BleepingComputer.com: TDL4 rootkit variant!!

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

TDL4 rootkit variant!! mbam takes 4 hours to scan

#1 User is offline   Pajajn 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 148
  • Joined: 17-April 10
  • Gender:Male

Posted 27 October 2011 - 03:30 PM

Hello, i need really fast advice and deeplook into my Home computer

Malwarebyte takes 4 hours to make a fullscan
and every program is really slow

No program could find anything but i think its related to my HitmanPro somehow!

It went away for like 30 minutes but then the slowdowns came back!

May it be a variant of the TDL4 Rootkit? I havent restarted my computer yet cause im afraid of loosing everyting.. :(

#2 User is offline   Pajajn 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 148
  • Joined: 17-April 10
  • Gender:Male

Posted 27 October 2011 - 04:34 PM

Finally im so damn happy :dance: Log file on what was removed to clean the system

23:17:46.0984 2140 OS Version: 5.1.2600 ServicePack: 3.0
23:17:46.0984 2140 Product type: Workstation
23:17:46.0984 2140 ComputerName: GAMING-4C42427F
23:17:46.0984 2140 UserName: perkauii
23:17:46.0984 2140 Windows directory: C:\WINDOWS
23:17:46.0984 2140 System windows directory: C:\WINDOWS
23:17:46.0984 2140 Processor architecture: Intel x86
23:17:46.0984 2140 Number of processors: 4
23:17:46.0984 2140 Page size: 0x1000
23:17:46.0984 2140 Boot type: Normal boot
23:17:46.0984 2140 ============================================================
23:17:50.0171 2140 Initialize success
23:18:04.0531 2784 ============================================================
23:18:04.0531 2784 Scan started
23:18:04.0531 2784 Mode: Manual; SigCheck; TDLFS;
23:18:04.0531 2784 ============================================================
23:18:06.0187 2784 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:18:06.0750 2784 Aavmker4 - ok
23:18:07.0125 2784 Abiosdsk - ok
23:18:07.0531 2784 abp480n5 - ok
23:18:08.0078 2784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:18:16.0968 2784 ACPI - ok
23:18:17.0765 2784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:18:17.0890 2784 ACPIEC - ok
23:18:18.0312 2784 adpu160m - ok
23:18:19.0031 2784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:18:19.0250 2784 aec - ok
23:18:19.0937 2784 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:18:20.0046 2784 AegisP ( UnsignedFile.Multi.Generic ) - warning
23:18:20.0046 2784 AegisP - detected UnsignedFile.Multi.Generic (1)
23:18:20.0812 2784 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:18:21.0000 2784 AFD - ok
23:18:21.0546 2784 Aha154x - ok
23:18:22.0078 2784 aic78u2 - ok
23:18:22.0781 2784 aic78xx - ok
23:18:23.0296 2784 AliIde - ok
23:18:25.0328 2784 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:18:28.0109 2784 Ambfilt - ok
23:18:28.0640 2784 amsint - ok
23:18:29.0000 2784 asc - ok
23:18:29.0484 2784 asc3350p - ok
23:18:29.0906 2784 asc3550 - ok
23:18:30.0625 2784 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:18:30.0656 2784 aswFsBlk - ok
23:18:31.0109 2784 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
23:18:31.0203 2784 aswMon2 - ok
23:18:31.0828 2784 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
23:18:32.0562 2784 aswRdr - ok
23:18:33.0265 2784 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
23:18:33.0906 2784 aswSnx - ok
23:18:34.0718 2784 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
23:18:34.0890 2784 aswSP - ok
23:18:35.0312 2784 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
23:18:35.0406 2784 aswTdi - ok
23:18:36.0000 2784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:18:36.0187 2784 AsyncMac - ok
23:18:36.0843 2784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:18:37.0031 2784 atapi - ok
23:18:37.0562 2784 Atdisk - ok
23:18:38.0265 2784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:18:38.0796 2784 Atmarpc - ok
23:18:39.0250 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:18:39.0468 2784 audstub - ok
23:18:39.0937 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:18:40.0187 2784 Beep - ok
23:18:40.0781 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:18:41.0109 2784 cbidf2k - ok
23:18:41.0671 2784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:18:42.0078 2784 CCDECODE - ok
