TechSpot

Can't access "My Documents" and programs not showing on start up menu

Solved
By jaynes123
Sep 19, 2011
  1. it appears i have some type of virus. i apologize because ive my own memory retention problems so will describe best i can remember.

    3 months ago my computer crashed, not sure what happened but afterwards turning it on i only got a black screen. someone did a system restore and i got it back fine other than recreating documents.

    1 month ago again my computer crashed with again black screen. prior person no longer available. my boyfriend, not as knowledgeable but more than i, used 2nd computer and error verbage (dont remember it) to get past black screen and get internet.

    resulting was start up menu with no programs and "my documents" documents gone. yet i can open word and excel attachments in emails. if save to my documents they still dont appear. YET my prior docs show in them as recent docs and i have since opened and saved them to desktop plus emailed myself copies. saving them to "my documents" seems to take yet they dont appear.

    looking to see my programs and docs of "my documents". thankful for any direction. will post reports below
     
  2. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    Maleware Report

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7750

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/19/2011 7:25:45 PM
    mbam-log-2011-09-19 (19-25-45).txt

    Scan type: Quick scan
    Objects scanned: 184108
    Time elapsed: 6 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    GMER Report

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-19 19:50:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS542512K9SA00 rev.BB2OC39P
    Running: jayne.exe; Driver: C:\DOCUME~1\Richard\LOCALS~1\Temp\kwtyapow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73EED70]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73EED84]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73EEDB0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73EEE06]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73EED5C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73EED34]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73EED48]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73EED9A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73EEDDC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73EEDC6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73EEE30]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73EEE1C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73EEDF0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:108] 8714B0C3
    Thread System [4:116] 8714BB19
    Thread System [4:120] 8714C9FD

    ---- EOF - GMER 1.0.15 ----
     
  4. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    DDS Report 1

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Richard at 20:00:48 on 2011-09-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\OEM02Mon.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Verizon\VSP\ServicepointService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\Richard\Desktop\jayne.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071220
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110910182150.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    TB: {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_S24B.tmp" /EF "HKCU"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\richard\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-10 459728]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-21 89368]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-9-10 165000]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-9-10 159832]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-10 148520]
    R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-11-21 689392]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-21 57432]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-21 179248]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-21 59288]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-21 337912]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-21 83688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-16 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-16 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-21 83688]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-21 85984]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-10 214904]
    .
    =============== Created Last 30 ================
    .
    2011-09-19 21:32:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-19 19:55:32 -------- d-----w- c:\documents and settings\richard\application data\Sammsoft
    2011-09-19 19:55:06 -------- d-----w- c:\program files\ARO 2011
    2011-09-19 15:13:37 -------- d-----w- c:\documents and settings\richard\windows contacts contact
    2011-09-17 05:25:08 -------- d-----w- c:\documents and settings\richard\local settings\application data\Temp
    2011-09-17 00:43:48 -------- d-----w- c:\documents and settings\richard\local settings\application data\Solid State Networks
    2011-09-10 22:21:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-09-10 22:21:37 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-09-10 21:57:34 118784 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-09-10 21:57:32 459728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-23 02:27:36 -------- d-----w- c:\documents and settings\richard\application data\Malwarebytes
    2011-08-23 02:27:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-23 02:27:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-23 01:16:33 -------- d--h--w- C:\ComboFix
    2011-08-23 00:56:41 363 ---ha-w- C:\Start_.cmd
    .
    ==================== Find3M ====================
    .
    2011-07-12 15:20:54 83816 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ---ha-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20:54 50536 ---ha-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20:54 178536 ---ha-w- c:\windows\system32\dnssdX.dll
    .
    ============= FINISH: 20:07:26.98 ===============
     
