Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possoble MBR rootkit infection...Unable to Access Anything in User acct in XP


  • This topic is locked This topic is locked
19 replies to this topic

#1 LadyEarp

LadyEarp

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 09 March 2011 - 10:45 AM

I have Windows XP in my computer. Both my husband and I have Admin rights set up in our User Accounts. We also have one Guest Account. My Admin Acct is fine, no problems whatsoever. The Guest Acct and my husbands Admin Accts both have had some serious issues in the past few days. First, IE8 could not open up, then the wallpaper went to some generic XP colour. Then could not open any programs, then couldn't open the 'my documents' folders or anything on the desktop, all my husband's 'My Music' files are gone (only had 5 albums on there), all his documents are missing as well as his 'My Pictures' files. Then, the recycle bin showed up in the lower right hand corner of the desktop, then I get "Your security setting put your computer at risk" and I can't change the settings either! Then IE8 keeps flashing and wants to go to windows live instead of our set home page which is Google but never actually gets anywhere...just keeps flashing, and when I try to open any file, folder or program I get this, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I have tried to run Kaspersky (it won't open in my husbands acct.) I was able to run Kaspersky in the guest acct and in my acct and it snagged 44 malicious items. My Guest account is running fine now, no trouble with anything. My husband's Admin Acct is still acting super silly. I have tried to run the following programs while logged into my husbands Admin acct: Kaspersky Internet Security 2011 and MBAM 15.0.1.1100. No matter what I do, I cannot open these programs on his account. I even tried to change the file names! I couldn't download to his desktop as I cannot access the Internet through his account so I made a shared file through my acct and pulled them through to his acct. Could not run them, they won't open, I get this: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."


DDS.TXT LOG BELOW

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Vickie Hickey at 22:09:59.65 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.576 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Vickie Hickey\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_S87.tmp" /EF "HKCU"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Adobe Gamma.lnk]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
dRun: [Spyware Doctor]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\broderbund homework helpers\pmremind.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} - hxxp://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://www.charter.net/files/charter/securitysuite/fscax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\vickie~1\applic~1\mozilla\firefox\profiles\um74kghq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2006-2-22 50048]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-3-6 475736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-23 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 BEFCMU10;Linksys BEFCMU10 EtherFast Cable Modem with USB;c:\windows\system32\drivers\BEFCMU10.sys [2008-5-27 15423]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 272128]
.
=============== Created Last 30 ================
.
2011-03-08 02:30:40 -------- d-----w- c:\docume~1\vickie~1\applic~1\Malwarebytes
2011-03-08 02:30:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-08 02:30:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-08 02:30:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-08 02:30:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 05:37:45 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2011-03-06 05:37:41 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-03-06 05:37:18 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-03-06 05:37:17 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-03-06 05:34:32 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-06 05:34:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2011-03-06 05:21:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-03-06 03:59:25 -------- d-----w- c:\docume~1\vickie~1\applic~1\Uniblue
2011-03-06 03:59:06 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-06 03:59:02 -------- d-----w- c:\program files\Uniblue
2011-03-06 03:58:46 -------- d-----w- c:\docume~1\vickie~1\locals~1\applic~1\PackageAware
2011-03-05 14:56:15 -------- d-----w- C:\fsaua.data
2011-03-05 03:10:16 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-05 03:10:16 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-05 03:10:16 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-05 03:10:06 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-05 03:09:41 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-05 03:07:57 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-05 00:17:44 -------- d-----w- c:\windows\Mozilla
2011-03-04 22:02:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-04 22:02:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-04 22:00:34 -------- d-----w- c:\windows\system32\en
2011-03-04 22:00:34 -------- d-----w- c:\windows\system32\bits
2011-03-04 21:56:02 -------- d-----w- c:\windows\EHome
2011-03-04 21:55:39 -------- d-----w- C:\b7b4900f58641c81ac079263de81a0f3
2011-03-04 18:57:46 941 ----a-w- c:\windows\win.tmp
2011-03-04 18:57:46 227 ----a-w- c:\windows\system.tmp
2011-03-03 21:41:17 -------- d-----w- c:\docume~1\vickie~1\applic~1\FixCleaner
2011-03-03 21:37:03 -------- d-----w- c:\program files\FixCleaner
2011-03-03 14:26:31 -------- d-----w- c:\program files\Messenger
2011-03-03 14:26:17 -------- d-----w- c:\windows\system32\scripting
2011-03-03 14:26:17 -------- d-----w- c:\windows\l2schemas
2011-03-03 14:21:35 -------- d-----w- c:\windows\network diagnostic
2011-03-02 13:38:14 -------- d-sh--w- c:\documents and settings\vickie hickey\PrivacIE
2011-03-02 13:30:30 -------- d-sh--w- c:\documents and settings\vickie hickey\IETldCache
2011-03-02 13:24:55 -------- d-----w- c:\windows\ie8updates
2011-03-02 13:24:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-02 13:24:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-02 13:24:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-02 13:22:38 -------- dc-h--w- c:\windows\ie8
2011-03-01 05:03:33 -------- d-----w- c:\windows\ServicePackFiles
2011-02-28 21:44:59 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-02-28 21:43:58 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-28 21:32:33 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-02-28 21:32:33 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-02-28 21:31:50 357248 ------w- c:\windows\system32\dllcache\srv.sys
2011-02-28 21:30:40 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-28 21:30:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-02-28 21:27:36 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-28 21:24:42 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-02-28 21:24:31 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-02-28 21:23:16 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-28 21:23:15 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-02-28 13:54:06 720896 ----a-w- c:\windows\iun6002.exe
2011-02-28 13:53:42 -------- d-----w- c:\program files\Mathematics Worksheet Factory Lite
.
==================== Find3M ====================
.
2011-01-30 13:21:27 49540 ----a-w- c:\windows\rxvcrt.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x86F9A550]<<
_asm { MOV EAX, 0x86f9a470; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fa0c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F7CAB8]
\Driver\Disk[0x86F87A08] -> IRP_MJ_CREATE -> 0x86F9A550
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x86f9a550
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 22:12:00.67 ===============

Attached Files


Do or do not. There is no try. -Yoda

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 13 March 2011 - 07:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 13 March 2011 - 08:28 PM

m0le,

I am replying...thank you for picking my problem up...I'm ready to receive my instructions!

