Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what Virus/malware this is


  • This topic is locked This topic is locked
10 replies to this topic

#1 bazza.ab

bazza.ab

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 August 2010 - 12:12 PM

Hi people,
sorry I cant give more info on this but all scans come up clean (mbam,superantispyware eset etc),this is the laptop my son uses and webpages are really very very slow loading, I ran DDS no probs but when I try to run GMER I get a flash of bsod and then laptop re-starts,I haven't been on the introduction page of this site as I'm alteady registered but cant remember my log in, (it's on my pc which is broken down at present). Anyway here's the logs.
Thanks in advance
Barry


DDS (Ver_10-03-17.01) - NTFSx86
Run by sworthin at 17:25:58.64 on 23/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.703.256 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\sworthin\Desktop\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\sworthin\Desktop\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.co.uk/Default.asp
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [CARPService] carpserv.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [UIExec] "c:\program files\t-mobile mobile broadband manager\UIExec.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37951.2587847222
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sworthin\applic~1\mozilla\firefox\profiles\vb2kxzul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-2 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-8 233472]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-8-10 241664]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-7-15 18432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-8 36608]
R3 WlanUIG;EDUP 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2010-7-18 376224]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-4-7 26112]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [2003-4-7 57344]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-8-10 9728]

=============== Created Last 30 ================

2010-08-23 11:27:55 0 d-----w- c:\program files\Trend Micro
2010-08-14 09:47:24 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-10 18:28:18 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-08-10 18:28:18 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-10 18:28:18 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-10 18:28:18 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-10 18:26:54 18816 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2010-08-10 18:26:53 8464 ----a-w- c:\windows\system32\sporder.dll
2010-08-10 18:26:53 22528 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2010-08-10 18:26:52 719360 ----a-w- c:\windows\system32\bmutil.dll
2010-08-10 18:26:52 471040 ----a-w- c:\windows\system32\bmnet.dll
2010-08-10 18:26:51 294912 ----a-w- c:\windows\system32\bminstall.dll
2010-08-10 18:26:50 126976 ----a-w- c:\windows\system32\bmdumpd.bin
2010-08-10 18:26:23 0 d-----w- c:\program files\T-Mobile Mobile Broadband Manager
2010-08-10 18:17:26 0 d-----w- c:\docume~1\sworthin\applic~1\Program Files
2010-08-06 18:25:15 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-06 18:25:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-08-06 18:25:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-05 21:32:28 0 d-----w- c:\documents and settings\sworthin\Tracing
2010-08-05 10:30:23 0 d-----w- c:\program files\Windows Media Connect 2
2010-08-05 10:05:02 0 d-----w- c:\program files\Microsoft
2010-08-05 10:04:27 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-05 09:55:53 0 d-----w- c:\program files\common files\Windows Live
2010-08-05 08:48:55 0 d-----w- c:\program files\FileHippo.com
2010-08-02 21:35:30 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-08-02 21:35:27 0 d-----w- c:\windows\system32\ZoneLabs
2010-08-02 21:35:20 420801 ----a-w- c:\windows\system32\vsconfig.xml
2010-08-02 21:35:18 0 d-----w- c:\program files\Zone Labs
2010-08-02 21:27:20 0 d-----w- c:\windows\Internet Logs
2010-08-02 20:21:55 38848 ----a-w- c:\windows\avastSS.scr
2010-08-02 20:21:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-02 12:49:00 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-02 09:15:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-01 23:34:57 0 d-----w- c:\program files\SpywareGuard
2010-08-01 22:07:16 0 d-----w- c:\docume~1\sworthin\applic~1\Foxit Software
2010-08-01 22:07:13 0 d-----w- c:\docume~1\sworthin\applic~1\Foxit
2010-08-01 22:06:09 0 d-----w- c:\program files\Foxit Software
2010-08-01 16:32:24 0 d-----w- c:\program files\ESET
2010-07-30 18:17:27 0 d-----w- c:\docume~1\sworthin\applic~1\IObit
2010-07-24 17:56:20 0 d-----w- c:\docume~1\sworthin\applic~1\SUPERAntiSpyware.com
2010-07-24 17:56:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-24 17:52:20 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 17:27:33.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 29 August 2010 - 04:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 bazza.ab

bazza.ab
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 August 2010 - 06:46 AM

Hi m0LE
thanks for the reply, yes i am still viewing
barry

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 30 August 2010 - 07:17 AM

There's not much evidence of malware, other than Gmer failing - and trust me, Gmer fails a lot.

