PDA

View Full Version : IE connections are being hijacked



fyrebyte
2011-01-24, 22:54
My IE connections are being hijacked & forwarded to random sites. I have MalwareBytes AM, CounterSpy & SPybot S&D all installed & mulitple scans, but no hits.

HijackThis shows no BHO or other strange startup items & Symantec AV shows no problems.

Please advise.

Thanks.

DDS (Ver_10-12-12.02) - NTFSx86
Run by tracie at 14:23:47.35 on Mon 01/24/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.141 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBPIMSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBAMTray.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\temp\ProcessExplorer\procexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\counterspy\consumer\SBAMTray.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://24.248.119.194/CACHE/stc/1/binaries/stcweb.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295748519296
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://wr1.magnaent.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-1-21 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-12 363344]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\consumer\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-1-21 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\counterspy\consumer\SBPIMSvc.exe [2010-8-20 181584]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-12 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110124.003\naveng.sys [2011-1-24 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110124.003\navex15.sys [2011-1-24 1360760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-22 136176]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [2007-7-25 22136]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
S3 PortReporter;Port Reporter;c:\program files\portreporter\PortReporter.exe [2011-1-24 90183]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-24 19:17:25 1032192 ----a-w- c:\windows\explorer.exe
2011-01-24 17:49:26 -------- d-----w- C:\ComboFix
2011-01-24 16:49:01 -------- d-----w- c:\program files\PortReporter
2011-01-24 16:47:32 152856 ----a-w- c:\temp\PortRptr.exe
2011-01-24 13:21:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-24 13:21:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-24 09:02:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-01-24 07:37:43 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-24 07:37:38 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-24 07:37:30 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-24 07:37:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-24 07:37:20 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-24 07:37:11 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-24 07:36:59 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-24 07:36:57 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-24 07:36:49 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-01-24 07:36:47 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-24 07:36:45 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-01-24 07:36:04 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-01-24 07:34:57 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-01-24 07:34:51 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2011-01-24 07:34:46 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2011-01-24 07:34:41 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2011-01-24 07:34:40 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2011-01-24 07:34:35 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2011-01-24 07:34:30 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-01-24 07:34:23 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-01-24 07:34:18 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-01-24 07:34:13 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-01-24 07:34:06 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-24 07:32:57 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-01-24 07:32:52 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-01-24 07:32:48 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-01-24 07:32:43 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-01-24 07:32:38 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-01-24 07:32:34 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-01-24 07:32:29 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-01-24 07:32:25 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-01-24 07:32:20 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-01-24 07:32:14 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-01-24 07:32:13 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-01-24 07:32:05 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-01-24 07:32:01 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-01-24 07:30:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-01-24 07:30:52 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-01-24 07:30:48 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-01-24 07:30:46 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2011-01-24 07:30:41 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-01-24 07:30:37 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-01-24 07:30:36 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2011-01-24 07:30:35 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2011-01-24 07:30:29 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-01-24 07:30:23 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-01-24 07:30:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-01-24 07:30:14 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-01-24 07:30:04 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-01-24 07:28:53 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-01-24 07:27:57 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2011-01-24 07:26:56 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-01-24 07:26:52 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-01-24 07:26:47 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-01-24 07:26:42 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-01-24 07:26:40 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2011-01-24 07:26:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-01-24 07:26:31 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-01-24 07:26:27 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-01-24 07:26:23 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-01-24 07:26:19 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-01-24 07:26:15 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-01-24 07:26:14 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-01-24 07:24:58 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-01-24 07:23:58 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys
2011-01-24 07:22:59 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2011-01-24 07:22:48 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-01-24 07:22:41 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-01-24 07:22:37 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-01-24 07:22:33 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-01-24 07:22:29 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-01-24 07:22:28 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2011-01-24 07:22:27 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2011-01-24 07:22:18 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2011-01-24 07:22:11 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-01-24 07:22:07 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-01-24 07:22:03 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2011-01-24 07:22:02 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-01-24 07:20:57 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-01-24 07:19:56 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-01-24 07:19:53 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-01-24 07:19:49 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-01-24 07:19:45 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2011-01-24 07:19:41 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2011-01-24 07:19:37 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-01-24 07:19:33 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2011-01-24 07:19:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-01-24 07:19:25 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-01-24 07:19:21 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-01-24 07:19:16 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-01-24 07:19:05 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-24 07:19:01 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-01-24 07:18:48 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-01-24 07:18:47 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-01-24 07:18:41 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-01-24 07:18:37 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-01-24 07:18:36 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-01-24 07:18:29 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-01-24 07:18:25 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-01-24 07:18:20 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-01-24 07:18:18 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-01-24 07:18:12 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-01-24 07:18:07 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-01-24 07:18:03 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-01-24 07:16:43 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-24 07:16:42 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-01-24 07:16:36 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-01-24 07:16:28 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-01-24 