  5. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    DDS Report 2

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/7/2010 4:07:03 PM
    System Uptime: 9/19/2011 11:16:47 AM (9 hours ago)
    .
    Motherboard: Dell Inc. | | 0KY768
    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | Microprocessor | 1462/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 106 GiB total, 82.073 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1395 WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&AB208E&0&00E1
    Manufacturer: Broadcom
    Name: Dell Wireless 1395 WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&AB208E&0&00E1
    Service: BCM43XX
    .
    ==== System Restore Points ===================
    .
    RP185: 6/22/2011 6:26:45 PM - System Checkpoint
    RP186: 6/24/2011 8:20:51 AM - System Checkpoint
    RP187: 6/25/2011 9:26:05 AM - System Checkpoint
    RP188: 6/26/2011 12:00:39 PM - System Checkpoint
    RP189: 6/28/2011 7:33:22 AM - System Checkpoint
    RP190: 6/29/2011 10:47:43 AM - System Checkpoint
    RP191: 6/30/2011 12:05:35 PM - System Checkpoint
    RP192: 7/1/2011 1:03:38 PM - System Checkpoint
    RP193: 7/2/2011 5:59:37 PM - System Checkpoint
    RP194: 7/3/2011 6:47:37 PM - System Checkpoint
    RP195: 7/4/2011 7:34:29 PM - System Checkpoint
    RP196: 7/5/2011 9:54:25 PM - System Checkpoint
    RP197: 7/6/2011 10:14:17 PM - System Checkpoint
    RP198: 7/7/2011 11:14:18 PM - System Checkpoint
    RP199: 7/9/2011 7:21:41 AM - System Checkpoint
    RP200: 7/10/2011 8:11:54 AM - System Checkpoint
    RP201: 7/11/2011 9:48:43 AM - System Checkpoint
    RP202: 7/12/2011 12:46:08 PM - System Checkpoint
    RP203: 7/13/2011 1:25:46 PM - System Checkpoint
    RP204: 7/14/2011 2:57:23 PM - System Checkpoint
    RP205: 7/15/2011 3:32:37 PM - System Checkpoint
    RP206: 7/16/2011 4:47:07 PM - System Checkpoint
    RP207: 7/17/2011 6:54:02 PM - System Checkpoint
    RP208: 7/18/2011 7:52:24 PM - System Checkpoint
    RP209: 7/19/2011 9:22:16 PM - System Checkpoint
    RP210: 7/21/2011 3:08:43 AM - System Checkpoint
    RP211: 7/22/2011 6:08:22 AM - System Checkpoint
    RP212: 7/23/2011 5:10:07 PM - System Checkpoint
    RP213: 7/24/2011 10:06:07 PM - System Checkpoint
    RP214: 7/25/2011 10:46:09 PM - System Checkpoint
    RP215: 7/26/2011 11:17:52 PM - System Checkpoint
    RP216: 7/27/2011 11:25:00 PM - System Checkpoint
    RP217: 7/29/2011 12:09:30 AM - Installed QuickTime
    RP218: 7/30/2011 7:39:49 AM - System Checkpoint
    RP219: 7/31/2011 5:52:59 PM - System Checkpoint
    RP220: 8/1/2011 7:01:22 PM - System Checkpoint
    RP221: 8/2/2011 7:27:42 PM - System Checkpoint
    RP222: 8/3/2011 9:02:53 PM - System Checkpoint
    RP223: 8/5/2011 2:29:41 AM - System Checkpoint
    RP224: 8/6/2011 2:29:53 AM - System Checkpoint
    RP225: 8/7/2011 3:30:03 AM - System Checkpoint
    RP226: 8/8/2011 4:28:54 AM - System Checkpoint
    RP227: 8/9/2011 5:28:54 AM - System Checkpoint
    RP228: 8/10/2011 9:04:06 AM - System Checkpoint
    RP229: 8/11/2011 9:56:06 AM - System Checkpoint
    RP230: 8/12/2011 1:47:08 PM - System Checkpoint
    RP231: 8/13/2011 3:06:02 PM - System Checkpoint
    RP232: 8/14/2011 4:05:36 PM - System Checkpoint
    RP233: 8/15/2011 4:59:37 PM - System Checkpoint
    RP234: 8/16/2011 9:26:17 PM - System Checkpoint
    RP235: 8/17/2011 9:52:01 PM - Installed iTunes
    RP236: 8/18/2011 9:58:44 PM - System Checkpoint
    RP237: 8/19/2011 11:20:35 PM - System Checkpoint
    RP238: 8/21/2011 9:41:27 AM - System Checkpoint
    RP239: 8/22/2011 12:56:01 PM - System Checkpoint
    RP240: 8/22/2011 10:18:54 PM - Restore Operation