23:18:42.0578 2784 cd20xrnt - ok
23:18:43.0000 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:18:43.0187 2784 Cdaudio - ok
23:18:43.0812 2784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:18:44.0296 2784 Cdfs - ok
23:18:44.0921 2784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:18:45.0203 2784 Cdrom - ok
23:18:45.0968 2784 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:18:46.0125 2784 cmdGuard - ok
23:18:46.0718 2784 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:18:46.0781 2784 cmdHlp - ok
23:18:47.0203 2784 CmdIde - ok
23:18:47.0781 2784 Cpqarray - ok
23:18:48.0171 2784 dac2w2k - ok
23:18:48.0703 2784 dac960nt - ok
23:18:49.0156 2784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:18:49.0984 2784 Disk - ok
23:18:51.0078 2784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:18:52.0234 2784 dmboot - ok
23:18:52.0890 2784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:18:53.0140 2784 dmio - ok
23:18:53.0781 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:18:53.0921 2784 dmload - ok
23:18:54.0468 2784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:18:54.0734 2784 DMusic - ok
23:18:55.0093 2784 dpti2o - ok
23:18:55.0859 2784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:18:56.0093 2784 drmkaud - ok
23:18:56.0796 2784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:18:57.0234 2784 Fastfat - ok
23:18:57.0828 2784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:18:58.0031 2784 Fdc - ok
23:18:58.0640 2784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:18:58.0812 2784 Fips - ok
23:18:59.0281 2784 fkcqkt1t (04f76bc3aff4dd42a0ff860c8e70acc8) C:\WINDOWS\System32\Drivers\fkcqkt1t.sys
23:18:59.0328 2784 fkcqkt1t - ok
23:18:59.0875 2784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:19:00.0046 2784 Flpydisk - ok
23:19:00.0781 2784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:19:01.0265 2784 FltMgr - ok
23:19:01.0890 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:19:02.0015 2784 Fs_Rec - ok
23:19:02.0796 2784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:19:03.0125 2784 Ftdisk - ok
23:19:03.0703 2784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:19:04.0031 2784 Gpc - ok
23:19:04.0125 2784 GTNDIS5 - ok
23:19:04.0609 2784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:19:05.0000 2784 HDAudBus - ok
23:19:05.0453 2784 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:19:05.0781 2784 hidusb - ok
23:19:06.0203 2784 hpn - ok
23:19:06.0796 2784 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:19:07.0296 2784 HTTP - ok
23:19:07.0703 2784 i2omp - ok
23:19:08.0125 2784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:19:08.0281 2784 i8042prt - ok
23:19:08.0734 2784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:19:08.0875 2784 Imapi - ok
23:19:09.0281 2784 ini910u - ok
23:19:09.0781 2784 Inspect (28c95218d0c19db3a86bb4e53d6586e9) C:\WINDOWS\system32\DRIVERS\inspect.sys
23:19:09.0859 2784 Inspect - ok
23:19:13.0906 2784 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:19:22.0328 2784 IntcAzAudAddService - ok
23:19:22.0906 2784 IntelIde - ok
23:19:23.0390 2784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:19:23.0546 2784 Ip6Fw - ok
23:19:24.0000 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:19:24.0203 2784 IpFilterDriver - ok
23:19:24.0671 2784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:19:24.0843 2784 IpInIp - ok
23:19:25.0375 2784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:19:25.0609 2784 IpNat - ok
23:19:26.0140 2784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:19:26.0578 2784 IPSec - ok
23:19:27.0015 2784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:19:27.0125 2784 IRENUM - ok
23:19:27.0781 2784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:19:27.0968 2784 isapnp - ok
23:19:28.0578 2784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:19:28.0750 2784 Kbdclass - ok
23:19:29.0234 2784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:19:29.0593 2784 kmixer - ok
23:19:30.0062 2784 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
23:19:30.0250 2784 KSecDD - ok
23:19:30.0890 2784 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
23:19:32.0265 2784 LVUSBSta - ok
