32.0721 5076 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 22:47:32.0767 5076 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 22:47:32.0935 5076 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 22:47:33.0048 5076 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/15 22:47:33.0242 5076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/15 22:47:33.0499 5076 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/15 22:47:33.0942 5076 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/15 22:47:34.0149 5076 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 22:47:34.0214 5076 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/15 22:47:34.0281 5076 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/15 22:47:34.0345 5076 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 22:47:34.0397 5076 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/15 22:47:34.0446 5076 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 22:47:34.0673 5076 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/15 22:47:34.0737 5076 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 22:47:34.0780 5076 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/06/15 22:47:34.0837 5076 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/15 22:47:35.0011 5076 IDMWFP (e7e1c00a45e188fb1a3745ddd991fffa) C:\Windows\system32\DRIVERS\idmwfp.sys
2011/06/15 22:47:35.0113 5076 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/15 22:47:35.0182 5076 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/15 22:47:35.0263 5076 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 22:47:35.0359 5076 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/15 22:47:35.0394 5076 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/15 22:47:35.0458 5076 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/15 22:47:35.0488 5076 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/15 22:47:35.0535 5076 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 22:47:35.0562 5076 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/15 22:47:35.0597 5076 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/15 22:47:35.0696 5076 ivusb (b14577cd7495f55996b17ab2938252cb) C:\Windows\system32\DRIVERS\ivusb.sys
2011/06/15 22:47:35.0730 5076 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 22:47:35.0795 5076 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 22:47:35.0845 5076 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 22:47:35.0936 5076 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 22:47:35.0987 5076 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/15 22:47:36.0027 5076 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/15 22:47:36.0064 5076 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/15 22:47:36.0109 5076 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/15 22:47:36.0235 5076 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/15 22:47:36.0338 5076 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/15 22:47:36.0421 5076 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/15 22:47:36.0485 5076 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/15 22:47:36.0529 5076 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/15 22:47:36.0556 5076 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 22:47:36.0572 5076 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 22:47:36.0603 5076 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 22:47:36.0639 5076 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 22:47:36.0679 5076 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/15 22:47:36.0731 5076 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 22:47:36.0790 5076 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/15 22:47:36.0835 5076 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 22:47:36.0905 5076 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 22:47:36.0932 5076 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 22:47:36.0960 5076 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 22:47:37.0002 5076 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/06/15 22:47:37.0036 5076 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/15 22:47:37.0070 5076 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 22:47:37.0107 5076 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/15 22:47:37.0187 5076 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 22:47:37.0207 5076 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 22:47:37.0245 5076 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 22:47:37.0294 5076 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 22:47:37.0325 5076 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 22:47:37.0360 5076 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 22:47:37.0404 5076 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/15 22:47:37.0502 5076 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 22:47:37.0597 5076 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/15 22:47:37.0645 5076 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 22:47:37.0662 5076 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 22:47:37.0762 5076 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 22:47:37.0783 5076 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 22:47:37.0820 5076 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 22:47:37.0861 5076 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 22:47:38.0041 5076 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/15 22:47:38.0126 5076 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/15 22:47:38.0189 5076 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 22:47:38.0227 5076 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 22:47:38.0300 5076 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 22:47:38.0374 5076 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/15 22:47:38.0412 5076 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/15 22:47:38.0745 5076 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/15 22:47:39.0177 5076 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 22:47:39.0214 5076 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 22:47:39.0289 5076 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/15 22:47:39.0406 5076 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
2011/06/15 22:47:39.0439 5076 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