Please run the following tool

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning. It is ok to ignore this.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Posted Image
m0le is a proud member of UNITE

#5 bazza.ab

bazza.ab
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 August 2010 - 08:28 AM

Hi mOLE
ran the prog here's report
thanks

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF79B3000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF080000 C:\WINDOWS\System32\ati3d1ag.dll 872448 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xF7C2F000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF7918000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 634880 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7D96000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF15D7000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xF13AE000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF77CA000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF152D000 C:\WINDOWS\system32\DRIVERS\WlanUIG.sys 376832 bytes ( , Wireless LAN NDIS 5.1 Driver)
0xF16B8000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF09D7000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF7B6C000 C:\WINDOWS\system32\drivers\caliaud.sys 294912 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7BB4000 C:\WINDOWS\system32\drivers\calihal.sys 274432 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xF0536000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF1680000 C:\WINDOWS\System32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF7ED2000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7AF7000 C:\WINDOWS\System32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF0B1E000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7D69000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7AB7000 C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys 180224 bytes (Conexant Systems, Inc., HSFHWALI WDM driver)
0xF02DB000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF141E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF1658000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF1387000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xF15B1000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF0F3D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7B48000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7BF7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7B25000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF150B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF1449000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF7E4C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7E84000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7EA3000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7D4F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7E6C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF0E36000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF7E23000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF78D9000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF11E1000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF0C91000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7AE3000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7C1B000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF1711000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7E3A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7EC1000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF78C8000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8071000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF80D1000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7F71000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF80B1000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8091000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF80E1000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0EFD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8181000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7F81000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7F61000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF80A1000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF80F1000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7F41000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8111000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7F91000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8011000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF80C1000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7F31000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8101000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7FB1000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF7F21000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8141000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8131000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7F51000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF07AF000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xF8081000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7FC1000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF8121000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7FE1000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF0EAD000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7FD1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8251000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF82A9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8219000 C:\WINDOWS\system32\DRIVERS\strmdisp.sys 32768 bytes (Conexant Systems, Inc., Conexant Stream Dispatcher)
0xF8249000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8259000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xF81A1000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF82D9000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF81B1000 atisgkaf.sys 24576 bytes (ATI Technologies Inc., ATI AGP driver)
0xF81B9000 BMLoad.sys 24576 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0xF8239000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8241000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF82B9000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8299000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF82C9000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF8261000 C:\WINDOWS\System32\DRIVERS\DP83815.SYS 20480 bytes (National Semiconductor Corp., National Semiconductor Corp. DP83815/816 10/100 MacPhyter NDIS 5.0 Miniport Driver)
0xF8289000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF82A1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF81A9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8279000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8269000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF8281000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF82B1000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xF8271000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8231000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF82E1000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF0D7A000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF8339000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF83F5000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF83E5000 C:\WINDOWS\System32\Drivers\DKbFltr.SYS 16384 bytes (Dritek System Inc., Dritek Keyboard Filter Driver)
0xF1273000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7D23000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF840D000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF126F000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF058F000 C:\WINDOWS\system32\PCANDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF83E9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF833D000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF1591000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF8331000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8335000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7789000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF0CC2000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF83FD000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7D1F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF83E1000 C:\WINDOWS\System32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF8425000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8453000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8451000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8449000 C:\WINDOWS\System32\DRIVERS\hpci.sys 8192 bytes (Hewlett-Packard, HP Configuration Interface Driver)
0xF8421000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8455000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8495000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8457000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF844D000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8445000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8423000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8664000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF866E000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xF85AC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF856B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF84E9000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 30 August 2010 - 05:34 PM

That looks fine.