23:19:33.0000 2784 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
23:19:33.0031 2784 MBAMProtector - ok
23:19:33.0750 2784 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
23:19:33.0859 2784 mcdbus ( UnsignedFile.Multi.Generic ) - warning
23:19:33.0859 2784 mcdbus - detected UnsignedFile.Multi.Generic (1)
23:19:34.0375 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:19:34.0515 2784 mnmdd - ok
23:19:35.0000 2784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:19:35.0171 2784 Modem - ok
23:19:36.0390 2784 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
23:19:38.0593 2784 Monfilt - ok
23:19:39.0062 2784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:19:39.0218 2784 Mouclass - ok
23:19:39.0687 2784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:19:39.0843 2784 mouhid - ok
23:19:40.0265 2784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:19:40.0421 2784 MountMgr - ok
23:19:40.0812 2784 mraid35x - ok
23:19:41.0359 2784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:19:41.0593 2784 MRxDAV - ok
23:19:42.0265 2784 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:19:42.0828 2784 MRxSmb - ok
23:19:43.0375 2784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:19:43.0515 2784 Msfs - ok
23:19:44.0000 2784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:19:44.0515 2784 MSKSSRV - ok
23:19:44.0953 2784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:19:45.0062 2784 MSPCLOCK - ok
23:19:45.0671 2784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:19:45.0812 2784 MSPQM - ok
23:19:46.0406 2784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:19:46.0593 2784 mssmbios - ok
23:19:47.0109 2784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:19:47.0250 2784 MSTEE - ok
23:19:47.0906 2784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:19:48.0093 2784 Mup - ok
23:19:48.0828 2784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:19:49.0046 2784 NABTSFEC - ok
23:19:49.0843 2784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:19:50.0437 2784 NDIS - ok
23:19:51.0015 2784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:19:51.0156 2784 NdisIP - ok
23:19:51.0750 2784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:19:51.0875 2784 NdisTapi - ok
23:19:52.0359 2784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:19:52.0578 2784 Ndisuio - ok
23:19:53.0093 2784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:19:53.0328 2784 NdisWan - ok
23:19:54.0062 2784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:19:54.0218 2784 NDProxy - ok
23:19:54.0828 2784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:19:55.0031 2784 NetBIOS - ok
23:19:55.0812 2784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:19:56.0484 2784 NetBT - ok
23:19:56.0937 2784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:19:57.0140 2784 Npfs - ok
23:19:57.0906 2784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:19:58.0718 2784 Ntfs - ok
23:19:59.0187 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:19:59.0328 2784 Null - ok
23:20:05.0406 2784 nv (609a6a990ea99bc943bb64a12cfd2fcf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:20:18.0593 2784 nv ( UnsignedFile.Multi.Generic ) - warning
23:20:18.0593 2784 nv - detected UnsignedFile.Multi.Generic (1)
23:20:19.0343 2784 NVHDA (e10aacc565e0a8b76ac4fb912343d38e) C:\WINDOWS\system32\drivers\nvhda32.sys
23:20:19.0437 2784 NVHDA - ok
23:20:19.0906 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:20:20.0046 2784 NwlnkFlt - ok
23:20:20.0546 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:20:20.0703 2784 NwlnkFwd - ok
23:20:21.0250 2784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:20:21.0453 2784 Parport - ok
23:20:21.0984 2784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:20:22.0421 2784 PartMgr - ok
23:20:22.0875 2784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:20:23.0015 2784 ParVdm - ok
23:20:23.0500 2784 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
23:20:23.0546 2784 pavboot - ok
23:20:24.0000 2784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:20:24.0250 2784 PCI - ok
23:20:24.0687 2784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:20:24.0812 2784 PCIIde - ok
23:20:25.0312 2784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:20:25.0500 2784 Pcmcia - ok