2011/06/15 22:47:39.0538 5076 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 22:47:39.0654 5076 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/15 22:47:39.0699 5076 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 22:47:39.0734 5076 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/15 22:47:39.0816 5076 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/15 22:47:39.0886 5076 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/15 22:47:39.0923 5076 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/15 22:47:40.0005 5076 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/15 22:47:40.0113 5076 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 22:47:40.0146 5076 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/15 22:47:40.0204 5076 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 22:47:40.0284 5076 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/15 22:47:40.0370 5076 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/15 22:47:40.0443 5076 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/15 22:47:40.0487 5076 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 22:47:40.0574 5076 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/15 22:47:40.0656 5076 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 22:47:40.0702 5076 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 22:47:40.0755 5076 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 22:47:40.0815 5076 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/15 22:47:40.0870 5076 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 22:47:40.0892 5076 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 22:47:40.0942 5076 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 22:47:40.0960 5076 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 22:47:41.0009 5076 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 22:47:41.0087 5076 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/15 22:47:41.0164 5076 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/15 22:47:41.0229 5076 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/15 22:47:41.0309 5076 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/15 22:47:41.0381 5076 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/15 22:47:41.0401 5076 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/15 22:47:41.0458 5076 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/15 22:47:41.0486 5076 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 22:47:41.0668 5076 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/15 22:47:41.0722 5076 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/15 22:47:41.0763 5076 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/15 22:47:41.0833 5076 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/15 22:47:41.0861 5076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 22:47:41.0904 5076 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/15 22:47:41.0940 5076 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/15 22:47:41.0977 5076 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/15 22:47:42.0051 5076 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/15 22:47:42.0081 5076 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/15 22:47:42.0124 5076 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/15 22:47:42.0158 5076 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/15 22:47:42.0208 5076 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/15 22:47:42.0240 5076 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/15 22:47:42.0270 5076 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/15 22:47:42.0335 5076 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 22:47:42.0438 5076 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/06/15 22:47:42.0476 5076 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/15 22:47:42.0636 5076 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/15 22:47:42.0636 5076 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/15 22:47:42.0641 5076 sptd - detected LockedFile.Multi.Generic (1)
2011/06/15 22:47:42.0687 5076 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 22:47:42.0740 5076 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 22:47:42.0789 5076 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 22:47:42.0946 5076 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/06/15 22:47:43.0029 5076 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 22:47:43.0130 5076 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\Windows\System32\drivers\swmsflt.sys
2011/06/15 22:47:43.0181 5076 SWNC8UA3 (48770611b4963ca79f695e9db8d9829c) C:\Windows\system32\DRIVERS\swnc8ua3.sys
2011/06/15 22:47:43.0254 5076 SWUMXA3 (8d4ee23f4f326d246fa988a9d891d9f1) C:\Windows\system32\DRIVERS\swumxa3.sys
2011/06/15 22:47:43.0286 5076 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/15 22:47:43.0313 5076 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/15 22:47:43.0364 5076 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/15 22:47:43.0435 5076 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/15 22:47:43.0541 5076 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 22:47:43.0599 5076 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 22:47:43.0671 5076 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 22:47:43.0730 5076 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/06/15 22:47:43.0784 5076 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 22:47:43.0837 5076 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 22:47:43.0884 5076 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 22:47:43.0934 5076 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 22:47:43.0989 5076 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 22:47:44.0046 5076 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/15 22:47:44.0065 5076 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 22:47:44.0098 5076 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/15 22:47:44.0148 5076 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 22:47:44.0204 5076 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/15 22:47:44.0238 5076 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/15 22:47:44.0273 5076 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/15 22:47:44.0334 5076 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/15 22:47:44.0384 5076 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 22:47:44.0478 5076 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/15 22:47:44.0567 5076 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/15 22:47:44.0622 5076 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 22:47:44.0682 5076 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/15 22:47:44.0738 5076 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/15 22:47:44.0769 5076 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 22:47:44.0812 5076 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/15 22:47:44.0854 5076 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 22:47:44.0945 5076 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/15 22:47:45.0030 5076 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 22:47:45.0085 5076 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/15 22:47:45.0136 5076 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 22:47:45.0166 5076 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/15 22:47:45.0212 5076 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/15 22:47:45.0278 5076 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/15 22:47:45.0342 5076 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/15 22:47:45.0358 5076 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/15 22:47:45.0407 5076 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 22:47:45.0520 5076 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 22:47:45.0590 5076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/15 22:47:45.0628 5076 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/15 22:47:45.0672 5076 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 22:47:45.0711 5076 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 22:47:45.0757 5076 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/15 22:47:45.0803 5076 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 22:47:45.0938 5076 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/15 22:47:46.0048 5076 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/15 22:47:46.0111 5076 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 22:47:46.0189 5076 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 22:47:46.0237 5076 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/15 22:47:46.0263 5076 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/15 22:47:46.0270 5076 ================================================================================
