Cross Forum-Thread (Eliminating The Possibility of Malware)

  1. 16-11-2010  #1
    Shadefyre
    Shadefyre is offline Full Member

    Cross Forum-Thread (Eliminating The Possibility of Malware)

    Hi, I originally made this thread (http://www.d-a-l.com/help/windows-xp...tml#post241144), and we're in the process of narrowing down the cause, in this case whether its viral in nature or not.

    I've run MBAM, GMER, MBRCheck, and the logs are attached below. I'm working on getting a DDS report as well, but I seem to be having a bit of trouble with disabling all active script-blocking, hitting a blue-screen shaped wall at moment, but I'll post it once I've got it through.
    Attached Files
    Last edited by Shadefyre; 16-11-2010 at 03:39 AM. Reason: Attaching Logs
  2. 16-11-2010  #2
    Shadefyre
    Shadefyre is offline Full Member
    Apparently the GMER log is too big to either post or attach.
    Last edited by Shadefyre; 16-11-2010 at 03:40 AM. Reason: Unneccessary
  3. 16-11-2010  #3
    broni
    broni is offline Senior Member
    You had a thread here: http://www.d-a-l.com/help/spyware-ad...n-problem.html
    What did actually happen?
    Did you replace hard drive, or.....?

    ================================================== =======

    Now, all logs have to be pasted.

    Please, read HERE and provide all required logs.

    In case of GMER....

    Upload the file(s) here: Free File Hosting - Online Storage; Upload Mp3, Videos, Music. Backup Files
    Post download link (copy URL: link):
  4. 16-11-2010  #4
    Shadefyre
    Shadefyre is offline Full Member
    My apologies for not posting final results in my redirection problem, but yes, I did end up replacing the hard drive, which indirectly fixed the problem.

    GMER Log: http://www.filedropper.com/gmer

    MBAM Log
    Malwarebytes' Anti-Malware 1.46
    Malwarebytes

    Database version: 5026

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    11/2/2010 9:16:21 PM
    mbam-log-2010-11-02 (21-16-21).txt

    Scan type: Quick scan
    Objects scanned: 135420
    Time elapsed: 3 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Documents and Settings\Administrator\Local Settings\Application Data\localesentCMP\localesentCMP.dll (Trojan.SearchRedir.M) -> Delete on reboot.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\localesentcmp (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Administrator\Local Settings\Application Data\localesentCMP (Trojan.SearchRedir.M) -> Delete on reboot.