    RP241: 8/22/2011 10:19:50 PM - Restore Operation
    RP242: 8/24/2011 3:00:21 AM - System Checkpoint
    RP243: 8/25/2011 3:14:10 AM - System Checkpoint
    RP244: 8/26/2011 10:07:39 AM - System Checkpoint
    RP245: 8/27/2011 9:59:46 PM - System Checkpoint
    RP246: 8/29/2011 9:22:21 AM - System Checkpoint
    RP247: 8/30/2011 9:44:15 AM - System Checkpoint
    RP248: 8/31/2011 11:13:19 PM - System Checkpoint
    RP249: 9/2/2011 3:04:04 AM - System Checkpoint
    RP250: 9/3/2011 10:18:58 AM - System Checkpoint
    RP251: 9/4/2011 2:15:10 PM - System Checkpoint
    RP252: 9/5/2011 5:13:14 PM - System Checkpoint
    RP253: 9/6/2011 6:18:30 PM - System Checkpoint
    RP254: 9/7/2011 6:22:48 PM - System Checkpoint
    RP255: 9/8/2011 8:25:05 PM - System Checkpoint
    RP256: 9/10/2011 1:25:23 AM - System Checkpoint
    RP257: 9/11/2011 3:21:13 AM - System Checkpoint
    RP258: 9/12/2011 3:33:43 AM - System Checkpoint
    RP259: 9/13/2011 8:35:24 AM - System Checkpoint
    RP260: 9/14/2011 9:45:55 AM - System Checkpoint
    RP261: 9/15/2011 7:52:26 PM - System Checkpoint
    RP262: 9/16/2011 10:25:53 PM - System Checkpoint
    RP263: 9/17/2011 10:45:02 PM - System Checkpoint
    RP264: 9/18/2011 11:23:26 PM - System Checkpoint
    RP265: 9/19/2011 3:54:18 PM - ARO 2011 - Before Installation
    RP266: 9/19/2011 3:55:06 PM - ARO 2011 - Before Installation
    RP267: 9/19/2011 3:55:45 PM - ARO 2011 - FIRST RUN
    RP268: 9/19/2011 5:04:39 PM - ARO 2011 Mon, Sep 19, 11 17:04
    .
    ==== Installed Programs ======================
    .
    Adobe Reader 8.3.0
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ARO 2011
    AudibleManager
    Bonjour
    Broadcom Management Programs
    Browser Address Error Redirector
    Conexant HDA D330 MDC V.92 Modem
    Coupon Printer for Windows
    Dell DataSafe Online
    Dell Support Center
    Dell System Restore
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    Digital Line Detect
    Documentation & Support Launcher
    EPSON NX420 Series Printer Uninstall
    Games, Music, & Photos Launcher
    Google Chrome
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    IntelliSonic Speech Enhancement
    Internet Service Offers Launcher
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Laptop Integrated Webcam Driver (1.03.02.0719)
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee Total Protection
    MediaDirect
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Modem Diagnostic Tool
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch for Windows Media Player
    NetWaiting
    NVIDIA Drivers
    OutlookAddinSetup
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    SearchAssist
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Sonic Activation Module
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Servicepoint 3.5.18
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2011 11:13:34 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll. Reference error message: The operation completed successfully. .
    9/19/2011 11:10:28 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    9/19/2011 11:10:23 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: Error Message is unavailable .
    9/19/2011 11:10:23 AM, error: SideBySide [59] - Generate Activation Context failed for c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll. Reference error message: Error Message is unavailable .
    9/16/2011 7:43:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    9/16/2011 7:43:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/16/2011 7:43:42 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    TDSSKiller.exe Report