Lady Earp
Do or do not. There is no try. -Yoda

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 14 March 2011 - 02:13 PM

Looks like an MBR infection. Please Run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 14 March 2011 - 04:11 PM

Thank you so much for your help.
I ran the TDSSKiller scan.
'Cure' was not an option.
My options were: Skip, delete, quarantine.

I chose quarantine.

I was not given the option to reboot.
I did get the report then ran the MBRCheck and got the log both reports which are here:

2011/03/14 16:41:51.0346 3412 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/14 16:41:51.0534 3412 ================================================================================
2011/03/14 16:41:51.0534 3412 SystemInfo:
2011/03/14 16:41:51.0534 3412
2011/03/14 16:41:51.0534 3412 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/14 16:41:51.0534 3412 Product type: Workstation
2011/03/14 16:41:51.0534 3412 ComputerName: HICKEY
2011/03/14 16:41:51.0534 3412 UserName: Vickie Hickey
2011/03/14 16:41:51.0534 3412 Windows directory: C:\WINDOWS
2011/03/14 16:41:51.0534 3412 System windows directory: C:\WINDOWS
2011/03/14 16:41:51.0534 3412 Processor architecture: Intel x86
2011/03/14 16:41:51.0534 3412 Number of processors: 1
2011/03/14 16:41:51.0534 3412 Page size: 0x1000
2011/03/14 16:41:51.0534 3412 Boot type: Normal boot
2011/03/14 16:41:51.0534 3412 ================================================================================
2011/03/14 16:41:51.0971 3412 Initialize success
2011/03/14 16:41:56.0706 2500 ================================================================================
2011/03/14 16:41:56.0706 2500 Scan started
2011/03/14 16:41:56.0706 2500 Mode: Manual;
2011/03/14 16:41:56.0706 2500 ================================================================================
2011/03/14 16:42:00.0206 2500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/14 16:42:01.0409 2500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/14 16:42:02.0565 2500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/14 16:42:03.0690 2500 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/14 16:42:04.0831 2500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/14 16:42:06.0065 2500 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/14 16:42:07.0237 2500 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/14 16:42:08.0377 2500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/14 16:42:10.0002 2500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/14 16:42:11.0268 2500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/14 16:42:13.0284 2500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/14 16:42:14.0877 2500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/14 16:42:16.0049 2500 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/14 16:42:17.0174 2500 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/14 16:42:18.0221 2500 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/14 16:42:19.0440 2500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/14 16:42:20.0690 2500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/14 16:42:21.0924 2500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/14 16:42:23.0221 2500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/14 16:42:24.0268 2500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/14 16:42:27.0424 2500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/14 16:42:30.0674 2500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/14 16:42:33.0518 2500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/14 16:42:34.0956 2500 BEFCMU10 (5dce53c8c0e698c5713693268af045cd) C:\WINDOWS\system32\DRIVERS\BEFCMU10.sys
2011/03/14 16:42:37.0565 2500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/14 16:42:38.0596 2500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/14 16:42:39.0643 2500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/14 16:42:40.0831 2500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/14 16:42:42.0018 2500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/14 16:42:43.0174 2500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/14 16:42:45.0487 2500 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/14 16:42:46.0893 2500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/14 16:42:48.0393 2500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/14 16:42:49.0487 2500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/14 16:42:50.0565 2500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/14 16:42:51.0690 2500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/14 16:42:52.0862 2500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/14 16:42:53.0940 2500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/14 16:42:55.0034 2500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/14 16:42:56.0127 2500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/14 16:42:57.0721 2500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/14 16:42:58.0877 2500 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/14 16:42:59.0956 2500 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/14 16:43:00.0143 2500 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/14 16:43:01.0174 2500 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/14 16:43:02.0346 2500 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/03/14 16:43:03.0440 2500 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/14 16:43:04.0565 2500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/14 16:43:05.0909 2500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/14 16:43:07.0143 2500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/14 16:43:08.0206 2500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/14 16:43:09.0331 2500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/14 16:43:10.0393 2500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/14 16:43:11.0502 2500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/14 16:43:12.0565 2500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/14 16:43:13.0690 2500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/14 16:43:14.0893 2500 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/14 16:43:15.0987 2500 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/14 16:43:17.0612 2500 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/14 16:43:18.0706 2500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/14 16:43:19.0909 2500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/14 16:43:21.0065 2500 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/14 16:43:22.0612 2500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/14 16:43:23.0690 2500 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/14 16:43:24.0924 2500 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
2011/03/14 16:43:26.0112 2500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/14 16:43:27.0206 2500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/14 16:43:28.0299 2500 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/14 16:43:29.0424 2500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/14 16:43:30.0549 2500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/14 16:43:31.0627 2500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/14 16:43:33.0268 2500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/14 16:43:34.0409 2500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/14 16:43:35.0487 2500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/14 16:43:36.0659 2500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/14 16:43:37.0721 2500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/14 16:43:38.0877 2500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/14 16:43:40.0002 2500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/14 16:43:41.0096 2500 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/03/14 16:43:42.0706 2500 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/03/14 16:43:43.0752 2500 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/14 16:43:44.0893 2500 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/14 16:43:45.0987 2500 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/14 16:43:47.0049 2500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/14 16:43:48.0159 2500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/14 16:43:50.0377 2500 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/14 16:43:51.0487 2500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/14 16:43:53.0096 2500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/14 16:43:54.0268 2500 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/14 16:43:55.0299 2500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/14 16:43:56.0346 2500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/14 16:43:57.0581 2500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/14 16:43:58.0612 2500 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/14 16:43:59.0784 2500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/14 16:44:00.0956 2500 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/14 16:44:02.0549 2500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/14 16:44:03.0612 2500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/14 16:44:04.0815 2500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/14 16:44:05.0909 2500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/14 16:44:06.0971 2500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/14 16:44:08.0112 2500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/14 16:44:09.0268 2500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/14 16:44:10.0440 2500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/14 16:44:11.0549 2500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/14 16:44:13.0174 2500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/14 16:44:14.0299 2500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/14 16:44:15.0393 2500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/14 16:44:16.0518 2500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/14 16:44:17.0877 2500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/14 16:44:19.0065 2500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/14 16:44:20.0127 2500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/14 16:44:21.0237 2500 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/14 16:44:22.0409 2500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/14 16:44:23.0471 2500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/14 16:44:24.0643 2500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/14 16:44:25.0862 2500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/14 16:44:27.0331 2500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/14 16:44:28.0471 2500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/14 16:44:30.0831 2500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/14 16:44:32.0659 2500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/14 16:44:38.0346 2500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/14 16:44:39.0487 2500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/14 16:44:40.0674 