23:20:26.0093 2784 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
23:20:26.0265 2784 PCTCore - ok
23:20:26.0859 2784 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
23:20:27.0250 2784 pctDS - ok
23:20:28.0265 2784 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
23:20:29.0265 2784 pctEFA - ok
23:20:29.0640 2784 perc2 - ok
23:20:30.0015 2784 perc2hib - ok
23:20:30.0531 2784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:20:30.0687 2784 PptpMiniport - ok
23:20:31.0125 2784 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:20:31.0281 2784 Processor - ok
23:20:31.0750 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:20:31.0890 2784 Ptilink - ok
23:20:33.0156 2784 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
23:20:35.0046 2784 QCMerced - ok
23:20:35.0437 2784 ql1080 - ok
23:20:35.0828 2784 Ql10wnt - ok
23:20:36.0203 2784 ql12160 - ok
23:20:36.0562 2784 ql1240 - ok
23:20:36.0953 2784 ql1280 - ok
23:20:37.0406 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:20:37.0562 2784 RasAcd - ok
23:20:38.0062 2784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:20:38.0234 2784 Rasl2tp - ok
23:20:38.0671 2784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:20:38.0828 2784 RasPppoe - ok
23:20:39.0312 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:20:39.0453 2784 Raspti - ok
23:20:40.0078 2784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:20:40.0734 2784 Rdbss - ok
23:20:41.0218 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:20:41.0359 2784 RDPCDD - ok
23:20:41.0921 2784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:20:42.0140 2784 rdpdr - ok
23:20:42.0640 2784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:20:42.0859 2784 RDPWD - ok
23:20:43.0328 2784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:20:43.0500 2784 redbook - ok
23:20:44.0015 2784 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
23:20:44.0109 2784 rspndr ( UnsignedFile.Multi.Generic ) - warning
23:20:44.0109 2784 rspndr - detected UnsignedFile.Multi.Generic (1)
23:20:44.0734 2784 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:20:45.0078 2784 RT73 - ok
23:20:45.0671 2784 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:20:46.0359 2784 RTLE8023xp - ok
23:20:46.0578 2784 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:20:46.0625 2784 SASDIFSV - ok
23:20:46.0750 2784 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:20:46.0812 2784 SASKUTIL - ok
23:20:47.0015 2784 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) C:\Program Files\Sandboxie\SbieDrv.sys
23:20:47.0140 2784 SbieDrv - ok
23:20:47.0734 2784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:20:47.0828 2784 Secdrv - ok
23:20:48.0312 2784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:20:48.0437 2784 serenum - ok
23:20:48.0890 2784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:20:49.0078 2784 Serial - ok
23:20:49.0500 2784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:20:49.0656 2784 Sfloppy - ok
23:20:50.0109 2784 Simbad - ok
23:20:50.0546 2784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:20:50.0671 2784 SLIP - ok
23:20:51.0062 2784 Sparrow - ok
23:20:51.0562 2784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:20:51.0937 2784 splitter - ok
23:20:52.0390 2784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:20:52.0531 2784 sr - ok
23:20:53.0015 2784 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
23:20:53.0156 2784 sscdbus - ok
23:20:53.0609 2784 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
23:20:53.0765 2784 sscdmdfl - ok
23:20:54.0328 2784 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
23:20:54.0437 2784 sscdmdm - ok
23:20:54.0890 2784 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
23:20:54.0937 2784 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:20:54.0937 2784 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:20:55.0500 2784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:20:55.0640 2784 streamip - ok
23:20:56.0093 2784 StreamSurge (21017e14e92b65f157ae30be7badaf5e) C:\WINDOWS\system32\DRIVERS\ss.sys
23:20:56.0203 2784 StreamSurge - ok
23:20:56.0609 2784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:20:56.0765 2784 swenum - ok