07:16:26 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-01-24 07:16:25 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-24 07:16:09 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-01-24 07:16:04 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-01-24 07:16:03 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-01-24 07:15:52 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-01-24 07:15:44 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-01-24 07:15:16 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-01-24 07:15:14 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2011-01-24 07:15:09 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-01-24 07:15:06 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-01-24 07:15:05 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2011-01-24 07:15:04 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2011-01-24 07:15:03 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-01-24 07:15:00 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-01-24 07:13:53 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-01-24 07:13:49 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2011-01-24 07:13:45 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-01-24 07:13:41 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2011-01-24 07:13:38 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-01-24 07:13:34 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-01-24 07:13:30 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-01-24 07:13:18 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-01-24 07:13:17 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-24 07:13:12 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-01-24 07:13:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2011-01-24 07:13:08 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2011-01-24 07:12:58 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll
2011-01-24 07:12:58 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll
2011-01-24 07:12:57 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll
2011-01-24 07:12:50 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-01-24 07:12:47 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-01-24 07:12:24 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-01-24 07:12:20 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-01-24 07:12:17 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-01-24 07:12:14 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-01-24 07:12:12 6144 ----a-w- c:\windows\system32\dllcache\kbd101a.dll
2011-01-24 07:12:10 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2011-01-24 07:11:59 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-01-24 07:11:56 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-01-24 07:11:54 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2011-01-24 07:11:38 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-01-24 07:11:37 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-01-24 07:11:35 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-01-24 07:11:11 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2011-01-24 07:11:06 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-01-24 07:11:03 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-01-24 07:10:46 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-01-24 07:10:32 471102 ----a-w- c:\windows\system32\dllcache\imskdic.dll
2011-01-24 07:10:27 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-01-24 07:10:23 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2011-01-24 07:10:11 57398 ----a-w- c:\windows\system32\dllcache\imjpdadm.exe
2011-01-24 07:10:01 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2011-01-24 07:10:00 44032 ----a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-01-24 07:10:00 102463 ----a-w- c:\windows\system32\dllcache\imepadsm.dll
2011-01-24 07:09:20 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2011-01-24 07:09:16 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-01-24 07:09:12 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-01-24 07:09:09 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2011-01-24 07:09:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-01-24 07:09:03 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-01-24 07:07:59 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-01-24 07:06:57 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-01-24 07:05:58 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-01-24 03:25:05 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-01-24 03:23:56 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2011-01-24 03:23:51 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys
2011-01-24 03:23:46 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
2011-01-24 03:23:41 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys
2011-01-24 03:23:36 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2011-01-24 03:23:31 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-01-24 03:23:25 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2011-01-24 03:23:20 51200 ----a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-01-24 03:23:15 53248 ----a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-01-24 03:23:10 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2011-01-24 03:23:05 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-01-24 03:23:00 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2011-01-24 03:21:59 26141 ----a-w- c:\windows\system32\dllcache\el589nd5.sys
2011-01-24 03:20:55 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-01-24 03:19:56 159828 ----a-w- c:\windows\system32\dllcache\digihlc.dll
2011-01-24 03:18:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2011-01-24 03:17:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2011-01-24 03:16:57 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll
2011-01-24 03:15:58 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2011-01-24 03:15:54 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2011-01-24 03:15:50 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-01-24 03:15:48 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-01-24 03:15:46 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys
2011-01-24 03:15:43 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2011-01-24 03:15:42 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2011-01-24 03:14:24 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-01-24 03:14:20 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys
2011-01-24 03:14:18 10368 ----a-w- c:\windows\system32\dllcache\brusbscn.sys
2011-01-24 03:14:17 11008 ----a-w- c:\windows\system32\dllcache\brusbmdm.sys
2011-01-24 03:14:15 60416 ----a-w- c:\windows\system32\dllcache\brserwdm.sys
2011-01-24 03:14:13 9728 ----a-w- c:\windows\system32\dllcache\brserif.dll
2011-01-24 03:14:11 5120 ----a-w- c:\windows\system32\dllcache\brscnrsm.dll
2011-01-24 03:14:09 39552 ----a-w- c:\windows\system32\dllcache\brparwdm.sys
2011-01-24 03:14:07 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-01-24 03:14:03 41472 ----a-w- c:\windows\system32\dllcache\brmfusb.dll
2011-01-24 03:14:02 32256 ----a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2011-01-24 03:14:00 29696 ----a-w- c:\windows\system32\dllcache\brmflpt.dll
2011-01-24 03:12:59 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-01-24 03:11:45 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-24 03:10:00 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-24 02:27:06 624128 ----a-w- c:\temp\dds.scr
2011-01-23 18:23:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-23 18:23:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-23 01:43:53 388608 ----a-w- c:\temp\HijackThis.exe
2011-01-23 01:36:44 4177272 ----a-w- c:\temp\processexplorer\procexp.exe
2011-01-22 15:45:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-22 15:45:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-22 15:41:27 16409960 ----a-w- c:\temp\spybotsd162.exe
2011-01-22 05:23:59 -------- d-sha-r- C:\cmdcons
2011-01-22 05:11:16 4159861 ----a-r- c:\temp\ComboFix.exe
2011-01-22 04:52:19 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-01-22 04:52:18 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-01-22 04:33:15 -------- d-----w- c:\program files\Audacity
2011-01-22 04:32:56 2228534 ----a-w- c:\temp\audacity-win-1.2.6.exe
2011-01-22 04:27:14 2899273 ----a-w- c:\temp\agsetup183se.exe
2011-01-22 02:11:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-01-22 02:11:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-01-22 02:11:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-22 02:11:22 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-22 02:05:29 -------- d-----w- c:\program files\M-Audio
2011-01-22 02:05:29 -------- d-----w- c:\program files\common files\Digidesign
2011-01-22 02:01:33 10652168 ----a-w- c:\temp\Install M-Audio FastTrack 6_0_6.exe
2011-01-13 03:48:06 98816 ----a-w- c:\windows\sed.exe
2011-01-13 03:48:06 89088 ----a-w- c:\windows\MBR.exe
2011-01-13 03:48:06 256512 ----a-w- c:\windows\PEV.exe
2011-01-13 03:48:06 161792 ----a-w- c:\windows\SWREG.exe
2011-01-13 03:34:11 4151804 ----a-r- C:\ComboFix.exe
2011-01-12 12:14:37 -------- d-----w- c:\docume~1\tracie\applic~1\Malwarebytes
2011-01-12 12:13:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 12:13:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-12 12:13:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 12:13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 02:08:11 -------- d-----w- c:\docume~1\tracie\locals~1\applic~1\Ahead
2011-01-12 02:03:25 -------- d-----w- c:\program files\Nero
2011-01-10 23:10:20 -------- d-----w- c:\docume~1\tracie\locals~1\applic~1\Thinstall
2011-01-10 23:10:20 -------- d-----w- c:\docume~1\tracie\applic~1\Thinstall