2011/06/15 22:47:46.0270 5076 Scan finished
2011/06/15 22:47:46.0270 5076 ================================================================================
2011/06/15 22:47:46.0284 1240 Detected object count: 1
2011/06/15 22:47:46.0284 1240 Actual detected object count: 1
2011/06/15 22:49:25.0980 1240 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/15 22:49:33.0611 3968 ================================================================================
2011/06/15 22:49:33.0611 3968 Scan started
2011/06/15 22:49:33.0611 3968 Mode: Manual;
2011/06/15 22:49:33.0611 3968 ================================================================================
2011/06/15 22:49:33.0941 3968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/15 22:49:34.0092 3968 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/15 22:49:34.0158 3968 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/15 22:49:34.0198 3968 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/15 22:49:34.0259 3968 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/15 22:49:34.0312 3968 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/15 22:49:34.0354 3968 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/15 22:49:34.0387 3968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/15 22:49:34.0474 3968 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/15 22:49:34.0533 3968 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/15 22:49:34.0591 3968 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/15 22:49:34.0630 3968 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/15 22:49:34.0682 3968 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/15 22:49:34.0737 3968 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/15 22:49:34.0759 3968 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/15 22:49:34.0850 3968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 22:49:34.0953 3968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/15 22:49:35.0049 3968 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/15 22:49:35.0108 3968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/15 22:49:35.0163 3968 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/15 22:49:35.0208 3968 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 22:49:35.0250 3968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/15 22:49:35.0300 3968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/15 22:49:35.0363 3968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/15 22:49:35.0453 3968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/15 22:49:35.0538 3968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/15 22:49:35.0614 3968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/15 22:49:35.0750 3968 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/15 22:49:35.0828 3968 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/15 22:49:35.0875 3968 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/15 22:49:35.0957 3968 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/15 22:49:36.0034 3968 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/15 22:49:36.0079 3968 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/06/15 22:49:36.0095 3968 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/06/15 22:49:36.0145 3968 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/15 22:49:36.0205 3968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 22:49:36.0273 3968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 22:49:36.0307 3968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/15 22:49:36.0360 3968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/15 22:49:36.0408 3968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/15 22:49:36.0444 3968 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/15 22:49:36.0458 3968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/15 22:49:36.0478 3968 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/15 22:49:36.0517 3968 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/15 22:49:36.0579 3968 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 22:49:36.0623 3968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/15 22:49:36.0730 3968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 22:49:36.0827 3968 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 22:49:36.0937 3968 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/15 22:49:37.0010 3968 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/15 22:49:37.0057 3968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/15 22:49:37.0105 3968 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/15 22:49:37.0143 3968 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/15 22:49:37.0200 3968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/15 22:49:37.0241 3968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 22:49:37.0289 3968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 22:49:37.0312 3968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 22:49:37.0342 3968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 22:49:37.0399 3968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 22:49:37.0446 3968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 22:49:37.0491 3968 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 22:49:37.0538 3968 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/15 22:49:37.0610 3968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/15 22:49:37.0654 3968 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/06/15 22:49:37.0776 3968 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/15 22:49:37.0860 3968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 22:49:37.0936 3968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/15 22:49:37.0959 3968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/15 22:49:38.0012 3968 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 22:49:38.0063 3968 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/15 22:49:38.0146 3968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 22:49:38.0228 3968 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/15 22:49:38.0292 3968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 22:49:38.0414 3968 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/06/15 22:49:38.0526 3968 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/15 22:49:38.0611 3968 IDMWFP (e7e1c00a45e188fb1a3745ddd991fffa) C:\Windows\system32\DRIVERS\idmwfp.sys