    Files Infected:
    C:\Documents and Settings\Administrator\Local Settings\Application Data\localesentCMP\localesentCMP.dll (Trojan.SearchRedir.M) -> Delete on reboot.
  5. 16-11-2010  #5
    Shadefyre
    Shadefyre is offline Full Member
    And the MBR Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 143):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75F7000 ccba.sys
    0xF7443000 spzg.sys
    0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF742B000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF7869000 ACPI.sys
    0xF741A000 pci.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7627000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7637000 MountMgr.sys
    0xF784A000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF7961000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7647000 VolSnap.sys
    0xF7402000 atapi.sys
    0xF7A1C000 mv61xx.sys
    0xF7657000 disk.sys
    0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xBA7E0000 fltMgr.sys
    0xBA7CE000 sr.sys
    0xBA7B7000 KSecDD.sys
    0xBA72A000 Ntfs.sys
    0xBA6FD000 NDIS.sys
    0xBA6E3000 Mup.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB93AD000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB9399000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9371000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF77AF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB934D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB999E000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB998E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB997E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB932A000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB91CA000 \SystemRoot\system32\drivers\P17.sys
    0xB91A6000 \SystemRoot\system32\drivers\portcls.sys
    0xB996E000 \SystemRoot\system32\drivers\drmk.sys
    0xB9174000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
    0xB914D000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    0xB8FEA000 \SystemRoot\system32\drivers\p17filt.sys
    0xB995E000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF799D000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xB994E000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB993E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7A55000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB992E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8C77000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB991E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB990E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8C66000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75C6000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8C36000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF75B6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8C19000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0xF799F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8BBB000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA6AB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF75A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xACB35000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0xF7586000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79A3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xACA3F000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xACA27000 \SystemRoot\system32\drivers\AEAudio.sys
    0xAC9C7000 \SystemRoot\system32\drivers\Senfilt.sys
    0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB9E3C000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF77F7000 \SystemRoot\System32\drivers\vga.sys
    0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF77FF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7807000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9CBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAC8FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAC8A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7556000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xF7546000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAC87F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAC82F000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAC7AE000 \SystemRoot\System32\vsdatant.sys
    0xF7536000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xAC78C000 \SystemRoot\System32\drivers\afd.sys
    0xBA663000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF780F000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0xAC761000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAC6C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA653000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAC6A2000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF79B3000 \SystemRoot\system32\drivers\AsIO.sys
    0xF781F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xAC666000 \SystemRoot\system32\DRIVERS\rt73.sys
    0xB8B93000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA643000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF771F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xAC9A5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA623000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAC981000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF774F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7A65000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF060000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FC000 \SystemRoot\System32\atikvmag.dll
    0xBF199000 \SystemRoot\System32\atiok3x2.dll
    0xBF1FE000 \SystemRoot\System32\ati3duag.dll
    0xBF556000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9B85000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xF776F000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA9B25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9C1D000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xF775F000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0xA96C6000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA9431000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA95FE000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA92AB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA92EF000 \SystemRoot\System32\Drivers\Aspi32.SYS
    0xA9268000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0xA9148000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF7817000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xA8CBE000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA8EC8000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
    0xA8B17000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwldypow.sy s
    0xA85FC000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    660 C:\WINDOWS\system32\smss.exe
    724 csrss.exe
    764 C:\WINDOWS\system32\winlogon.exe
    808 C:\WINDOWS\system32\services.exe
    820 C:\WINDOWS\system32\lsass.exe
    980 C:\WINDOWS\system32\ati2evxx.exe
    1000 C:\WINDOWS\system32\svchost.exe
    1048 svchost.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1316 svchost.exe
    1352 svchost.exe
    1400 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    1580 C:\WINDOWS\system32\ati2evxx.exe
    1812 C:\WINDOWS\explorer.exe
    392 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    500 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1724 C:\WINDOWS\system32\spoolsv.exe
    520 svchost.exe
    560 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    580 C:\Program Files\Bonjour\mDNSResponder.exe
    592 C:\WINDOWS\system32\CTSVCCDA.EXE
    644 C:\Program Files\Java\jre6\bin\jqs.exe
    712 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    868 C:\WINDOWS\system32\PnkBstrA.exe
    2136 C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    2176 C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    2420 alg.exe
    2428 C:\Program Files\Unlocker\UnlockerAssistant.exe
    2436 C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    2444 C:\WINDOWS\system32\rundll32.exe
    2464 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    2492 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2540 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2768 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2932 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    3004 C:\Program Files\iTunes\iTunesHelper.exe
    3084 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3208 C:\Program Files\RocketDock\RocketDock.exe
    3348 C:\WINDOWS\system32\ctfmon.exe
    3360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    2760 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    2884 C:\WINDOWS\system32\svchost.exe
    3036 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    3680 C:\Program Files\iPod\bin\iPodService.exe
    3316 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    2636 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3752 C:\Program Files\iTunes\iTunes.exe
    936 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    3764 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    1980 C:\Program Files\Mozilla Firefox\firefox.exe
    3720 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000024`9ed8e200 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST31000528AS, Rev: CC38
    PhysicalDrive1 Model Number: ST31000528AS, Rev: CC37

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  6. 16-11-2010  #6
    broni
    broni is offline Senior Member
    I still need other logs...
  7. 18-11-2010  #7
    Shadefyre
    Shadefyre is offline Full Member
    I seem to be having a bit of trouble with the DDS logs, as every time I run it I hit a blue screen. I've been disabling my av/firewall before running DDS to prevent script blocking, and yet still I get the same blue screen. Is there perhaps something else I should be turning off that might be blocking scripts?
  8. 18-11-2010  #8
    broni
    broni is offline Senior Member
    Posting part of your GMER log:

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----

    ================================================== ===============================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. 19-11-2010  #9
    Shadefyre
    Shadefyre is offline Full Member
    Here's the TDSSKiller log:

    2010/11/18 19:11:52.0044 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
    2010/11/18 19:11:52.0044 ================================================== ==============================
    2010/11/18 19:11:52.0044 SystemInfo:
    2010/11/18 19:11:52.0044
    2010/11/18 19:11:52.0044 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/18 19:11:52.0044 Product type: Workstation
    2010/11/18 19:11:52.0044 ComputerName: ALPHAZERO
    2010/11/18 19:11:52.0044 UserName: Administrator
    2010/11/18 19:11:52.0044 Windows directory: C:\WINDOWS
    2010/11/18 19:11:52.0044 System windows directory: C:\WINDOWS
    2010/11/18 19:11:52.0044 Processor architecture: Intel x86
    2010/11/18 19:11:52.0044 Number of processors: 2
    2010/11/18 19:11:52.0044 Page size: 0x1000
    2010/11/18 19:11:52.0044 Boot type: Normal boot
    2010/11/18 19:11:52.0044 ================================================== ==============================
    2010/11/18 19:11:52.0653 Initialize success
    2010/11/18 19:11:55.0778 ================================================== ==============================
    2010/11/18 19:11:55.0778 Scan started
    2010/11/18 19:11:55.0778 Mode: Manual;
    2010/11/18 19:11:55.0778 ================================================== ==============================
    2010/11/18 19:11:57.0575 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/11/18 19:11:57.0684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/18 19:11:57.0747 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/18 19:11:57.0841 ADIHdAudAddService (f277c43c2e0672eed28cca0d13ce175f) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    2010/11/18 19:11:57.0887 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
    2010/11/18 19:11:57.0919 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/18 19:11:57.0966 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/11/18 19:11:57.0997 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/18 19:11:58.0153 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/11/18 19:11:58.0247 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
    2010/11/18 19:11:58.0278 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
    2010/11/18 19:11:58.0325 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/11/18 19:11:58.0356 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/11/18 19:11:58.0403 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/11/18 19:11:58.0419 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/11/18 19:11:58.0481 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/11/18 19:11:58.0497 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/18 19:11:58.0528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/18 19:11:58.0637 ati2mtag (67124e317582758e04230f7800e8b6f8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/11/18 19:11:58.0700 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    2010/11/18 19:11:58.0731 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
    2010/11/18 19:11:58.0747 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/18 19:11:58.0778 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/18 19:11:58.0841 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/18 19:11:58.0872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/18 19:11:58.0887 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/18 19:11:58.0919 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/18 19:11:58.0950 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/18 19:11:58.0950 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/18 19:11:59.0200 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2010/11/18 19:11:59.0247 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/18 19:11:59.0278 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/18 19:11:59.0294 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/18 19:11:59.0309 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/18 19:11:59.0341 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/18 19:11:59.0387 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/18 19:11:59.0434 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/18 19:11:59.0450 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/18 19:11:59.0481 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/18 19:11:59.0497 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/18 19:11:59.0512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/18 19:11:59.0544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/18 19:11:59.0559 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/18 19:11:59.0606 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/18 19:11:59.0637 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/18 19:11:59.0669 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
    2010/11/18 19:11:59.0747 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/18 19:11:59.0778 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/18 19:11:59.0825 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/18 19:11:59.0887 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/18 19:11:59.0903 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/18 19:11:59.0950 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/18 19:11:59.0966 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/18 19:11:59.0997 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/18 19:12:00.0028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/18 19:12:00.0059 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/18 19:12:00.0106 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/18 19:12:00.0137 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/18 19:12:00.0153 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/18 19:12:00.0216 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    2010/11/18 19:12:00.0231 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/18 19:12:00.0262 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/18 19:12:00.0309 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/18 19:12:00.0356 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    2010/11/18 19:12:00.0387 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2010/11/18 19:12:00.0403 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/18 19:12:00.0434 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/18 19:12:00.0450 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/18 19:12:00.0466 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/18 19:12:00.0481 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/18 19:12:00.0512 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/18 19:12:00.0559 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/18 19:12:00.0591 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/18 19:12:00.0606 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/18 19:12:00.0622 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/18 19:12:00.0637 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/18 19:12:00.0684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/18 19:12:00.0716 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/18 19:12:00.0731 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2010/11/18 19:12:00.0762 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/18 19:12:00.0794 mv61xx (702f8cd6dee366f9d795761f8325b4f8) C:\WINDOWS\system32\DRIVERS\mv61xx.sys