2500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/14 16:44:42.0284 2500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/14 16:44:43.0518 2500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/14 16:44:44.0612 2500 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/14 16:44:45.0737 2500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/14 16:44:46.0862 2500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/14 16:44:48.0002 2500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/14 16:44:49.0127 2500 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/14 16:44:50.0331 2500 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/14 16:44:51.0471 2500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/14 16:44:53.0206 2500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/14 16:44:54.0346 2500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/14 16:44:55.0409 2500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/14 16:44:56.0471 2500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/14 16:44:57.0549 2500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/14 16:44:58.0627 2500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/14 16:44:59.0799 2500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/14 16:45:00.0956 2500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/14 16:45:02.0581 2500 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/03/14 16:45:03.0596 2500 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/03/14 16:45:04.0846 2500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/14 16:45:06.0002 2500 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/14 16:45:07.0112 2500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/14 16:45:08.0221 2500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/14 16:45:09.0377 2500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/14 16:45:11.0581 2500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/14 16:45:13.0159 2500 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/14 16:45:14.0252 2500 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/14 16:45:15.0331 2500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/14 16:45:16.0377 2500 sptd (b242b473802ebd0558f8ff0caec36f2b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/14 16:45:16.0377 2500 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: b242b473802ebd0558f8ff0caec36f2b
2011/03/14 16:45:16.0393 2500 sptd - detected Locked file (1)
2011/03/14 16:45:17.0471 2500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/14 16:45:18.0565 2500 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/14 16:45:19.0721 2500 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/14 16:45:20.0784 2500 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/14 16:45:22.0440 2500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/14 16:45:23.0502 2500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/14 16:45:24.0596 2500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/14 16:45:25.0752 2500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/14 16:45:26.0893 2500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/14 16:45:28.0002 2500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/14 16:45:29.0096 2500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/14 16:45:30.0237 2500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/14 16:45:31.0362 2500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/14 16:45:33.0081 2500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/14 16:45:34.0237 2500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/14 16:45:35.0237 2500 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/14 16:45:36.0237 2500 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/14 16:45:37.0315 2500 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/14 16:45:38.0362 2500 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/14 16:45:39.0346 2500 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/14 16:45:40.0331 2500 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/14 16:45:41.0331 2500 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/14 16:45:43.0049 2500 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/14 16:45:44.0096 2500 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/14 16:45:45.0221 2500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/14 16:45:46.0331 2500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/14 16:45:47.0456 2500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/14 16:45:48.0581 2500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/14 16:45:49.0799 2500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/14 16:45:50.0924 2500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/14 16:45:52.0456 2500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/14 16:45:53.0549 2500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/14 16:45:54.0659 2500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/14 16:45:55.0737 2500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/14 16:45:56.0877 2500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/14 16:45:58.0331 2500 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/03/14 16:45:59.0377 2500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/14 16:46:00.0565 2500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/14 16:46:01.0674 2500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/14 16:46:02.0737 2500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/14 16:46:03.0987 2500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/14 16:46:07.0565 2500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/14 16:46:08.0877 2500 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/14 16:46:10.0034 2500 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/14 16:46:10.0174 2500 ================================================================================
2011/03/14 16:46:10.0174 2500 Scan finished
2011/03/14 16:46:10.0174 2500 ================================================================================
2011/03/14 16:46:10.0190 2784 Detected object count: 1
2011/03/14 16:50:34.0971 2784 Locked file(sptd) - User select action: Skip
2011/03/14 16:51:18.0877 2224 ================================================================================
2011/03/14 16:51:18.0877 2224 Scan started
2011/03/14 16:51:18.0877 2224 Mode: Manual;
2011/03/14 16:51:18.0877 2224 ================================================================================
2011/03/14 16:51:21.0487 2224 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/14 16:51:23.0081 2224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/14 16:51:24.0206 2224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/14 16:51:25.0315 2224 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/14 16:51:26.0440 2224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/14 16:51:27.0674 2224 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/14 16:51:28.0815 2224 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/14 16:51:29.0987 2224 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/14 16:51:31.0096 2224 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/14 16:51:32.0784 2224 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/14 16:51:33.0831 2224 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/14 16:51:34.0924 2224 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/14 16:51:35.0971 2224 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/14 16:51:37.0096 2224 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/14 16:51:38.0112 2224 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/14 16:51:39.0206 2224 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/14 16:51:40.0268 2224 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/14 16:51:41.0331 2224 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/14 16:51:42.0846 2224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/14 16:51:43.0893 2224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/14 16:51:46.0112 2224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/14 16:51:47.0190 2224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/14 16:51:48.0268 2224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/14 16:51:49.0315 2224 BEFCMU10 (5dce53c8c0e698c5713693268af045cd) C:\WINDOWS\system32\DRIVERS\BEFCMU10.sys
2011/03/14 16:51:51.0393 2224 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/14 16:51:52.0893 2224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/14 16:51:53.0971 2224 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/14 16:51:55.0096 2224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/14 16:51:56.0159 2224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/14 16:51:57.0221 2224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/14 16:51:59.0299 2224 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/14 16:52:00.0424 2224 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/14 16:52:01.0502 2224 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/14 16:52:03.0127 2224 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/14 16:52:04.0268 2224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/14 16:52:05.0362 2224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/14 16:52:06.0424 2224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/14 16:52:07.0471 2224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/14 16:52:08.0565 2224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/14 16:52:09.0643 2224 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/14 16:52:10.0674 2224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/14 16:52:11.0877 2224 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/14 16:52:13.0237 2224 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/14 16:52:13.0424 2224 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/14 16:52:14.0502 2224 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/14 16:52:15.0549 2224 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/03/14 16:52:16.0643 2224 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/14 16:52:17.0752 2224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/14 16:52:18.0846 2224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/14 16:52:19.0909 2224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/14 16:52:20.0971 2224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/14 16:52:22.0565 2224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/14 16:52:23.0565 2224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/14 16:52:24.0643 2224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/14 16:52:25.0706 2224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/14 16:52:26.0784 2224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/14 16:52:27.0862 2224 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/14 16:52:29.0002 2224 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/14 16:52:30.0174 2224 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/14 16:52:31.0268 2224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/14 16:52:32.0815 2224 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/14 16:52:33.0877 2224 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/14 16:52:34.0940 2224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/14 16:52:35.0987 2224 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/14 16:52:37.0112 2224 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