2011/06/15 22:49:38.0724 3968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/15 22:49:38.0771 3968 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/15 22:49:38.0807 3968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 22:49:38.0870 3968 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/15 22:49:38.0972 3968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/15 22:49:39.0035 3968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/15 22:49:39.0110 3968 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/15 22:49:39.0201 3968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 22:49:39.0262 3968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/15 22:49:39.0319 3968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/15 22:49:39.0385 3968 ivusb (b14577cd7495f55996b17ab2938252cb) C:\Windows\system32\DRIVERS\ivusb.sys
2011/06/15 22:49:39.0486 3968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 22:49:39.0551 3968 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 22:49:39.0668 3968 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 22:49:39.0770 3968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 22:49:39.0854 3968 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/15 22:49:39.0916 3968 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/15 22:49:39.0997 3968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/15 22:49:40.0064 3968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/15 22:49:40.0102 3968 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/15 22:49:40.0138 3968 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/15 22:49:40.0166 3968 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/15 22:49:40.0230 3968 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/15 22:49:40.0296 3968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/15 22:49:40.0323 3968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 22:49:40.0338 3968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 22:49:40.0414 3968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 22:49:40.0461 3968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 22:49:40.0501 3968 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/15 22:49:40.0542 3968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 22:49:40.0579 3968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/15 22:49:40.0624 3968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 22:49:40.0683 3968 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 22:49:40.0710 3968 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 22:49:40.0737 3968 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 22:49:40.0769 3968 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/06/15 22:49:40.0803 3968 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/15 22:49:40.0837 3968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 22:49:40.0858 3968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/15 22:49:40.0898 3968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 22:49:40.0918 3968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 22:49:40.0945 3968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 22:49:40.0983 3968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 22:49:41.0014 3968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 22:49:41.0049 3968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 22:49:41.0065 3968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/15 22:49:41.0124 3968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 22:49:41.0219 3968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/15 22:49:41.0290 3968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 22:49:41.0395 3968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 22:49:41.0473 3968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 22:49:41.0488 3968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 22:49:41.0505 3968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 22:49:41.0572 3968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 22:49:41.0741 3968 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/15 22:49:41.0848 3968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/15 22:49:41.0911 3968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 22:49:41.0938 3968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 22:49:42.0013 3968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 22:49:42.0062 3968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/15 22:49:42.0100 3968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/15 22:49:42.0423 3968 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/15 22:49:42.0498 3968 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 22:49:42.0558 3968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 22:49:42.0600 3968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/15 22:49:42.0683 3968 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
2011/06/15 22:49:42.0717 3968 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
2011/06/15 22:49:42.0782 3968 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 22:49:42.0876 3968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/15 22:49:42.0910 3968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 22:49:42.0944 3968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/15 22:49:42.0993 3968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/15 22:49:43.0019 3968 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/15 22:49:43.0056 3968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/15 22:49:43.0104 3968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/15 22:49:43.0179 3968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 22:49:43.0213 3968 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/15 22:49:43.0281 3968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 22:49:43.0362 3968 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/15 22:49:43.0436 3968 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/15 22:49:43.0520 3968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/15 22:49:43.0565 3968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 22:49:43.0711 3968 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/15 22:49:43.0800 3968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 22:49:43.0880 3968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 22:49:43.0944 3968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 22:49:44.0004 3968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/15 22:49:44.0048 3968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 22:49:44.0103 3968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 22:49:44.0187 3968 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 22:49:44.0205 3968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 22:49:44.0264 3968 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 22:49:44.0320 3968 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/15 22:49:44.0352 3968 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/15 