    thanks for helping me broni!

    2011/09/20 10:39:48.0515 4628 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/20 10:39:50.0515 4628 ================================================================================
    2011/09/20 10:39:50.0515 4628 SystemInfo:
    2011/09/20 10:39:50.0515 4628
    2011/09/20 10:39:50.0515 4628 OS Version: 5.1.2600 ServicePack: 3.0
    2011/09/20 10:39:50.0515 4628 Product type: Workstation
    2011/09/20 10:39:50.0515 4628 ComputerName: DGTJRBF1
    2011/09/20 10:39:50.0515 4628 UserName: Richard
    2011/09/20 10:39:50.0515 4628 Windows directory: C:\WINDOWS
    2011/09/20 10:39:50.0515 4628 System windows directory: C:\WINDOWS
    2011/09/20 10:39:50.0515 4628 Processor architecture: Intel x86
    2011/09/20 10:39:50.0515 4628 Number of processors: 2
    2011/09/20 10:39:50.0515 4628 Page size: 0x1000
    2011/09/20 10:39:50.0515 4628 Boot type: Normal boot
    2011/09/20 10:39:50.0515 4628 ================================================================================
    2011/09/20 10:39:52.0937 4628 Initialize success
    2011/09/20 10:40:00.0046 0956 ================================================================================
    2011/09/20 10:40:00.0046 0956 Scan started
    2011/09/20 10:40:00.0046 0956 Mode: Manual;
    2011/09/20 10:40:00.0046 0956 ================================================================================
    2011/09/20 10:40:00.0859 0956 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/09/20 10:40:01.0171 0956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/20 10:40:01.0218 0956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/09/20 10:40:01.0250 0956 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/09/20 10:40:01.0515 0956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/09/20 10:40:01.0593 0956 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/09/20 10:40:01.0734 0956 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/09/20 10:40:01.0890 0956 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/09/20 10:40:01.0937 0956 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/09/20 10:40:02.0031 0956 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/09/20 10:40:02.0156 0956 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/09/20 10:40:02.0250 0956 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/09/20 10:40:02.0343 0956 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/09/20 10:40:02.0500 0956 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/09/20 10:40:02.0546 0956 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/09/20 10:40:02.0656 0956 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2011/09/20 10:40:03.0046 0956 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/09/20 10:40:03.0500 0956 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/09/20 10:40:03.0859 0956 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/09/20 10:40:04.0296 0956 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/09/20 10:40:04.0875 0956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/09/20 10:40:05.0281 0956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/09/20 10:40:06.0078 0956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/09/20 10:40:06.0750 0956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/09/20 10:40:07.0281 0956 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/09/20 10:40:07.0890 0956 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/09/20 10:40:08.0421 0956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/09/20 10:40:08.0765 0956 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/09/20 10:40:09.0093 0956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/09/20 10:40:09.0656 0956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/09/20 10:40:10.0000 0956 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/09/20 10:40:10.0187 0956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/09/20 10:40:10.0312 0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/09/20 10:40:10.0468 0956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/09/20 10:40:10.0750 0956 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
    2011/09/20 10:40:11.0015 0956 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/09/20 10:40:11.0265 0956 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/09/20 10:40:11.0328 0956 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/09/20 10:40:11.0421 0956 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/09/20 10:40:11.0531 0956 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/09/20 10:40:11.0625 0956 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/09/20 10:40:11.0828 0956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/09/20 10:40:11.0984 0956 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    2011/09/20 10:40:12.0375 0956 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/09/20 10:40:12.0562 0956 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/09/20 10:40:12.0703 0956 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
    2011/09/20 10:40:12.0953 0956 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/09/20 10:40:13.0281 0956 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/09/20 10:40:13.0546 0956 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/09/20 10:40:13.0828 0956 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2011/09/20 10:40:14.0046 0956 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/09/20 10:40:14.0406 0956 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/09/20 10:40:14.0828 0956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/09/20 10:40:15.0203 0956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/09/20 10:40:15.0312 0956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/09/20 10:40:15.0546 0956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/09/20 10:40:15.0718 0956 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/09/20 10:40:15.0796 0956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/09/20 10:40:15.0937 0956 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/09/20 10:40:16.0187 0956 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/09/20 10:40:16.0359 0956 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