Please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.



Next, TDSSKiller
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Edited by m0le, 30 August 2010 - 05:35 PM.

Posted Image
m0le is a proud member of UNITE

#7 bazza.ab

bazza.ab
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 31 August 2010 - 01:37 AM

Hi mOLE
thanks here's the logs

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8421000 \WINDOWS\system32\KDCOM.DLL
0xF8331000 \WINDOWS\system32\BOOTVID.dll
0xF7ED2000 ACPI.sys
0xF8423000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7EC1000 pci.sys
0xF7F21000 isapnp.sys
0xF8335000 compbatt.sys
0xF8339000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8425000 aliide.sys
0xF81A1000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7EA3000 pcmcia.sys
0xF7F31000 MountMgr.sys
0xF7E84000 ftdisk.sys
0xF81A9000 PartMgr.sys
0xF833D000 ACPIEC.sys
0xF84E9000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF7F41000 VolSnap.sys
0xF7E6C000 atapi.sys
0xF7F51000 disk.sys
0xF7F61000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7E4C000 fltmgr.sys
0xF7E3A000 sr.sys
0xF7E23000 KSecDD.sys
0xF7D96000 Ntfs.sys
0xF7D69000 NDIS.sys
0xF7F71000 ohci1394.sys
0xF7F81000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7D4F000 Mup.sys
0xF81B1000 atisgkaf.sys
0xF81B9000 BMLoad.sys
0xF7F91000 agp440.sys
0xF83D9000 \SystemRoot\System32\DRIVERS\tunmp.sys
0xF80B1000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7C2F000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF7C1B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8239000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF7BF7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7BB4000 \SystemRoot\system32\drivers\calihal.sys
0xF7B6C000 \SystemRoot\system32\drivers\caliaud.sys
0xF7B48000 \SystemRoot\system32\drivers\portcls.sys
0xF80C1000 \SystemRoot\system32\drivers\drmk.sys
0xF7B25000 \SystemRoot\system32\drivers\ks.sys
0xF80D1000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF83DD000 \SystemRoot\System32\Drivers\DKbFltr.SYS
0xF8241000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7AF7000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8443000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8249000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8251000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7AE3000 \SystemRoot\System32\DRIVERS\parport.sys
0xF80E1000 \SystemRoot\System32\DRIVERS\serial.sys
0xF83E1000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8447000 \SystemRoot\System32\DRIVERS\hpci.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\HSFHWALI.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7918000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8259000 \SystemRoot\System32\Drivers\Modem.SYS
0xF80F1000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8101000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8111000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8261000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF8269000 \SystemRoot\System32\DRIVERS\DP83815.SYS
0xF83ED000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8508000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8271000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF8279000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8121000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF83F5000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF78D9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8131000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8141000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78C8000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8151000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8281000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8289000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8161000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF844F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF77CA000 \SystemRoot\System32\DRIVERS\update.sys
0xF8401000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8171000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7FC1000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF841D000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8291000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8451000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8553000 \SystemRoot\System32\Drivers\Null.SYS
0xF8453000 \SystemRoot\System32\Drivers\Beep.SYS
0xF82A1000 \SystemRoot\System32\drivers\vga.sys
0xF8455000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8457000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF82A9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF82B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7D2B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF1711000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF16B8000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF82B9000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0xF7FD1000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1680000 \SystemRoot\System32\DRIVERS\tcpip6.sys
0xF1658000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF15D7000 \SystemRoot\System32\vsdatant.sys
0xF15B1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7FE1000 \SystemRoot\system32\drivers\ip6fw.sys
0xF8001000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF152D000 \SystemRoot\system32\DRIVERS\WlanUIG.sys
0xF150B000 \SystemRoot\System32\drivers\afd.sys
0xF8011000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF1449000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF82C9000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF141E000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF13AE000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8041000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8516000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF1387000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF82E9000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF78A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7781000 \SystemRoot\System32\drivers\Dxapi.sys
0xF82F9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8537000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF048000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF83BD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF11E1000 \SystemRoot\System32\DRIVERS\irda.sys
0xF1273000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xF126F000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF0F72000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF0D8D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF843B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0EBA000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF0E9E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF0C46000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8211000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xF8231000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF0D2D000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xF08E9000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0E02000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0492000 \SystemRoot\System32\Drivers\HTTP.sys
0xF0D79000 \??\C:\WINDOWS\system32\PCANDIS5.SYS
0xF0417000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 SYSTEM
904 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1000 C:\WINDOWS\system32\winlogon.exe
1044 C:\WINDOWS\system32\services.exe
1056 C:\WINDOWS\system32\lsass.exe
1216 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1444 C:\WINDOWS\system32\svchost.exe
1556 svchost.exe
1704 svchost.exe
1892 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
692 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1388 C:\WINDOWS\system32\spoolsv.exe
256 svchost.exe
292 C:\WINDOWS\system32\FsUsbExService.Exe
308 C:\WINDOWS\system32\HPConfig.exe
320 C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
500 C:\WINDOWS\system32\tcpsvcs.exe
760 C:\WINDOWS\system32\svchost.exe
796 C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
2400 alg.exe
3472 C:\WINDOWS\explorer.exe
3696 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3720 C:\WINDOWS\system\hpsysdrv.exe
3728 C:\WINDOWS\system32\carpserv.exe
3764 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3784 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3808 C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
3824 C:\WINDOWS\system32\ctfmon.exe
3080 C:\Documents and Settings\sworthin\Desktop\WLANUTL.exe
2280 C:\Program Files\Mozilla Firefox\firefox.exe
1916 C:\Documents and Settings\sworthin\Desktop\bleep\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N020ATCS04-0, Rev: CA2OA71A