==================== Find3M ====================

2010-12-07 22:08:32 644104 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-12-07 22:08:24 533000 ----a-w- c:\windows\system32\M-AudioFastTrackControlPanelApplet.cpl
2010-12-07 22:08:22 32776 ----a-w- c:\windows\system32\mausbasio.dll
2010-12-07 22:07:44 2525673 ----a-w- c:\windows\system32\madiousb.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 14:34:15.43 ===============

I am unable to attach the zipped attach.txt in 1st post...

fyrebyte
2011-01-24, 23:37
Here is the attach.txt

fyrebyte
2011-01-24, 23:42
There are hidden IE windows being run in the background. I can only see them with task manager or process explorer. According to process explorer (from the command line info), one of the "random" sites its hitting is:

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.clickping.org/ac.php?aid=442&sid=direct3

There are others. If I kill the IE process it spawns another to replace it within a few secs.

Additional things done:

1. combofix - no change in behavior (although it warned me about the MBR)
2. Through windows recovery console - fixboot & fixmbr
3. Cleaning from the various utilities mentioned @ the beginning of the 1st post...

fyrebyte
2011-01-24, 23:51
Another piece of info from ProcessExplorer is:

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.searchdead.org/ac.php?aid=442&sid=direct3

fyrebyte
2011-01-28, 19:36
1. I found an entry under the shell/shellex area of HKCR where it listed shell32.dll without any path info. I changed it to indicate the proper %% path info to the .dll.

2. I ran sfc /scannow and although it didn't indicate doing anything

Although I didn't find a rogue shell32.dll the #1 item could've been causing the problem by having one in a dir higher in the PATH.

After these 2 things, I rebooted & randomly checked the laptop before bed last night 2x & didn't see the hidden IE running in the background. I will do some more testing tonight.

fyrebyte
2011-01-29, 14:07
Well, the strange hidden IE windows don't seem to be opening, but the IE connections are being randomwly hijacked still...