    2011/09/20 10:40:16.0625 0956 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/09/20 10:40:16.0984 0956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/09/20 10:40:17.0187 0956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/09/20 10:40:17.0500 0956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/09/20 10:40:17.0671 0956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/09/20 10:40:17.0765 0956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/09/20 10:40:17.0828 0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/09/20 10:40:18.0171 0956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/09/20 10:40:18.0437 0956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/20 10:40:18.0593 0956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/09/20 10:40:18.0656 0956 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/09/20 10:40:18.0859 0956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/09/20 10:40:18.0906 0956 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/09/20 10:40:19.0031 0956 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/09/20 10:40:19.0296 0956 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2011/09/20 10:40:19.0484 0956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/09/20 10:40:19.0578 0956 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/09/20 10:40:19.0609 0956 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/09/20 10:40:19.0656 0956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/20 10:40:19.0796 0956 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
    2011/09/20 10:40:19.0875 0956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/09/20 10:40:20.0000 0956 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/09/20 10:40:20.0437 0956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/09/20 10:40:20.0515 0956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/09/20 10:40:20.0750 0956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/09/20 10:40:20.0890 0956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/09/20 10:40:21.0000 0956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/09/20 10:40:21.0312 0956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/09/20 10:40:21.0515 0956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/09/20 10:40:21.0687 0956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/09/20 10:40:21.0843 0956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/09/20 10:40:21.0890 0956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/09/20 10:40:22.0015 0956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/09/20 10:40:22.0203 0956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/09/20 10:40:22.0281 0956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/09/20 10:40:22.0765 0956 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/09/20 10:40:22.0984 0956 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
    2011/09/20 10:40:23.0203 0956 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011/09/20 10:40:23.0359 0956 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
    2011/09/20 10:40:23.0390 0956 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
    2011/09/20 10:40:23.0593 0956 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
    2011/09/20 10:40:23.0687 0956 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    2011/09/20 10:40:23.0796 0956 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    2011/09/20 10:40:23.0843 0956 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
    2011/09/20 10:40:24.0031 0956 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    2011/09/20 10:40:24.0171 0956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/09/20 10:40:24.0281 0956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/09/20 10:40:24.0312 0956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/09/20 10:40:24.0390 0956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/09/20 10:40:24.0640 0956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/09/20 10:40:24.0718 0956 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/09/20 10:40:24.0906 0956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/09/20 10:40:25.0265 0956 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/09/20 10:40:25.0484 0956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/09/20 10:40:25.0562 0956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/09/20 10:40:25.0734 0956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/09/20 10:40:26.0000 0956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/09/20 10:40:26.0125 0956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/09/20 10:40:26.0546 0956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/09/20 10:40:26.0609 0956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/09/20 10:40:26.0656 0956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/09/20 10:40:26.0875 0956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/09/20 10:40:27.0093 0956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/09/20 10:40:27.0453 0956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/09/20 10:40:27.0531 0956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/09/20 10:40:27.0671 0956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/09/20 10:40:27.0859 0956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/09/20 10:40:28.0265 0956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/09/20 10:40:28.0406 0956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/09/20 10:40:28.0593 0956 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/09/20 10:40:28.0781 0956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/09/20 10:40:28.0968 0956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/09/20 10:40:29.0093 0956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/09/20 10:40:29.0843 0956 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/09/20 10:40:30.0890 0956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/09/20 10:40:30.0968 0956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/09/20 10:40:31.0343 0956 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
    2011/09/20 10:40:31.0687 0956 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