2011/03/14 16:52:38.0190 2224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/14 16:52:39.0252 2224 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/14 16:52:40.0331 2224 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/14 16:52:41.0377 2224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/14 16:52:42.0909 2224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/14 16:52:43.0940 2224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/14 16:52:45.0096 2224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/14 16:52:46.0174 2224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/14 16:52:47.0268 2224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/14 16:52:48.0784 2224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/14 16:52:49.0815 2224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/14 16:52:50.0909 2224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/14 16:52:51.0956 2224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/14 16:52:53.0002 2224 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/03/14 16:52:54.0159 2224 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2011/03/14 16:52:55.0190 2224 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/14 16:52:56.0237 2224 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/14 16:52:57.0768 2224 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/14 16:52:58.0799 2224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/14 16:52:59.0862 2224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/14 16:53:02.0018 2224 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/14 16:53:03.0174 2224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/14 16:53:04.0252 2224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/14 16:53:05.0299 2224 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/14 16:53:06.0331 2224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/14 16:53:08.0190 2224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/14 16:53:09.0299 2224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/14 16:53:10.0315 2224 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/14 16:53:11.0377 2224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/14 16:53:12.0440 2224 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/14 16:53:13.0534 2224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/14 16:53:14.0612 2224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/14 16:53:15.0674 2224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/14 16:53:16.0784 2224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/14 16:53:18.0284 2224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/14 16:53:19.0409 2224 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/14 16:53:20.0471 2224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/14 16:53:21.0534 2224 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/14 16:53:23.0081 2224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/14 16:53:24.0237 2224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/14 16:53:25.0284 2224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/14 16:53:26.0362 2224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/14 16:53:27.0409 2224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/14 16:53:28.0502 2224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/14 16:53:29.0549 2224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/14 16:53:30.0581 2224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/14 16:53:32.0081 2224 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/14 16:53:33.0237 2224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/14 16:53:34.0284 2224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/14 16:53:35.0377 2224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/14 16:53:36.0424 2224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/14 16:53:37.0471 2224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/14 16:53:38.0518 2224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/14 16:53:40.0612 2224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/14 16:53:41.0784 2224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/14 16:53:47.0471 2224 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/14 16:53:48.0518 2224 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/14 16:53:49.0659 2224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/14 16:53:50.0721 2224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/14 16:53:51.0737 2224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/14 16:53:52.0768 2224 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/14 16:53:53.0846 2224 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/14 16:53:54.0971 2224 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/14 16:53:56.0206 2224 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/14 16:53:58.0018 2224 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/14 16:53:59.0159 2224 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/14 16:54:00.0268 2224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/14 16:54:01.0346 2224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/14 16:54:02.0393 2224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/14 16:54:03.0534 2224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/14 16:54:04.0581 2224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/14 16:54:05.0612 2224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/14 16:54:06.0752 2224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/14 16:54:07.0831 2224 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/14 16:54:08.0909 2224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/14 16:54:10.0002 2224 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/03/14 16:54:11.0190 2224 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/03/14 16:54:12.0331 2224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/14 16:54:13.0393 2224 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/14 16:54:14.0471 2224 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/14 16:54:15.0690 2224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/14 16:54:16.0768 2224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/14 16:54:18.0909 2224 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/14 16:54:20.0018 2224 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/14 16:54:21.0143 2224 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/14 16:54:23.0127 2224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/14 16:54:24.0768 2224 sptd (b242b473802ebd0558f8ff0caec36f2b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/14 16:54:24.0768 2224 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: b242b473802ebd0558f8ff0caec36f2b
2011/03/14 16:54:24.0784 2224 sptd - detected Locked file (1)
2011/03/14 16:54:25.0862 2224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/14 16:54:26.0940 2224 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/14 16:54:28.0002 2224 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/14 16:54:29.0112 2224 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/14 16:54:30.0190 2224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/14 16:54:31.0299 2224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/14 16:54:32.0846 2224 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/14 16:54:33.0909 2224 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/14 16:54:34.0940 2224 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/14 16:54:35.0971 2224 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/14 16:54:37.0096 2224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/14 16:54:38.0174 2224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/14 16:54:39.0252 2224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/14 16:54:40.0315 2224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/14 16:54:41.0393 2224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/14 16:54:42.0846 2224 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/14 16:54:43.0846 2224 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/14 16:54:44.0877 2224 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/14 16:54:45.0862 2224 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/14 16:54:46.0862 2224 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/14 16:54:48.0377 2224 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/14 16:54:49.0534 2224 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/14 16:54:50.0534 2224 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/14 16:54:51.0534 2224 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/14 16:54:52.0596 2224 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/14 16:54:53.0690 2224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/14 16:54:54.0815 2224 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/14 16:54:55.0893 2224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/14 16:54:57.0377 2224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/14 16:54:58.0534 2224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/14 16:54:59.0581 2224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/14 16:55:00.0627 2224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/14 16:55:01.0674 2224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/14 16:55:02.0831 2224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/14 16:55:03.0971 2224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/14 16:55:05.0159 2224 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/03/14 16:55:06.0377 2224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/14 16:55:07.0487 2224 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/14 16:55:08.0674 2224 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/14 16:55:09.0831 2224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/14 16:55:10.0971 2224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/14 16:55:15.0112 2224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/14 16:55:16.0174 2224 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/14 16:55:17.0315 2224 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/14 16:55:17.0440 2224 ================================================================================
2011/03/14 16:55:17.0440 2224 Scan finished
2011/03/14 16:55:17.0440 2224 ================================================================================
2011/03/14 16:55:17.0471 3376 Detected object count: 1
2011/03/14 16:56:58.0252 3376 sptd (b242b473802ebd0558f8ff0caec36f2b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/14 16:56:58.0252 3376 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: b242b473802ebd0558f8ff0caec36f2b
2011/03/14 16:56:58.0284 3376 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
2011/03/14 16:56:58.0284 3376 Locked file(sptd) - User select action: Quarantine