Blade81
2011-01-29, 16:32
Hi,

Post fresh dds logs, please.

fyrebyte
2011-01-29, 22:31
DDS (Ver_10-12-12.02) - NTFSx86
Run by tracie at 14:20:48.81 on Sat 01/29/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.152 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBPIMSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBAMTray.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\dds.scr
C:\temp\ProcessExplorer\procexp.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\counterspy\consumer\SBAMTray.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://24.248.119.194/CACHE/stc/1/binaries/stcweb.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295748519296
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://wr1.magnaent.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-1-21 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-1-21 69976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-12 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110128.004\naveng.sys [2011-1-28 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110128.004\navex15.sys [2011-1-28 1360760]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [2007-7-25 22136]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]

=============== Created Last 30 ================

2011-01-29 17:28:05 -------- dc-h--w- c:\windows\ie8
2011-01-24 19:37:43 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2011-01-24 19:17:25 1032192 ----a-w- c:\windows\system32\dllcache\explorer.exe
2011-01-24 19:17:25 1032192 ----a-w- c:\windows\explorer.exe
2011-01-24 17:49:26 -------- d-----w- C:\ComboFix
2011-01-24 16:49:01 -------- d-----w- c:\program files\PortReporter
2011-01-24 16:47:32 152856 ----a-w- c:\temp\PortRptr.exe
2011-01-24 13:21:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-24 13:21:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-24 09:02:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-01-24 07:37:43 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-24 07:37:38 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-24 07:37:30 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-24 07:37:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-24 07:37:20 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-24 07:37:11 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-24 07:36:59 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-24 07:36:57 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-24 07:36:49 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-01-24 07:36:47 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-24 07:36:45 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-01-24 07:36:04 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-01-24 07:34:57 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-01-24 07:34:51 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2011-01-24 07:34:46 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2011-01-24 07:34:41 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2011-01-24 07:34:40 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2011-01-24 07:34:35 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2011-01-24 07:34:30 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-01-24 07:34:23 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-01-24 07:34:18 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-01-24 07:34:13 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-01-24 07:34:06 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-01-24 07:32:57 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-01-24 07:32:52 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-01-24 07:32:48 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-01-24 07:32:43 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-01-24 07:32:38 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-01-24 07:32:34 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-01-24 07:32:29 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-01-24 07:32:25 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-01-24 07:32:20 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-01-24 07:32:14 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-01-24 07:32:13 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-01-24 07:32:05 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-01-24 07:32:01 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-01-24 07:30:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-01-24 07:30:52 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-01-24 07:30:48 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-01-24 07:30:46 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2011-01-24 07:30:41 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-01-24 07:30:37 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-01-24 07:30:36 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2011-01-24 07:30:35 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2011-01-24 07:30:29 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-01-24 07:30:23 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-01-24 07:30:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-01-24 07:30:14 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-01-24 07:30:04 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-01-24 07:28:53 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-01-24 07:27:57 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2011-01-24 07:26:56 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-01-24 07:26:52 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-01-24 07:26:47 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-01-24 07:26:42 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2011-01-24 07:26:40 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2011-01-24 07:26:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-01-24 07:26:31 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-01-24 07:26:27 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-01-24 07:26:23 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-01-24 07:26:19 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-01-24 07:26:15 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-01-24 07:26:14 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-01-24 07:24:58 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-01-24 07:23:58 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys
2011-01-24 07:22:59 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2011-01-24 07:22:48 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-01-24 07:22:41 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-01-24 07:22:37 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-01-24 07:22:33 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-01-24 07:22:29 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-01-24 07:22:28 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2011-01-24 07:22:27 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2011-01-24 07:22:18 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2011-01-24 07:22:11 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-01-24 07:22:07 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-01-24 07:22:03 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2011-01-24 07:22:02 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-01-24 07:20:57 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-01-24 07:19:56 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-01-24 07:19:53 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-01-24 07:19:49 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-01-24 07:19:45 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2011-01-24 07:19:41 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2011-01-24 07:19:37 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-01-24 07:19:33 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2011-01-24 07:19:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-01-24 07:19:25 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2011-01-24 07:19:21 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-01-24 07:19:16 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-01-24 07:19:05 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-24 07:19:01 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-01-24 07:18:48 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-01-24 07:18:47 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-01-24 07:18:41 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-01-24 07:18:37 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-01-24 07:18:36 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-01-24 07:18:29 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-01-24 07:18:25 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-01-24 07:18:20 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-01-24 07:18:18 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-01-24 07:18:12 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-01-24 07:18:07 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-01-24 07:18:03 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-01-24 07:16:43 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-24 07:16:42 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-01-24 07:16:36 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-01-24 07:16:28 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-01-24 07:16:26 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-01-24 07:16:25 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-24 07:16:09 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-01-24 07:16:04 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-01-24 07:16:03 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-01-24 07:15:52 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-01-24 07:15:44 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-01-24 07:15:16 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-01-24 07:15:14 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2011-01-24 07:15:09 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-01-24 07:15:06 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-01-24 07:15:05 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2011-01-24 07:15:04 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2011-01-24 07:15:03 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2011-01-24 07:15:00 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2011-01-24 07:13:53 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-01-24 07:13:49 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2011-01-24 07:13:45 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-01-24 07:13:41 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2011-01-24 07:13:38 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-01-24 07:13:34 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-01-24 07:13:30 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-01-24 07:13:18 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-01-24 07:13:17 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-24 07:13:12 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-01-24 07:13:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2011-01-24 07:13:08 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2011-01-24 07:12:58 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll
2011-01-24 07:12:58 7680 ----a-w- c:\windows\system32\dllcache\kbdnecnt.dll
2011-01-24 07:12:57 7168 ----a-w- c:\windows\system32\dllcache\kbdnec95.dll
2011-01-24 07:12:50 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-01-24 07:12:47 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-01-24 07:12:24 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2011-01-24 07:12:20 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2011-01-24 07:12:17 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-01-24 07:12:14 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-01-24 07:12:12 6144 ----a-w- c:\windows\system32\dllcache\kbd101a.dll
2011-01-24 07:12:10 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2011-01-24 07:11:59 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-01-24 07:11:56 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-01-24 07:11:54 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2011-01-24 07:11:38 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-01-24 07:11:37 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-01-24 07:11:35 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-01-24 07:11:11 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2011-01-24 07:11:06 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-01-24 07:11:03 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-01-24 07:10:46 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-01-24 07:10:32 471102 ----a-w- c:\windows\system32\dllcache\imskdic.dll