    2011/09/20 10:40:31.0968 0956 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/09/20 10:40:32.0125 0956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/09/20 10:40:32.0171 0956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/09/20 10:40:32.0218 0956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/09/20 10:40:32.0281 0956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/09/20 10:40:32.0640 0956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/09/20 10:40:32.0734 0956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/09/20 10:40:33.0593 0956 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/09/20 10:40:33.0953 0956 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/09/20 10:40:34.0078 0956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/09/20 10:40:34.0484 0956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/09/20 10:40:34.0546 0956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/09/20 10:40:34.0656 0956 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/09/20 10:40:34.0812 0956 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/09/20 10:40:34.0953 0956 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/09/20 10:40:35.0000 0956 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/09/20 10:40:35.0046 0956 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/09/20 10:40:35.0093 0956 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/09/20 10:40:35.0140 0956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/09/20 10:40:35.0218 0956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/09/20 10:40:35.0250 0956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/09/20 10:40:35.0296 0956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/09/20 10:40:35.0453 0956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/09/20 10:40:35.0671 0956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/09/20 10:40:35.0796 0956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/09/20 10:40:36.0031 0956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/09/20 10:40:36.0234 0956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/09/20 10:40:36.0375 0956 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    2011/09/20 10:40:36.0640 0956 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    2011/09/20 10:40:37.0046 0956 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    2011/09/20 10:40:37.0421 0956 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/09/20 10:40:37.0531 0956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/09/20 10:40:37.0718 0956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/09/20 10:40:38.0109 0956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/09/20 10:40:38.0625 0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/09/20 10:40:38.0828 0956 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/09/20 10:40:38.0968 0956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/09/20 10:40:39.0093 0956 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/09/20 10:40:39.0328 0956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/09/20 10:40:39.0562 0956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/09/20 10:40:39.0687 0956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/09/20 10:40:39.0968 0956 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
    2011/09/20 10:40:40.0484 0956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/09/20 10:40:40.0578 0956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/09/20 10:40:40.0875 0956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/09/20 10:40:41.0203 0956 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/09/20 10:40:41.0562 0956 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/09/20 10:40:41.0921 0956 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/09/20 10:40:41.0968 0956 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/09/20 10:40:42.0406 0956 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/09/20 10:40:42.0750 0956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/09/20 10:40:42.0875 0956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/09/20 10:40:43.0109 0956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/09/20 10:40:43.0250 0956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/09/20 10:40:43.0343 0956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/09/20 10:40:43.0703 0956 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/09/20 10:40:43.0812 0956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/09/20 10:40:43.0984 0956 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/09/20 10:40:44.0406 0956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/09/20 10:40:44.0703 0956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/09/20 10:40:44.0859 0956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/09/20 10:40:44.0890 0956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/09/20 10:40:44.0937 0956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/09/20 10:40:44.0984 0956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/09/20 10:40:45.0093 0956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/09/20 10:40:45.0187 0956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/09/20 10:40:45.0250 0956 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/09/20 10:40:45.0281 0956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/09/20 10:40:45.0390 0956 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/09/20 10:40:45.0484 0956 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/09/20 10:40:45.0625 0956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/09/20 10:40:45.0765 0956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/09/20 10:40:45.0968 0956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/09/20 10:40:46.0093 0956 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/09/20 10:40:46.0515 0956 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/09/20 10:40:46.0593 0956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/09/20 10:40:46.0765 0956 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
    2011/09/20 10:40:46.0765 0956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    2011/09/20 10:40:46.0781 0956 Boot (0x1200) (42f54328a2e44adf3bf5ba4a5c836bf9) \Device\Harddisk0\DR0\Partition0
    2011/09/20 10:40:46.0796 0956 ================================================================================
    2011/09/20 10:40:46.0796 0956 Scan finished
    2011/09/20 10:40:46.0796 0956 ================================================================================
    2011/09/20 10:40:46.0812 2716 Detected object count: 1
    2011/09/20 10:40:46.0812 2716 Actual detected object count: 1
    2011/09/20 10:42:49.0812 2716 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
    2011/09/20 10:42:49.0812 2716 \Device\Harddisk0\DR0 - ok
    2011/09/20 10:42:49.0812 2716 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
    2011/09/20 10:44:17.0406 3592 Deinitialize success
     