    2010/11/18 19:12:00.0841 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/18 19:12:00.0872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/18 19:12:00.0887 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/18 19:12:00.0903 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/18 19:12:00.0919 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/18 19:12:00.0934 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/18 19:12:00.0950 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/18 19:12:00.0966 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/18 19:12:00.0981 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/18 19:12:01.0044 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/11/18 19:12:01.0059 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/18 19:12:01.0075 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/18 19:12:01.0106 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/18 19:12:01.0137 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/18 19:12:01.0137 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/18 19:12:01.0153 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/11/18 19:12:01.0184 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2010/11/18 19:12:01.0216 P17 (9a1c06e3888891757913ef08cb9f8a81) C:\WINDOWS\system32\drivers\P17.sys
    2010/11/18 19:12:01.0278 p17filt (71ddb3a663ddce1651cfe35993fb1c31) C:\WINDOWS\system32\drivers\p17filt.sys
    2010/11/18 19:12:01.0341 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/11/18 19:12:01.0356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/18 19:12:01.0387 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/18 19:12:01.0403 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/18 19:12:01.0450 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/18 19:12:01.0466 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/18 19:12:01.0544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/18 19:12:01.0559 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/18 19:12:01.0575 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/18 19:12:01.0637 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/18 19:12:01.0669 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/18 19:12:01.0684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/18 19:12:01.0684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/18 19:12:01.0716 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/18 19:12:01.0731 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/18 19:12:01.0762 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/18 19:12:01.0794 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/18 19:12:01.0825 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/18 19:12:01.0841 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    2010/11/18 19:12:01.0887 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
    2010/11/18 19:12:01.0966 RTHDMIAzAudService (8d9794c6ff5b66bc38d5e66a4b0e3b4f) C:\WINDOWS\system32\drivers\RtHDMI.sys
    2010/11/18 19:12:02.0028 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2010/11/18 19:12:02.0044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/18 19:12:02.0075 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    2010/11/18 19:12:02.0091 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/18 19:12:02.0106 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/18 19:12:02.0137 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/18 19:12:02.0184 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/18 19:12:02.0341 SNPSTD3 (b789439b046d19969eb1da3757cc48c7) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
    2010/11/18 19:12:03.0137 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/18 19:12:03.0450 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/11/18 19:12:03.0481 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2010/11/18 19:12:03.0481 sptd - detected Locked file (1)
    2010/11/18 19:12:03.0684 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/18 19:12:03.0950 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/18 19:12:04.0153 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/18 19:12:04.0372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/18 19:12:04.0544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/18 19:12:04.0606 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/18 19:12:04.0637 Tcpip (5ae1c2695f6523ad98b948f2887d8c5e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/18 19:12:04.0669 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/18 19:12:04.0684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/18 19:12:04.0716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/18 19:12:04.0747 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/18 19:12:04.0794 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/18 19:12:04.0841 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/18 19:12:04.0872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/18 19:12:04.0887 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/18 19:12:04.0903 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/18 19:12:04.0950 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/18 19:12:04.0981 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/18 19:12:04.0997 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/18 19:12:05.0028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/18 19:12:05.0044 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
    2010/11/18 19:12:05.0075 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/18 19:12:05.0137 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/18 19:12:05.0169 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/18 19:12:05.0216 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/18 19:12:05.0216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/18 19:12:05.0341 ================================================== ==============================
    2010/11/18 19:12:05.0341 Scan finished
    2010/11/18 19:12:05.0341 ================================================== ==============================
    2010/11/18 19:12:05.0356 Detected object count: 1
    2010/11/18 19:12:14.0294 Locked file(sptd) - User select action: Skip
  10. 19-11-2010  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Laptop running slow on explorer - HJT shows windows search assistant etc | Random Number .exe and usersplan.hp »