2011-01-24 07:10:27 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-01-24 07:10:23 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2011-01-24 07:10:11 57398 ----a-w- c:\windows\system32\dllcache\imjpdadm.exe
2011-01-24 07:10:01 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2011-01-24 07:10:00 44032 ----a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-01-24 07:10:00 102463 ----a-w- c:\windows\system32\dllcache\imepadsm.dll
2011-01-24 07:09:20 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2011-01-24 07:09:16 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-01-24 07:09:12 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-01-24 07:09:09 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2011-01-24 07:09:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-01-24 07:09:03 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-01-24 07:07:59 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-01-24 07:06:57 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-01-24 07:05:58 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
2011-01-24 03:25:05 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-01-24 03:23:56 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2011-01-24 03:23:51 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys
2011-01-24 03:23:46 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys
2011-01-24 03:23:41 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys
2011-01-24 03:23:36 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2011-01-24 03:23:31 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-01-24 03:23:25 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2011-01-24 03:23:20 51200 ----a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-01-24 03:23:15 53248 ----a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-01-24 03:23:10 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys
2011-01-24 03:23:05 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-01-24 03:23:00 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys
2011-01-24 03:21:59 26141 ----a-w- c:\windows\system32\dllcache\el589nd5.sys
2011-01-24 03:20:55 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-01-24 03:19:56 159828 ----a-w- c:\windows\system32\dllcache\digihlc.dll
2011-01-24 03:18:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2011-01-24 03:17:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2011-01-24 03:16:57 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll
2011-01-24 03:15:58 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2011-01-24 03:15:54 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2011-01-24 03:15:50 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-01-24 03:15:48 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-01-24 03:15:46 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys
2011-01-24 03:15:43 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2011-01-24 03:15:42 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2011-01-24 03:14:24 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-01-24 03:14:20 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys
2011-01-24 03:14:18 10368 ----a-w- c:\windows\system32\dllcache\brusbscn.sys
2011-01-24 03:14:17 11008 ----a-w- c:\windows\system32\dllcache\brusbmdm.sys
2011-01-24 03:14:15 60416 ----a-w- c:\windows\system32\dllcache\brserwdm.sys
2011-01-24 03:14:13 9728 ----a-w- c:\windows\system32\dllcache\brserif.dll
2011-01-24 03:14:11 5120 ----a-w- c:\windows\system32\dllcache\brscnrsm.dll
2011-01-24 03:14:09 39552 ----a-w- c:\windows\system32\dllcache\brparwdm.sys
2011-01-24 03:14:07 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-01-24 03:14:03 41472 ----a-w- c:\windows\system32\dllcache\brmfusb.dll
2011-01-24 03:14:02 32256 ----a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2011-01-24 03:14:00 29696 ----a-w- c:\windows\system32\dllcache\brmflpt.dll
2011-01-24 03:12:59 26624 ----a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-01-24 03:11:45 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-24 03:10:00 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-01-24 02:27:06 624128 ----a-w- c:\temp\dds.scr
2011-01-23 18:23:33 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-23 18:23:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-23 01:43:53 388608 ----a-w- c:\temp\HijackThis.exe
2011-01-23 01:36:44 4177272 ----a-w- c:\temp\processexplorer\procexp.exe
2011-01-22 15:45:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-22 15:45:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-22 15:41:27 16409960 ----a-w- c:\temp\spybotsd162.exe
2011-01-22 05:23:59 -------- d-sha-r- C:\cmdcons
2011-01-22 05:11:16 4159861 ----a-r- c:\temp\ComboFix.exe
2011-01-22 04:52:19 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-01-22 04:52:18 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-01-22 04:33:15 -------- d-----w- c:\program files\Audacity
2011-01-22 04:32:56 2228534 ----a-w- c:\temp\audacity-win-1.2.6.exe
2011-01-22 04:27:14 2899273 ----a-w- c:\temp\agsetup183se.exe
2011-01-22 02:11:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-01-22 02:11:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-01-22 02:11:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-22 02:11:22 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-22 02:05:29 -------- d-----w- c:\program files\M-Audio
2011-01-22 02:05:29 -------- d-----w- c:\program files\common files\Digidesign
2011-01-22 02:01:33 10652168 ----a-w- c:\temp\Install M-Audio FastTrack 6_0_6.exe
2011-01-13 03:48:06 98816 ----a-w- c:\windows\sed.exe
2011-01-13 03:48:06 89088 ----a-w- c:\windows\MBR.exe
2011-01-13 03:48:06 256512 ----a-w- c:\windows\PEV.exe
2011-01-13 03:48:06 161792 ----a-w- c:\windows\SWREG.exe
2011-01-13 03:34:11 4151804 ----a-r- C:\ComboFix.exe
2011-01-12 12:14:37 -------- d-----w- c:\docume~1\tracie\applic~1\Malwarebytes
2011-01-12 12:13:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 12:13:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-12 12:13:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 12:13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 02:08:11 -------- d-----w- c:\docume~1\tracie\locals~1\applic~1\Ahead
2011-01-12 02:03:25 -------- d-----w- c:\program files\Nero
2011-01-10 23:10:20 -------- d-----w- c:\docume~1\tracie\locals~1\applic~1\Thinstall
2011-01-10 23:10:20 -------- d-----w- c:\docume~1\tracie\applic~1\Thinstall