  8. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    Note corrections to my original post

    realized i mispoke in original post after running around and noticing things i either hadnt noticed prior or since forgotten. due to my own lack of understanding, no idea what if any you already know or dont need to so sorry if any wastes your time - just dont want to mislead or omit anything of of significance and unable to distinguish.
    going forward will focus on following direction and answering questions :D

    TRUE - After August crash, start up menu listed no programs, "my documents" folder listed also empty and its remained that way since.
    CORRECTION- there are currently items showing in both my start up menu and "my documents".
    CORRECTION- there are currently items showing in both my start up menu and "my documents".
    "MY DOCUMENTS" has items saved to it after aug crash (later forgot new could be seen and switched to desktop) and a few i meant to save to desktop thinking i had to but in error left the save as "my documents"
    "START UP MENU" just six, all done since aug crash. mcafee, yahoo messenger and maleware bytes were downloaded purposely. adobe i think was an update, aros a mistake thinking it was maleware button and google chrome i believe becaue i tried out google desktop.​
     
  9. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Am I assuming correctly that both of those issues has been solved?

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    should i still follow steps of your prior post?

    unfortunately, netiher has been resolved.

    all my programs disappeared from my start menu and still have not reappeared.
    I do believe there out there because excel and word are two no longer listed yet i was able to open both a word and an excel doc attachment emailed to me.
    since the disappearance, i do have six new and different programs downloaded which are the only programs appearing on the start menu. don't know where / how else to look for the one no longer listed.
    all my documents disappeared from "my documents" from my start menu and still have not reappeared there.

    i do believe they are out there because on the prior doc attachments emailed to me that i opened, under "recent docs" all items listed were my missing ones.
    i was able to open and save them but thats only some of them since all the missing ones didnt fit on the "recent documents" list .
    Ive not known where else i might look for them other than start up menu.
    knowing this, should i still proceed to run the steps of your last post??
     
  11. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
     
     
  12. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    im not sure if im just not waiting long enough with it. does it let you know its finished?
     
  13. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    UnHide may take time. Is its window still open?
     
  14. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    it was - should i take down all my internet connections
     
  15. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    No.
    What do you mean by "it was".
    It's not there anymore?
     
  16. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    its running now, ive not stopped having the internet up before during and after running unhide although i did take stop the unhide process when i wasnt clear if it had completed or not. will being online interfere with report and is there a way to know it is finished?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Its window should close by itself.
     
  18. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    thank you. do i need to take down open internet explorer while its running?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    NO............
     
  20. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    thank you broni. will run now
     
  21. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    it worked - my docs and programs are now visible thankfully!

    i will proceed with the rootkit unhooker and combofix process.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Excellent !
     
  23. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    Microsoft Windows recovery console’

    while running combofix, i got below text in pop up so i cancelled out. will run again after your direction whether to click 'yes' (download recovery console) or no.

    This machine does not have the ‘Microsoft Windows recovery console’. Alternately, an existing installation of the recovery console may be present but requires updating.
    Without it, combofix shall not attempt the fixing of some serious infections.
    Click ‘Yes’ to have ComboFix download/install it.
    NOTE: This requires an active internet connection
    .​
     
  24. jaynes123

    jaynes123 TS Rookie Topic Starter Posts: 30

    UPDATE
    i reactivated mcafee after stopping combofix and posting above,.

    today got and left open mcafee pop up request unanswered to allow or block nircmd. online search indicated may be part of combofix. intended to ask you before choosing and also let you know i may have blocked something earlier (hadnt considered the connection then) when a different and persistant pop up began.

    second pop up simply said windows updates were almost complete, would take affect after restart and computer would automatically restart in 15 min. clicked "restart later" (other only option "restart now"), it returned every 10 mins after "restart later. eventually couldnt remain at computer and since computer restarted and original mcafee request is gone.

    [Bim ]sorry if this has made anything harder for you [/B] - this is a priortiy for me and postponed at forced 10 min intervals a while and long as i could. of course will continue to decline update requests as youve mentioned but regret if this has complicated things for you.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    If you read my instructions carefully (as you should) they clearly say to say yes.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.