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7997000 \WINDOWS\system32\KDCOM.DLL
0xF78A7000 \WINDOWS\system32\BOOTVID.dll
0xF73A6000 sptd.sys
0xF7999000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF738E000 \WINDOWS\System32\Drivers\SPTD9485.SYS
0xF7360000 ACPI.sys
0xF734F000 pci.sys
0xF7497000 isapnp.sys
0xF7A5F000 pciide.sys
0xF7717000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF799B000 intelide.sys
0xF74A7000 MountMgr.sys
0xF7330000 ftdisk.sys
0xF771F000 PartMgr.sys
0xF74B7000 VolSnap.sys
0xF7318000 atapi.sys
0xF74C7000 disk.sys
0xF74D7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F8000 fltmgr.sys
0xF72E6000 sr.sys
0xF74E7000 PxHelp20.sys
0xF72D0000 drvmcdb.sys
0xF72B9000 KSecDD.sys
0xF722C000 Ntfs.sys
0xF71FF000 NDIS.sys
0xF71E5000 Mup.sys
0xF6CC3000 kl1.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6B04000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6AF0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6ACC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6A98000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6A75000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6976000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF68CF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77AF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF68A9000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7607000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7617000 \SystemRoot\system32\DRIVERS\serial.sys
0xF797B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6895000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7627000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79B3000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7637000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7647000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6855000 \SystemRoot\system32\drivers\smwdm.sys
0xF6831000 \SystemRoot\system32\drivers\portcls.sys
0xF7657000 \SystemRoot\system32\drivers\drmk.sys
0xF677E000 \SystemRoot\system32\drivers\senfilt.sys
0xF7667000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7BBF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7677000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7983000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6767000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7697000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6756000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF65A0000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76E7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6C62000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF6C5A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE42F000 \SystemRoot\system32\DRIVERS\klif.sys
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF780F000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7817000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF781F000 \SystemRoot\System32\drivers\vga.sys
0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7827000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF782F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6C42000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7837000 \SystemRoot\system32\DRIVERS\kl2.sys
0xEE3D4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE37B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE353000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE331000 \SystemRoot\System32\drivers\afd.sys
0xF7507000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF784F000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xEE306000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE26E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7517000 \??\C:\WINDOWS\system32\drivers\ikhlayer.sys
0xEE248000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7527000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7857000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF785F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF657C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEE4DF000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7877000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEE4D7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7547000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6706000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE190000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A1D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6578000 \SystemRoot\System32\drivers\Dxapi.sys
0xF786F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AE0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xF7597000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7BB8000 \SystemRoot\system32\dla\tfsndres.sys
0xEE03A000 \SystemRoot\system32\dla\tfsnifs.sys
0xEE164000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A43000 \SystemRoot\system32\dla\tfsnpool.sys
0xF773F000 \SystemRoot\system32\dla\tfsnboio.sys
0xF75A7000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7AC7000 \SystemRoot\system32\dla\tfsndrct.sys
0xEE021000 \SystemRoot\system32\dla\tfsnudf.sys
0xEE008000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEE15C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDDAB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xEDDFC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDC3B000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDE10000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEDAE6000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDBF3000 \SystemRoot\system32\drivers\sysaudio.sys
0xED31F000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79EB000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xED1C7000 \??\C:\DOCUME~1\VICKIE~1\LOCALS~1\Temp\uxtdipow.sys
0xED1A3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
916 C:\WINDOWS\system32\smss.exe
1020 csrss.exe
1044 C:\WINDOWS\system32\winlogon.exe
1092 C:\WINDOWS\system32\services.exe
1104 C:\WINDOWS\system32\lsass.exe
1280 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1544 C:\WINDOWS\system32\svchost.exe
1648 svchost.exe
1832 svchost.exe
1988 C:\WINDOWS\system32\spoolsv.exe
692 svchost.exe
724 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
776 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
808 C:\Program Files\Spyware Doctor\sdhelp.exe
1008 C:\WINDOWS\system32\svchost.exe
1256 wdfmgr.exe
1524 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2428 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
4040 alg.exe
3520 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
168 C:\WINDOWS\explorer.exe
1504 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
2088 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1672 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3760 C:\WINDOWS\system32\dla\tfswctrl.exe
2572 C:\WINDOWS\system32\hkcmd.exe
448 C:\WINDOWS\system32\igfxpers.exe
940 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
3332 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
3988 C:\WINDOWS\system32\ctfmon.exe
3964 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGCA.EXE
3620 C:\Program Files\DellSupport\DSAgnt.exe
3040 C:\Program Files\Digital Line Detect\DLG.exe
2568 C:\Program Files\Internet Explorer\iexplore.exe
2872 C:\Program Files\Internet Explorer\iexplore.exe
1360 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
4028 C:\Documents and Settings\Vickie Hickey\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-75JHC0, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!
Do or do not. There is no try. -Yoda