23:20:57.0296 2784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:20:57.0703 2784 swmidi - ok
23:20:58.0109 2784 symc810 - ok
23:20:58.0468 2784 symc8xx - ok
23:20:58.0828 2784 sym_hi - ok
23:20:59.0187 2784 sym_u3 - ok
23:20:59.0609 2784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:20:59.0796 2784 sysaudio - ok
23:21:00.0593 2784 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:21:01.0171 2784 Tcpip - ok
23:21:01.0640 2784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:21:01.0796 2784 TDPIPE - ok
23:21:02.0203 2784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:21:02.0343 2784 TDTCP - ok
23:21:02.0734 2784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:21:03.0156 2784 TermDD - ok
23:21:03.0515 2784 TosIde - ok
23:21:03.0921 2784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:21:04.0250 2784 Udfs - ok
23:21:04.0609 2784 ultra - ok
23:21:04.0796 2784 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
23:21:04.0828 2784 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
23:21:04.0828 2784 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
23:21:05.0468 2784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:21:06.0031 2784 Update - ok
23:21:06.0515 2784 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:21:06.0687 2784 usbaudio - ok
23:21:07.0109 2784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:21:07.0343 2784 usbccgp - ok
23:21:07.0734 2784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:21:07.0937 2784 usbehci - ok
23:21:08.0531 2784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:21:08.0828 2784 usbhub - ok
23:21:09.0265 2784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:21:09.0468 2784 usbohci - ok
23:21:09.0875 2784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:21:10.0062 2784 USBSTOR - ok
23:21:10.0515 2784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:21:10.0687 2784 VgaSave - ok
23:21:11.0078 2784 ViaIde - ok
23:21:11.0500 2784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:21:11.0687 2784 VolSnap - ok
23:21:12.0140 2784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:21:12.0281 2784 Wanarp - ok
23:21:12.0703 2784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:21:12.0875 2784 wdmaud - ok
23:21:13.0375 2784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:21:13.0546 2784 WS2IFSL - ok
23:21:14.0015 2784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:21:14.0421 2784 WSTCODEC - ok
23:21:14.0906 2784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:21:15.0078 2784 WudfPf - ok
23:21:15.0140 2784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:21:18.0296 2784 \Device\Harddisk0\DR0 - ok
23:21:18.0312 2784 Boot (0x1200) (30fe25ea9011d80772f5bd8aecd87711) \Device\Harddisk0\DR0\Partition0
23:21:18.0312 2784 \Device\Harddisk0\DR0\Partition0 - ok
23:21:18.0312 2784 ============================================================
23:21:18.0312 2784 Scan finished
23:21:18.0312 2784 ============================================================
23:21:18.0421 2248 Detected object count: 6
23:21:18.0421 2248 Actual detected object count: 6
23:22:05.0218 2248 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
23:22:05.0218 2248 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:22:05.0656 2248 C:\WINDOWS\system32\DRIVERS\mcdbus.sys - copied to quarantine
23:22:05.0656 2248 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:22:15.0687 2248 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
23:22:15.0703 2248 nv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:22:16.0125 2248 C:\WINDOWS\system32\DRIVERS\rspndr.sys - copied to quarantine
23:22:16.0125 2248 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:22:16.0453 2248 C:\WINDOWS\system32\drivers\StarOpen.sys - copied to quarantine
23:22:16.0453 2248 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:22:16.0578 2248 C:\Program Files\Unlocker\UnlockerDriver5.sys - copied to quarantine
23:22:16.0578 2248 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

#3 User is online   hamluis 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 31,453
  • Joined: 03-September 05
  • Gender:Male
  • Location:Killeen, TX

Posted 28 October 2011 - 02:50 PM

Closed per OP request.

Louis
Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users