==================== Find3M ====================

2010-12-07 22:08:32 644104 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-12-07 22:08:24 533000 ----a-w- c:\windows\system32\M-AudioFastTrackControlPanelApplet.cpl
2010-12-07 22:08:22 32776 ----a-w- c:\windows\system32\mausbasio.dll
2010-12-07 22:07:44 2525673 ----a-w- c:\windows\system32\madiousb.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec

============= FINISH: 14:31:14.73 ===============

fyrebyte
2011-01-29, 22:34
Here is the attach.txt

Blade81
2011-01-30, 00:30
Hi,

Post contents of c:\ComboFix.txt file (don't run again but post contents of current one)

fyrebyte
2011-01-30, 00:37
The txt was too big, so I zipped & attached...

Blade81
2011-01-30, 14:13
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format) + fresh dds log.

fyrebyte
2011-01-30, 17:33
It found something. I cured & rebooted. Here is the log:

2011/01/30 08:00:43.0781 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/30 08:00:43.0781 ================================================================================
2011/01/30 08:00:43.0781 SystemInfo:
2011/01/30 08:00:43.0781
2011/01/30 08:00:43.0781 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/30 08:00:43.0781 Product type: Workstation
2011/01/30 08:00:43.0781 ComputerName: MOBILE1
2011/01/30 08:00:43.0781 UserName: tracie
2011/01/30 08:00:43.0781 Windows directory: C:\WINDOWS
2011/01/30 08:00:43.0781 System windows directory: C:\WINDOWS
2011/01/30 08:00:43.0781 Processor architecture: Intel x86
2011/01/30 08:00:43.0781 Number of processors: 2
2011/01/30 08:00:43.0781 Page size: 0x1000
2011/01/30 08:00:43.0781 Boot type: Normal boot
2011/01/30 08:00:43.0781 ================================================================================
2011/01/30 08:00:45.0125 Initialize success
2011/01/30 08:00:50.0250 ================================================================================
2011/01/30 08:00:50.0250 Scan started
2011/01/30 08:00:50.0250 Mode: Manual;
2011/01/30 08:00:50.0250 ================================================================================
2011/01/30 08:00:53.0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/30 08:00:53.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/30 08:00:53.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/30 08:00:53.0468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/30 08:00:53.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/30 08:00:53.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/30 08:00:53.0750 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/30 08:00:53.0859 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/30 08:00:54.0703 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/30 08:00:55.0281 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/30 08:00:55.0984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/30 08:00:56.0796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/30 08:00:57.0031 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/30 08:00:57.0078 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/30 08:00:57.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/30 08:00:57.0312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/30 08:00:57.0515 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/30 08:00:57.0593 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/30 08:00:57.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/30 08:00:57.0828 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/30 08:00:58.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/30 08:00:58.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/30 08:00:58.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/30 08:00:58.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/30 08:00:59.0046 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/30 08:00:59.0265 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/30 08:00:59.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/30 08:00:59.0437 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2011/01/30 08:00:59.0546 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/01/30 08:00:59.0843 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/01/30 08:01:00.0015 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2011/01/30 08:01:00.0156 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/01/30 08:01:00.0250 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/01/30 08:01:00.0375 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/01/30 08:01:00.0531 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/30 08:01:00.0921 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/30 08:01:00.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/30 08:01:01.0000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/30 08:01:01.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/30 08:01:01.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/30 08:01:01.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/30 08:01:01.0375 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/30 08:01:01.0453 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/30 08:01:01.0500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/30 08:01:01.0531 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/30 08:01:01.0593 CSVirtA (b90b0a61045db0c63487d1995f957680) C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
2011/01/30 08:01:01.0828 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/01/30 08:01:01.0937 CVPNDRVA (04bbfbe3ab9890e711861f2ed3ccf2c6) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/01/30 08:01:02.0015 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/30 08:01:02.0062 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/30 08:01:02.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/30 08:01:02.0343 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/30 08:01:02.0468 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/30 08:01:02.0515 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/01/30 08:01:02.0546 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/30 08:01:02.0609 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/30 08:01:02.0640 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/30 08:01:02.0703 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/01/30 08:01:02.0875 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/30 08:01:02.0906 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/30 08:01:03.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/30 08:01:03.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/30 08:01:03.0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/30 08:01:03.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/30 08:01:03.0437 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/01/30 08:01:03.0531 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/30 08:01:03.0578 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/30 08:01:03.0671 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/30 08:01:03.0734 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/30 08:01:03.0843 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/30 08:01:03.0953 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/30 08:01:04.0093 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/30 08:01:04.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/30 08:01:04.0437 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/30 08:01:04.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/30 08:01:04.0531 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/30 08:01:04.0593 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/30 08:01:04.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/30 08:01:04.0781 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/30 08:01:04.0828 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/30 08:01:04.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/30 08:01:05.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/30 08:01:05.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/30 08:01:05.0250 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/30 08:01:05.0359 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/01/30 08:01:05.0609 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/01/30 08:01:05.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/30 08:01:05.0875 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/30 08:01:05.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/30 08:01:05.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/30 08:01:06.0093 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/30 08:01:06.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/30 08:01:06.0390 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/30 08:01:06.0421 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/30 08:01:06.0468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/30 08:01:06.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/30 08:01:06.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/30 08:01:06.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/30 08:01:06.0781 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/30 08:01:06.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/30 08:01:06.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/30 08:01:06.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/30 08:01:06.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/30 08:01:07.0046 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/30 08:01:07.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/30 08:01:07.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/30 08:01:07.0453 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\WINDOWS\system32\DRIVERS\MAudioFastTrack.sys