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!


2010/08/31 07:31:17.0324 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/31 07:31:17.0324 ================================================================================
2010/08/31 07:31:17.0324 SystemInfo:
2010/08/31 07:31:17.0324
2010/08/31 07:31:17.0324 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/31 07:31:17.0324 Product type: Workstation
2010/08/31 07:31:17.0324 ComputerName: SIMON
2010/08/31 07:31:17.0324 UserName: sworthin
2010/08/31 07:31:17.0324 Windows directory: C:\WINDOWS
2010/08/31 07:31:17.0324 System windows directory: C:\WINDOWS
2010/08/31 07:31:17.0324 Processor architecture: Intel x86
2010/08/31 07:31:17.0324 Number of processors: 1
2010/08/31 07:31:17.0324 Page size: 0x1000
2010/08/31 07:31:17.0324 Boot type: Normal boot
2010/08/31 07:31:17.0324 ================================================================================
2010/08/31 07:31:17.0534 Initialize success
2010/08/31 07:31:33.0707 ================================================================================
2010/08/31 07:31:33.0707 Scan started
2010/08/31 07:31:33.0707 Mode: Manual;
2010/08/31 07:31:33.0707 ================================================================================
2010/08/31 07:31:34.0659 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/31 07:31:35.0099 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/31 07:31:35.0440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/31 07:31:35.0900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/31 07:31:36.0181 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/31 07:31:36.0491 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/31 07:31:37.0032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/31 07:31:37.0332 ALiIRDA (9bb1a06d975d87a7d3f55b9f49216962) C:\WINDOWS\system32\DRIVERS\aliirda.sys
2010/08/31 07:31:37.0653 allegro (bc129f409af5fcf46e978c1c144e31be) C:\WINDOWS\system32\drivers\es198x.sys
2010/08/31 07:31:38.0114 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/31 07:31:38.0875 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/08/31 07:31:39.0115 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/31 07:31:39.0496 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/31 07:31:39.0826 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/31 07:31:40.0167 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/31 07:31:40.0547 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/31 07:31:40.0848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/31 07:31:41.0158 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/31 07:31:41.0609 ati2mtag (83f24e252908e59c4a7ef203bf7f4c02) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/31 07:31:41.0949 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys
2010/08/31 07:31:42.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/31 07:31:42.0590 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/31 07:31:42.0931 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/08/31 07:31:43.0271 BCM43XX (90a444f16db745427ce3f380c36aa53d) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/31 07:31:43.0602 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/31 07:31:43.0962 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/08/31 07:31:44.0282 caboagp (a310edab3a5c49ca045431a21fc5bc22) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2010/08/31 07:31:44.0653 CALIAUD (f77ab3dea1b770a8c386797b29cdb5ad) C:\WINDOWS\system32\drivers\caliaud.sys
2010/08/31 07:31:44.0994 CALIHALA (86ce67eea284f55f8664d00902623ab9) C:\WINDOWS\system32\drivers\calihal.sys
2010/08/31 07:31:45.0314 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/31 07:31:45.0785 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/31 07:31:46.0025 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/31 07:31:46.0345 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/31 07:31:46.0686 CE3 (6d63e366d96494336f375ff155d47ab3) C:\WINDOWS\system32\DRIVERS\ce3n5.sys
2010/08/31 07:31:47.0097 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/31 07:31:47.0537 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/31 07:31:48.0168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/31 07:31:48.0599 DKbFltr (21deb0dbf75ec8bef6544d7d5b779389) C:\WINDOWS\system32\Drivers\DKbFltr.SYS
2010/08/31 07:31:48.0949 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/31 07:31:49.0290 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/31 07:31:49.0760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/31 07:31:50.0091 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/31 07:31:50.0461 DP83815 (6945324c56848bfea246a924cfbeb631) C:\WINDOWS\system32\DRIVERS\DP83815.SYS
2010/08/31 07:31:50.0902 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/31 07:31:51.0222 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/31 07:31:51.0553 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/31 07:31:51.0863 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/31 07:31:52.0194 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/31 07:31:52.0524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/31 07:31:52.0785 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/08/31 07:31:52.0985 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/31 07:31:53.0305 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/31 07:31:53.0636 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/31 07:31:53.0946 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/31 07:31:54.0287 HPCI (708f5d243ce450bc937dedabd39d3600) C:\WINDOWS\system32\DRIVERS\hpci.sys