22:49:44.0406 3968 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/15 22:49:44.0476 3968 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/15 22:49:44.0537 3968 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/15 22:49:44.0551 3968 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/15 22:49:44.0602 3968 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/15 22:49:44.0630 3968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 22:49:44.0757 3968 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/15 22:49:44.0811 3968 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/15 22:49:44.0907 3968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/15 22:49:45.0011 3968 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/15 22:49:45.0105 3968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 22:49:45.0170 3968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/15 22:49:45.0240 3968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/15 22:49:45.0266 3968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/15 22:49:45.0328 3968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/15 22:49:45.0358 3968 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/15 22:49:45.0402 3968 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/15 22:49:45.0435 3968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/15 22:49:45.0464 3968 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/15 22:49:45.0495 3968 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/15 22:49:45.0526 3968 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/15 22:49:45.0579 3968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 22:49:45.0660 3968 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/06/15 22:49:45.0709 3968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/15 22:49:45.0769 3968 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/15 22:49:45.0769 3968 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/15 22:49:45.0774 3968 sptd - detected LockedFile.Multi.Generic (1)
2011/06/15 22:49:45.0831 3968 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 22:49:45.0852 3968 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 22:49:45.0870 3968 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 22:49:45.0945 3968 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/06/15 22:49:45.0996 3968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 22:49:46.0085 3968 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\Windows\System32\drivers\swmsflt.sys
2011/06/15 22:49:46.0158 3968 SWNC8UA3 (48770611b4963ca79f695e9db8d9829c) C:\Windows\system32\DRIVERS\swnc8ua3.sys
2011/06/15 22:49:46.0209 3968 SWUMXA3 (8d4ee23f4f326d246fa988a9d891d9f1) C:\Windows\system32\DRIVERS\swumxa3.sys
2011/06/15 22:49:46.0241 3968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/15 22:49:46.0269 3968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/15 22:49:46.0297 3968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/15 22:49:46.0378 3968 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/15 22:49:46.0469 3968 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 22:49:46.0581 3968 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 22:49:46.0637 3968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 22:49:46.0707 3968 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/06/15 22:49:46.0795 3968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 22:49:46.0825 3968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 22:49:46.0872 3968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 22:49:46.0922 3968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 22:49:47.0011 3968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 22:49:47.0046 3968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/15 22:49:47.0063 3968 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 22:49:47.0097 3968 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/15 22:49:47.0159 3968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 22:49:47.0215 3968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/15 22:49:47.0260 3968 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/15 22:49:47.0294 3968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/15 22:49:47.0356 3968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/15 22:49:47.0394 3968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 22:49:47.0455 3968 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/15 22:49:47.0523 3968 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/15 22:49:47.0600 3968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 22:49:47.0660 3968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/15 22:49:47.0716 3968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/15 22:49:47.0759 3968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 22:49:47.0800 3968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/15 22:49:47.0876 3968 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 22:49:47.0933 3968 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/15 22:49:48.0008 3968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 22:49:48.0073 3968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/15 22:49:48.0124 3968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 22:49:48.0154 3968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/15 22:49:48.0200 3968 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/15 22:49:48.0266 3968 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/15 22:49:48.0297 3968 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/15 22:49:48.0314 3968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/15 22:49:48.0363 3968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 22:49:48.0554 3968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 22:49:48.0623 3968 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/15 22:49:48.0683 3968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/15 22:49:48.0738 3968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 22:49:48.0747 3968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 22:49:48.0801 3968 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/15 22:49:48.0857 3968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 22:49:48.0948 3968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/15 22:49:49.0014 3968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/15 22:49:49.0066 3968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 22:49:49.0111 3968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 22:49:49.0181 3968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/15 22:49:49.0207 3968 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/15 22:49:49.0213 3968 ================================================================================
2011/06/15 22:49:49.0213 3968 Scan finished
2011/06/15 22:49:49.0213 3968 ================================================================================
2011/06/15 22:49:49.0224 4588 Detected object count: 1
2011/06/15 22:49:49.0224 4588 Actual detected object count: 1
2011/06/15 22:49:55.0655 4588 LockedFile.Multi.Generic(sptd) - User select action: Skip