2011/01/30 08:01:07.0703 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/01/30 08:01:07.0781 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/30 08:01:07.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/30 08:01:07.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/30 08:01:07.0968 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/01/30 08:01:08.0343 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/30 08:01:08.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/30 08:01:08.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/30 08:01:08.0531 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/30 08:01:08.0593 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/30 08:01:08.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/30 08:01:08.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/30 08:01:09.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/30 08:01:09.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/30 08:01:09.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/30 08:01:09.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/30 08:01:09.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/30 08:01:09.0343 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110128.004\naveng.sys
2011/01/30 08:01:09.0437 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110128.004\navex15.sys
2011/01/30 08:01:09.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/30 08:01:09.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/30 08:01:09.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/30 08:01:09.0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/30 08:01:09.0890 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/30 08:01:09.0921 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/30 08:01:10.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/30 08:01:10.0156 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/30 08:01:10.0171 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/30 08:01:10.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/30 08:01:10.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/30 08:01:10.0562 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/30 08:01:10.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/30 08:01:10.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/30 08:01:10.0953 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/30 08:01:10.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/30 08:01:11.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/30 08:01:11.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/30 08:01:11.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/30 08:01:11.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/30 08:01:11.0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/30 08:01:11.0250 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/01/30 08:01:11.0531 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/30 08:01:11.0562 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/30 08:01:11.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/30 08:01:11.0687 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/30 08:01:11.0718 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/30 08:01:11.0796 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/30 08:01:11.0812 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/30 08:01:11.0859 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/30 08:01:11.0890 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/30 08:01:11.0921 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/30 08:01:11.0953 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/30 08:01:12.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/30 08:01:12.0062 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/30 08:01:12.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/30 08:01:12.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/30 08:01:12.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/30 08:01:12.0406 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/30 08:01:12.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/30 08:01:12.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/30 08:01:12.0812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/30 08:01:12.0906 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/01/30 08:01:12.0937 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/01/30 08:01:12.0968 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/01/30 08:01:13.0015 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/30 08:01:13.0187 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/01/30 08:01:13.0250 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/01/30 08:01:13.0468 sbaphd (8fe075898df6b206d0a5cf0feb581b5e) C:\WINDOWS\system32\drivers\sbaphd.sys
2011/01/30 08:01:13.0593 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\WINDOWS\system32\drivers\sbapifs.sys
2011/01/30 08:01:13.0671 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/01/30 08:01:13.0968 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/30 08:01:14.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/30 08:01:14.0125 Ser2pl (95eeb5a6843238c829aaa9c05168c09c) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/01/30 08:01:14.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/30 08:01:14.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/30 08:01:14.0468 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/01/30 08:01:14.0546 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/01/30 08:01:14.0625 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/30 08:01:14.0703 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/30 08:01:14.0765 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/30 08:01:14.0937 SPBBCDrv (cc22bf5631c4837abcd81d75de8fb1aa) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/30 08:01:15.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/30 08:01:15.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/30 08:01:15.0296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/30 08:01:15.0421 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/30 08:01:15.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/30 08:01:15.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/30 08:01:15.0750 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/30 08:01:15.0781 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/30 08:01:15.0921 SymEvent (5156f63e684e8c864ff40e40d5309f41) C:\Program Files\Symantec\SYMEVENT.SYS
2011/01/30 08:01:16.0140 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/01/30 08:01:16.0187 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/01/30 08:01:16.0281 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/30 08:01:16.0500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/30 08:01:16.0609 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/30 08:01:16.0687 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/30 08:01:16.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/30 08:01:17.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/30 08:01:17.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/30 08:01:17.0140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/30 08:01:17.0265 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/30 08:01:17.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/30 08:01:17.0578 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/30 08:01:17.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/30 08:01:17.0906 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/30 08:01:17.0968 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/30 08:01:18.0031 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/30 08:01:18.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/30 08:01:18.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/30 08:01:18.0359 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/30 08:01:18.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/30 08:01:18.0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/30 08:01:18.0531 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/30 08:01:18.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/30 08:01:18.0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/30 08:01:18.0843 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/30 08:01:18.0859 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7d6322d2567d94acf1e8c4b79ea1c880, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/30 08:01:18.0859 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/30 08:01:18.0953 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
2011/01/30 08:01:19.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/30 08:01:19.0343 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/30 08:01:19.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/30 08:01:19.0671 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/01/30 08:01:19.0937 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/30 08:01:20.0015 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/30 08:01:20.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/30 08:01:20.0250 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/30 08:01:20.0500 ================================================================================
2011/01/30 08:01:20.0500 Scan finished
2011/01/30 08:01:20.0500 ================================================================================
2011/01/30 08:01:20.0531 Detected object count: 1
2011/01/30 08:04:43.0281 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/30 08:04:43.0281 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7d6322d2567d94acf1e8c4b79ea1c880, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/30 08:04:47.0328 Backup copy found, using it..
2011/01/30 08:04:47.0375 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/01/30 08:04:47.0375 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/01/30 08:04:52.0546 Deinitialize success

Blade81
2011-01-31, 07:36
Good. Please post fresh dds log too.

Blade81
2011-02-06, 19:45
Are you still there?

Blade81
2011-02-14, 13:26
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.