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 14 March 2011 - 07:09 PM

That's okay, you don't want to delete the file it's flagged up, trust me it's legitimate. The other log shows no infection so that's encouraging. Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 14 March 2011 - 08:54 PM

Thank you once again for your help.
I have followed your instructions and here is the C:\ComboFix.txt


ComboFix 11-03-14.01 - Vickie Hickey 03/14/2011 21:20:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.460 [GMT -4:00]
Running from: c:\documents and settings\Vickie Hickey\Desktop\comfix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midas.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\yycdd.ini
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-14 20:56 . 2011-03-14 20:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-03-14 04:11 . 2011-03-14 04:11 -------- d-----w- C:\My Music
2011-03-11 06:12 . 2011-03-11 06:12 -------- d-sh--w- c:\documents and settings\Vickie Hickey\IECompatCache
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\documents and settings\Vickie Hickey\Application Data\Malwarebytes
2011-03-08 02:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-08 02:30 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 05:37 . 2010-10-06 01:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-03-06 05:37 . 2010-10-06 01:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-03-06 05:37 . 2011-03-06 20:04 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-03-06 05:37 . 2011-03-06 20:04 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-03-06 05:34 . 2011-03-15 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-03-06 05:34 . 2011-03-06 05:34 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-06 05:21 . 2011-03-06 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-03-06 03:59 . 2011-03-06 03:59 -------- d-----w- c:\documents and settings\Vickie Hickey\Application Data\Uniblue
2011-03-06 03:59 . 2011-03-06 03:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-06 03:59 . 2011-03-06 03:59 -------- d-----w- c:\program files\Uniblue
2011-03-06 03:58 . 2011-03-06 03:58 -------- d-----w- c:\documents and settings\Vickie Hickey\Local Settings\Application Data\PackageAware
2011-03-05 23:13 . 2011-03-06 03:18 -------- d-----w- c:\windows\BDOSCAN8
2011-03-05 14:56 . 2011-03-05 14:56 -------- d-----w- C:\fsaua.data
2011-03-05 03:10 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-05 03:10 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-05 03:10 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-05 03:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-05 03:09 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-05 03:07 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-05 00:17 . 2011-03-05 00:17 -------- d-----w- c:\windows\Mozilla
2011-03-03 14:26 . 2011-03-03 14:26 -------- d-----w- c:\windows\system32\scripting
2011-03-03 14:26 . 2011-03-03 14:26 -------- d-----w- c:\windows\l2schemas
2011-03-02 13:38 . 2011-03-02 13:38 -------- d-sh--w- c:\documents and settings\Vickie Hickey\PrivacIE
2011-03-02 13:30 . 2011-03-02 13:30 -------- d-sh--w- c:\documents and settings\Vickie Hickey\IETldCache
2011-03-02 13:29 . 2011-03-02 13:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-02 13:24 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-02 13:24 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-02 13:24 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-02 13:22 . 2011-03-04 21:55 -------- dc-h--w- c:\windows\ie8
2011-03-01 15:23 . 2011-03-04 22:02 -------- d-----w- c:\documents and settings\Guest
2011-03-01 05:03 . 2011-03-03 14:24 -------- d-----w- c:\windows\ServicePackFiles
2011-02-28 21:44 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-02-28 21:43 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-28 21:32 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-02-28 21:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-02-28 21:31 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys
2011-02-28 21:30 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-28 21:30 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-02-28 21:27 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-28 21:24 . 2009-06-10 14:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-02-28 21:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-02-28 21:23 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-28 21:23 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-02-28 13:54 . 2011-02-28 13:53 720896 ----a-w- c:\windows\iun6002.exe
2011-02-28 13:53 . 2011-02-28 14:02 -------- d-----w- c:\program files\Mathematics Worksheet Factory Lite
2011-02-25 15:18 . 2011-03-05 15:29 -------- d-----w- c:\documents and settings\RT. E and R
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:41 . 2005-11-20 18:23 96384 ----a-w- c:\windows\system32\drivers\sptd9485.sys
2011-02-09 13:53 . 2004-08-10 17:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-10 18:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 13:21 . 2011-01-30 13:21 49540 ----a-w- c:\windows\rxvcrt.dll
2011-01-27 11:57 . 2004-08-10 18:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 17:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 17:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 17:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2007-06-04 22:29 . 2006-06-22 17:50 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-04 22:29 . 2006-06-22 17:51 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-04 22:29 . 2006-06-22 17:50 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-24 24576]
Event Reminder.lnk - c:\program files\Broderbund\Broderbund Homework Helpers\pmremind.exe [2011-1-13 331776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18847:TCP"= 18847:TCP:BitComet 18847 TCP
"18847:UDP"= 18847:UDP:BitComet 18847 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/20/2005 2:23 PM 642560]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2007 1:49 PM 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S3 BEFCMU10;Linksys BEFCMU10 EtherFast Cable Modem with USB;c:\windows\system32\drivers\BEFCMU10.sys [5/27/2008 2:04 PM 15423]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/26/2007 2:47 AM 272128]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} - hxxp://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
FF - ProfilePath - c:\documents and settings\Vickie Hickey\Application Data\Mozilla\Firefox\Profiles\um74kghq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe Gamma.lnk - (no file)
HKU-Default-Run-Spyware Doctor - (no file)
AddRemove-Bejeweled 2 Deluxe - c:\progra~1\GAMEHO~1\BEJEWE~1\UNWISE.EXE
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP = c:\program files\Analog Devices\Core\smax4pnp.exe?e?v?i?c?e?s?\?C?o?r?e?\?s?m?a?x?4?p?n?p?.?e?x?e???m??|???|?????????{?????????|?{??????T??????w@???<J??<J???????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
SunJavaUpdateSched = c:\program files\Java\j2re1.4.2_03\bin\jusched.exe??1?.?4?.?2?_?0?3?\?b?i?n?\?j?u?s?c?h?e?d?.?e?x?e????|???|?????????{?????????|?{??????T??????w@???<J??<J???????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
DMXLauncher = c:\program files\Dell\Media Experience\DMXLauncher.exe??E?x?p?e?r?i?e?n?c?e?\?D?M?X?L?a?u?n?c?h?e?r?.?e?x?e???i?c?e?\?i?s?s?c?h?.?e?x?e?"? ?-?s?t?a?r?t??????????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
Adobe Gamma.lnk = ?:\documents and settings\Travis Hickey\Start Menu\Programs\Startup\Adobe Gamma.lnk?????????????????????????????????????????????????????g??w0??w????*??w??G?,???????? @?L????aB?????,???0??????????? $@?????6$@?=$@??aB?2????????????????&@? ;@????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2011-03-14 21:46:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 01:46
.
Pre-Run: 7,827,836,928 bytes free
Post-Run: 9,150,033,920 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C9FC349BE9965CABF5E4C1535573F502
Do or do not. There is no try. -Yoda