#9 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 15 June 2011 - 08:02 AM

I will post back with further instructions in a bit. In the mean time, can you tell me how the computer is running now? Are you able to launch programs ok at this point? Have the redirects and music/video problems ceased to happen?
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#10 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 15 June 2011 - 08:19 AM

The computer is running great now! :)

Thanks so much! :)

it no longer re-directs, no unusual items in startup and iexplore doesn't seem to be opening in the background.

The only thing left is my start menu, with missing items. (which is something I can definitely live with if i must)

This post has been edited by khoi242: 15 June 2011 - 08:25 AM

#11 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 15 June 2011 - 04:04 PM

Let's see if we can get those start menu items back. Please try right-clicking on the Windows orb (Start Menu icon) and choose Properties. There should be 2 boxes for:
Store and display recently opened programs in the Start Menu and
Store and display recently opened items in the Start Menu and the taskbar
Please make sure both of these boxes are Checked

Let me know if this brings back the items.



I see you have Malwarebytes already on your machine. Please run it by right-clicking and choosing Run as Administrator on the icon on the desktop.
  • Click on the tab labeled Update and then click on the button Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 26
  • Click the Download JRE button to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.




Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean





This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#12 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 16 June 2011 - 07:41 AM

In the log file, there was nothing except this:
(Not sure if this is right?)

------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

------------------


The scan also picked up the following;

------------------

C:\old\Downloads\QQ2008.exe probably a variant of Win32/PSW.OnLineGames.KVGBYQU trojan
C:\old\music\Albums\Jason Mraz - We Sing, We Dance, We Steal Things [2008] full\08 Jason Mraz - Coyotes.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\khoi\Desktop\MISC\New Folder (2)\MISC\autorun.inf INF/Autorun.gen trojan
C:\Users\khoi\Desktop\Virus Stuff\GridinSoft Trojan Killer\iexplore.exe a variant of Win32/1AntiVirus application

------------------

#13 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 16 June 2011 - 02:18 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

File::
C:\old\Downloads\QQ2008.exe
C:\old\music\Albums\Jason Mraz - We Sing, We Dance, We Steal Things [2008] full\08 Jason Mraz - Coyotes.mp3
C:\Users\khoi\Desktop\MISC\New Folder (2)\MISC\autorun.inf
C:\Users\khoi\Desktop\Virus Stuff\GridinSoft Trojan Killer\iexplore.exe



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



How is the system running now?
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

#14 User is offline   khoi242 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 03-June 11

Posted 17 June 2011 - 02:47 AM

System is running good.

Start Menu items are still missing though, e.g. Microsoft Office folder, but no word.exe etc.