2010/08/31 07:31:54.0898 HSFHWALI (479d9d93af53338db162a9ab23776a63) C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
2010/08/31 07:31:55.0308 HSF_DP (9b731969ba86d9a3ca55638264603e12) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/31 07:31:55.0739 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/31 07:31:56.0400 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/31 07:31:56.0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/31 07:31:57.0161 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/08/31 07:31:57.0481 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/31 07:31:57.0802 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/31 07:31:58.0092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/31 07:31:58.0403 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/31 07:31:58.0723 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/31 07:31:59.0104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/31 07:31:59.0414 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/31 07:31:59.0785 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/31 07:32:00.0115 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/31 07:32:00.0396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/31 07:32:00.0776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/31 07:32:01.0087 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/31 07:32:01.0698 LEX_NIC_SERVICE (749ac09ecc5e4f9a9108661515da7e03) C:\WINDOWS\system32\DRIVERS\Express.sys
2010/08/31 07:32:02.0138 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\WINDOWS\system32\drivers\massfilter.sys
2010/08/31 07:32:02.0869 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/08/31 07:32:03.0180 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/31 07:32:03.0520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/31 07:32:03.0851 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/31 07:32:04.0171 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/31 07:32:04.0482 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/31 07:32:04.0802 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/31 07:32:05.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/31 07:32:05.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/31 07:32:06.0004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/31 07:32:06.0324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/31 07:32:06.0645 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/31 07:32:06.0965 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/31 07:32:07.0235 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/31 07:32:07.0556 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/31 07:32:07.0886 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/31 07:32:08.0207 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/31 07:32:08.0517 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/31 07:32:08.0848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/31 07:32:09.0148 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/31 07:32:09.0479 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/31 07:32:09.0809 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/31 07:32:10.0210 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/31 07:32:10.0600 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/31 07:32:11.0011 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/31 07:32:11.0381 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/31 07:32:11.0702 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/31 07:32:12.0022 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/31 07:32:12.0313 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/31 07:32:12.0743 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/08/31 07:32:13.0084 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/31 07:32:13.0394 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/31 07:32:13.0725 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/31 07:32:13.0965 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2010/08/31 07:32:14.0436 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/31 07:32:14.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/08/31 07:32:15.0237 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/31 07:32:16.0228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/31 07:32:16.0569 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/31 07:32:16.0909 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/31 07:32:17.0230 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/31 07:32:18.0011 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/31 07:32:18.0331 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/31 07:32:18.0662 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/31 07:32:18.0972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/31 07:32:19.0303 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/31 07:32:19.0673 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/31 07:32:20.0004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/31 07:32:20.0344 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/31 07:32:20.0705 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/31 07:32:21.0005 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/31 07:32:21.0085 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/31 07:32:21.0446 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/31 07:32:21.0806 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/31 07:32:22.0127 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/31 07:32:22.0497 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/31 07:32:22.