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 15 March 2011 - 03:55 PM

That looks fine, just another run of Combofix to unlock some registry entries

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please now run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#9 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 15 March 2011 - 09:28 PM

Ciao m0le...
I ran combofix again as you instructed.
Here is the log of that and of the MBAM log report.
Thank you...

ComboFix 11-03-15.01 - Vickie Hickey 03/15/2011 19:19:36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.639 [GMT -4:00]
Running from: c:\documents and settings\Vickie Hickey\Desktop\comfix.exe
Command switches used :: c:\documents and settings\Vickie Hickey\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-14 20:56 . 2011-03-14 20:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-03-14 04:11 . 2011-03-14 04:11 -------- d-----w- C:\My Music
2011-03-11 06:12 . 2011-03-11 06:12 -------- d-sh--w- c:\documents and settings\Vickie Hickey\IECompatCache
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\documents and settings\Vickie Hickey\Application Data\Malwarebytes
2011-03-08 02:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-08 02:30 . 2011-03-08 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-08 02:30 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 05:37 . 2010-10-06 01:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-03-06 05:37 . 2010-10-06 01:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-03-06 05:37 . 2011-03-06 20:04 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-03-06 05:37 . 2011-03-06 20:04 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-03-06 05:34 . 2011-03-15 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-03-06 05:34 . 2011-03-06 05:34 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-06 05:21 . 2011-03-06 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-03-06 03:59 . 2011-03-06 03:59 -------- d-----w- c:\documents and settings\Vickie Hickey\Application Data\Uniblue
2011-03-06 03:59 . 2011-03-06 03:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-03-06 03:59 . 2011-03-06 03:59 -------- d-----w- c:\program files\Uniblue
2011-03-06 03:58 . 2011-03-06 03:58 -------- d-----w- c:\documents and settings\Vickie Hickey\Local Settings\Application Data\PackageAware
2011-03-05 23:13 . 2011-03-06 03:18 -------- d-----w- c:\windows\BDOSCAN8
2011-03-05 14:56 . 2011-03-05 14:56 -------- d-----w- C:\fsaua.data
2011-03-05 03:10 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-05 03:10 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-05 03:10 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-05 03:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-05 03:09 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-05 03:07 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-05 00:17 . 2011-03-05 00:17 -------- d-----w- c:\windows\Mozilla
2011-03-03 14:26 . 2011-03-03 14:26 -------- d-----w- c:\windows\system32\scripting
2011-03-03 14:26 . 2011-03-03 14:26 -------- d-----w- c:\windows\l2schemas
2011-03-02 13:38 . 2011-03-02 13:38 -------- d-sh--w- c:\documents and settings\Vickie Hickey\PrivacIE
2011-03-02 13:30 . 2011-03-02 13:30 -------- d-sh--w- c:\documents and settings\Vickie Hickey\IETldCache
2011-03-02 13:29 . 2011-03-02 13:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-02 13:24 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-02 13:24 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-02 13:24 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-02 13:22 . 2011-03-04 21:55 -------- dc-h--w- c:\windows\ie8
2011-03-01 15:23 . 2011-03-04 22:02 -------- d-----w- c:\documents and settings\Guest
2011-03-01 05:03 . 2011-03-03 14:24 -------- d-----w- c:\windows\ServicePackFiles
2011-02-28 21:44 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-02-28 21:43 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-28 21:32 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-02-28 21:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-02-28 21:31 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys
2011-02-28 21:30 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-28 21:30 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-02-28 21:27 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-28 21:24 . 2009-06-10 14:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-02-28 21:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-02-28 21:23 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-28 21:23 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-02-28 13:54 . 2011-02-28 13:53 720896 ----a-w- c:\windows\iun6002.exe
2011-02-28 13:53 . 2011-02-28 14:02 -------- d-----w- c:\program files\Mathematics Worksheet Factory Lite
2011-02-25 15:18 . 2011-03-05 15:29 -------- d-----w- c:\documents and settings\RT. E and R
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:41 . 2005-11-20 18:23 96384 ----a-w- c:\windows\system32\drivers\sptd9485.sys
2011-02-09 13:53 . 2004-08-10 17:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-10 18:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 13:21 . 2011-01-30 13:21 49540 ----a-w- c:\windows\rxvcrt.dll
2011-01-27 11:57 . 2004-08-10 18:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 17:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 17:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 17:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2007-06-04 22:29 . 2006-06-22 17:50 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-04 22:29 . 2006-06-22 17:51 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-04 22:29 . 2006-06-22 17:50 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-24 24576]
Event Reminder.lnk - c:\program files\Broderbund\Broderbund Homework Helpers\pmremind.exe [2011-1-13 331776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18847:TCP"= 18847:TCP:BitComet 18847 TCP
"18847:UDP"= 18847:UDP:BitComet 18847 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/20/2005 2:23 PM 642560]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2007 1:49 PM 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S3 BEFCMU10;Linksys BEFCMU10 EtherFast Cable Modem with USB;c:\windows\system32\drivers\BEFCMU10.sys [5/27/2008 2:04 PM 15423]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/26/2007 2:47 AM 272128]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} - hxxp://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
FF - ProfilePath - c:\documents and settings\Vickie Hickey\Application Data\Mozilla\Firefox\Profiles\um74kghq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 19:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP = c:\program files\Analog Devices\Core\smax4pnp.exe?e?v?i?c?e?s?\?C?o?r?e?\?s?m?a?x?4?p?n?p?.?e?x?e???m??|???|?????????{?????????|?{??????T??????w@???<J??<J???????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
SunJavaUpdateSched = c:\program files\Java\j2re1.4.2_03\bin\jusched.exe??1?.?4?.?2?_?0?3?\?b?i?n?\?j?u?s?c?h?e?d?.?e?x?e????|???|?????????{?????????|?{??????T??????w@???<J??<J???????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
DMXLauncher = c:\program files\Dell\Media Experience\DMXLauncher.exe??E?x?p?e?r?i?e?n?c?e?\?D?M?X?L?a?u?n?c?h?e?r?.?e?x?e???i?c?e?\?i?s?s?c?h?.?e?x?e?"? ?-?s?t?a?r?t??????????%@?\-??????`???????,???t??????????????????????????????w????p????-?? $@?????6$@?=$@?<J??????<J?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-03-15 19:34:10
ComboFix-quarantined-files.txt 2011-03-15 23:33
ComboFix2.txt 2011-03-15 01:46
.
Pre-Run: 9,256,927,232 bytes free
Post-Run: 9,246,765,056 bytes free
.
- - End Of File - - E64DFD3DC67AFB65A44D744553E1D1C5