log pasted below,

------------------------------------------------------------------------

ComboFix 11-06-16.02 - khoi 17/06/2011 17:33:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1982 [GMT 10:00]
Running from: c:\users\khoi\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\khoi\Downloads\Programs\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\old\Downloads\QQ2008.exe"
"c:\old\music\Albums\Jason Mraz - We Sing, We Dance, We Steal Things [2008] full\08 Jason Mraz - Coyotes.mp3"
"c:\users\khoi\Desktop\MISC\New Folder (2)\MISC\autorun.inf"
"c:\users\khoi\Desktop\Virus Stuff\GridinSoft Trojan Killer\iexplore.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\old\Downloads\QQ2008.exe
c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}
c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}\chrome.manifest
c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}\chrome\content\_cfg.js
c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}\chrome\content\overlay.xul
c:\users\khoi\AppData\Local\{CF1C9541-EAC3-4D57-8E66-27A7E8161B1D}\install.rdf
c:\users\khoi\Desktop\MISC\New Folder (2)\MISC\autorun.inf
c:\users\khoi\Desktop\Virus Stuff\GridinSoft Trojan Killer\iexplore.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 07:39 . 2011-06-17 07:39 -------- d-----w- c:\users\khoi\AppData\Local\temp
2011-06-17 07:39 . 2011-06-17 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 11:09 . 2011-06-16 11:09 -------- d-----w- c:\program files\ESET
2011-06-16 10:22 . 2011-06-16 10:22 -------- d-----w- c:\program files\Common Files\Java
2011-06-15 09:05 . 2011-06-17 07:31 -------- d-----w- C:\32788R22FWJFW
2011-06-13 00:27 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 15:25 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{856C1D40-0BC8-4768-9C85-25741D19CE0A}\mpengine.dll
2011-05-29 03:30 . 2011-05-29 04:43 -------- d-----w- C:\SDFix
2011-05-29 03:29 . 2011-05-29 03:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-29 03:20 . 2011-05-29 03:20 -------- d-----w- c:\users\khoi\AppData\Roaming\Fighters
2011-05-29 03:20 . 2011-05-29 03:20 -------- d-----w- c:\users\khoi\AppData\Local\PackageAware
2011-05-23 11:33 . 2011-05-23 12:09 -------- d-----w- c:\users\khoi\AppData\Roaming\Ibar
2011-05-23 11:33 . 2011-05-23 11:40 -------- d-----w- c:\users\khoi\AppData\Roaming\Ajcyko
2011-05-23 09:04 . 2011-05-23 11:06 -------- d-----w- c:\users\khoi\AppData\Roaming\Pawagy
2011-05-23 09:04 . 2011-05-23 09:29 -------- d-----w- c:\users\khoi\AppData\Roaming\Upjey
2011-05-21 10:17 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-21 10:17 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-21 10:13 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-21 10:13 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-21 00:13 . 2011-06-16 09:19 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-21 00:03 . 2011-05-21 00:03 -------- d-----w- c:\windows\Sun
2011-05-20 15:53 . 2011-05-20 15:53 0 ----a-w- c:\users\khoi\AppData\Local\Fzasivewavadejuz.bin
2011-05-20 15:50 . 2011-05-20 16:08 -------- d-----w- c:\programdata\aJ06509JhGdI06509
2011-05-19 04:56 . 2011-05-19 05:29 -------- d-----w- c:\programdata\kP06509MiFnB06509
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 09:34 . 2010-07-06 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-28 23:11 . 2009-02-20 00:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 09:14 . 2009-10-04 01:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 17:46 . 2011-03-28 17:51 86792 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-23 3270040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-12-03 36864]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-28 1047656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-15 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-15 92704]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-13 562456]
"WatcherHelper"="c:\program files\Telstra\Telstra Connection Manager\WaHelper.exe" [2009-08-14 62744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-28 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-28 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-02 06:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 15:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-09 24216]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-07-22 197504]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 148992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-08 691696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-28 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-28 22712]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-12-03 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-12-03 234720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 07:58]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 07:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smh.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: QQ - c:\program files\Tencent\QQIntl\Bin\AddEmotion.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\khoi\AppData\Roaming\Mozilla\Firefox\Profiles\6ljw1g95.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\khoi\AppData\Roaming\IDM\idmmzcc3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 17:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3107805794-2489986136-2654191599-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,c4,65,8f,ff,3e,43,41,2a,3a,ff,3b,9e,08,b7,f5,91,e8,69,82,35,
35,81,d8,78,2d,51,f8,46,8d,66,63,cb,c0,87,d9,6f,86,49,b7,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3107805794-2489986136-2654191599-1000_Classes\CLSID\{98768bbb-7ab5-4c7e-a1a4-d5ca7f03edca}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a5
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-17 17:40:38
ComboFix-quarantined-files.txt 2011-06-17 07:40
ComboFix2.txt 2011-06-15 10:56
ComboFix3.txt 2009-06-22 14:48
.
Pre-Run: 47,612,305,408 bytes free
Post-Run: 47,574,753,280 bytes free
.
- - End Of File - - E4F39AD2DDEF115E80083F3E8165EDD6

#15 User is offline   patndoris 

  • Member
  • PipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 121
  • Joined: 29-August 08
  • Gender:Female
  • Location:Maryland

Posted 17 June 2011 - 05:28 AM

When you did this:

Quote

Please try right-clicking on the Windows orb (Start Menu icon) and choose Properties. There should be 2 boxes for:
Store and display recently opened programs in the Start Menu and
Store and display recently opened items in the Start Menu and the taskbar
Please make sure both of these boxes are Checked


Did you see the options and make sure they were both checked?





The following will implement some cleanup procedures as well as reset System Restore points:
  • Click the Windows Key + R to open the Run box.
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Posted Image


If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.


Please let me know about the check boxes as well as when you have finished this step.
~Doris~

Proud Graduate of the WTT Classroom
Member of ASAP and UNITE

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users