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/31 07:32:23.0319 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/31 07:32:23.0709 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/31 07:32:24.0010 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/08/31 07:32:24.0290 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/08/31 07:32:24.0600 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/08/31 07:32:24.0951 StreamDispatcher (d69904a55aaace06b244e33824da89b7) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/08/31 07:32:25.0271 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/31 07:32:25.0372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/31 07:32:26.0012 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/31 07:32:26.0353 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/31 07:32:26.0764 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/31 07:32:27.0114 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/08/31 07:32:27.0425 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/08/31 07:32:27.0735 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/31 07:32:28.0025 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/31 07:32:28.0336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/31 07:32:28.0997 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/08/31 07:32:29.0317 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/31 07:32:29.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/31 07:32:30.0319 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/31 07:32:30.0659 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/31 07:32:31.0030 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/31 07:32:31.0350 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/31 07:32:31.0651 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/31 07:32:31.0961 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/31 07:32:32.0261 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/31 07:32:32.0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/31 07:32:32.0872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/31 07:32:33.0143 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/31 07:32:33.0463 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/08/31 07:32:33.0884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/31 07:32:34.0204 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/08/31 07:32:34.0725 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/31 07:32:35.0116 winachsf (3a2c273922037971f9e7a0ab549b8b0e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/31 07:32:35.0757 WlanUIG (4d2abe152423810891b80b30067171a8) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
2010/08/31 07:32:36.0197 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/31 07:32:36.0658 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/31 07:32:37.0008 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
2010/08/31 07:32:37.0319 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
2010/08/31 07:32:37.0629 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
2010/08/31 07:32:37.0779 ================================================================================
2010/08/31 07:32:37.0779 Scan finished
2010/08/31 07:32:37.0779 ================================================================================


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 31 August 2010 - 05:56 PM

They are clean too.

The PC looks like its okay, Barry. I think the slowness on the PC may be another issue with it but from what I've seen the only symptom is slowness and there are quite a few non-malware reasons for this.

I recommend that you read this tutorial on the site which explains what you can do to speed up your PC.

I would also post in another forum, linking to this topic. I will keep the topic open for five days in case you are referred back. You can PM me at any time smile.gif
Posted Image
m0le is a proud member of UNITE

#9 bazza.ab

bazza.ab
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 31 August 2010 - 06:07 PM

Hi mOLE
thanks for your help, sorry I seem to have wasted your time, I'll read the link tomorrow and see if it helps, thought I had something when gmer kept shutting laptop down, still, thanks again
Barry thumbup2.gif

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 31 August 2010 - 06:19 PM

No problem. Come back to me if you need to smile.gif
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:49 AM

Posted 05 September 2010 - 07:17 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users