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6070

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2011 9:58:48 PM
mbam-log-2011-03-15 (21-58-48).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 306865
Time elapsed: 2 hour(s), 16 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Do or do not. There is no try. -Yoda

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 16 March 2011 - 06:24 PM

Please now run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#11 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 16 March 2011 - 11:39 PM

Wow...it looks like it found 22 items.
Interesting!!!

And Impressive.

So here are the results of that scan:

C:\Documents and Settings\Vickie Hickey\My Documents\Tech Stuff\FixCleanerSetup.exe Win32/Adware.ErrorRepair application deleted - quarantined
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\yycdd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1186\A0397587.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1187\A0397588.msi Win32/Adware.ErrorRepair application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1191\A0402769.exe Win32/Adware.ErrorRepair application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1191\A0402770.msi Win32/Adware.ErrorRepair application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193\A0407992.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193\A0407993.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193\A0407994.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193\A0407995.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193\A0407996.rbf Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1203\A0412119.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205\A0412532.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205\A0412533.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205\A0412534.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205\A0412535.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205\A0412536.exe Win32/RegistryBooster application cleaned by deleting - quarantined
Do or do not. There is no try. -Yoda

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 17 March 2011 - 04:42 PM

That looks clean now. Are you still having the user access problem?
Posted Image
m0le is a proud member of UNITE

#13 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 18 March 2011 - 12:41 AM

m0le,

Thank you for your help so far, I can't tell you how much I appreciate this...

Strange, I tried to log into my husband's user account. His password worked no problem. I got a screen that said can not find local profile windows will make a temp profile. changes will be lost when you log off. I was able to use IE8 and go online, his settings of course were all lost on the desktop. I can not find his files, nothing is there! the only thing he has left is what he had put into the 'shared' folder. I was able to run Kaspersky under his account. It found nothing. So...every time he logs on everything will be lost!

I don't get it!!!!

Lady Earp
Do or do not. There is no try. -Yoda

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 18 March 2011 - 05:22 PM

Try this tutorial on finding and restoring the local profile.
Posted Image
m0le is a proud member of UNITE

#15 LadyEarp

LadyEarp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 PM

Posted 20 March 2011 - 03:51 PM

My husband's profile is not deleted. Just his stuff from his profile folders.
I went to RUN and typed in 'compmgmt.msc' (without the quotations) and Local Users and Groups folder was nowhere to be found.
So, that first part did not work for me!

part 2 was the user name ans the Welcome screen doesn't match with the one in the Task Manager...this is not the case either, so I looked on to the third section...

A user profile has been accidentally deleted...
the profile is still there...so that one can't assist me either...

:(
Do or do not. There is no try. -Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users