Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds didn't work but gmer results are here


  • Please log in to reply
47 replies to this topic

#1 Tempestus

Tempestus

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 29 October 2010 - 06:47 PM

I've been having decreases performance on my laptop over the last month or so. In addition to performace issues, I have had pop-up to different websites showing up more and more often. I have scanned with malwarebytes' anti malware, and removed everything it recommended, I have full scanned with norton 360, and fixed everything it told me, same with stopzilla.
I tried the dds,and apparantly only got halfway through before it hung up. I believe i had followed the directions explicitly. The gmer did work, and I've attached the log.
The OS is windows XP.

Any other info I can provide?

or what steps should I take at this point?

thx for your help,

Temp

Attached Files

  • Attached File  ark.txt   20.26KB   6 downloads


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 29 October 2010 - 07:12 PM

Greetings Tempestus and Welcome to the Forums,

Your gmer log does indicate some problems. Are you certain to have disabled Symantec's script blocking feature? If not, that would explain why it didn't work for you. To disable Norton AntiVirus Script Blocking:
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK...then try running DDS again.

Post back your results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 29 October 2010 - 10:26 PM

Every time i copy and paste the dds.txt file, I get internet explorer connection issues page. I did remove norton 360 in order to run dds. I can attach the "attach" file and th new ark.txt file created after norton was removed. Am I missing something simple?

Attached Files



#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 29 October 2010 - 10:48 PM

Try to upload it like you did with the others.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 29 October 2010 - 11:02 PM

tried zipping it. attaching it normally gave me the same sign, but miniturized in the "attach" window

Attached Files

  • Attached File  DDS.zip   4.36KB   4 downloads


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 29 October 2010 - 11:08 PM

Please disable Tea Timer:
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
  • Restart your computer.

Next, Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 30 October 2010 - 10:14 AM

I tried combofix multiple times, and made sure to follow directions provided. Everytime I got to the discalaimer screen, and pressed yes, nothing happened. I waited more than half an hour, and saw nothing at all. please advise.

#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 30 October 2010 - 10:22 AM

Boot to safe mode and run it there. If it runs for you, then you failed to disabled one or more of your on board protective applications. Post back the results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 30 October 2010 - 10:40 AM

Nothing happened in safe mode either. Should I uninstall it, and re-install it?
btw, I know this is a pain, helping a newbie, but I DO really appreciate it.

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 30 October 2010 - 11:35 AM

Uninstall Norton 360 and try running combofix again. Post back your results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 30 October 2010 - 11:38 AM

I've already removed norton 360 completely. Should I remove stopzilla as well?

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 30 October 2010 - 11:49 AM

Stopzilla should go, so should utorrent. Have you run combofix previously? Ever? Do you know if you have purposely adjusted your registry settings regarding "autorun"?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 30 October 2010 - 02:35 PM

ok, stopzilla gone. Same with utorrent. I've never run combofix before, and have never intentionally adjusted any registry settings at all. I rescanned everything, since I've made changes, and will attach the files again. I still couldn't get combofix to run in regular mode, nor safe mode.

Attached Files



#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:23 PM

Posted 31 October 2010 - 04:09 AM

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





    Posted Image




  • If an infected file is detected, the default action will be Cure, click on Continue.





    Posted Image




  • If a suspicious file is detected, the default action will be Skip, click on Continue.





    Posted Image




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





    Posted Image




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:12:23 PM

Posted 31 October 2010 - 07:35 AM

2010/10/31 07:29:35.0437 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 07:29:35.0437 ================================================================================
2010/10/31 07:29:35.0437 SystemInfo:
2010/10/31 07:29:35.0437
2010/10/31 07:29:35.0437 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/31 07:29:35.0437 Product type: Workstation
2010/10/31 07:29:35.0437 ComputerName: DELL-636C42C08E
2010/10/31 07:29:35.0453 UserName: Dell Customer
2010/10/31 07:29:35.0453 Windows directory: C:\WINDOWS
2010/10/31 07:29:35.0453 System windows directory: C:\WINDOWS
2010/10/31 07:29:35.0453 Processor architecture: Intel x86
2010/10/31 07:29:35.0453 Number of processors: 1
2010/10/31 07:29:35.0453 Page size: 0x1000
2010/10/31 07:29:35.0453 Boot type: Normal boot
2010/10/31 07:29:35.0453 ================================================================================
2010/10/31 07:29:36.0531 Initialize success
2010/10/31 07:29:42.0515 ================================================================================
2010/10/31 07:29:42.0515 Scan started
2010/10/31 07:29:42.0515 Mode: Manual;
2010/10/31 07:29:42.0515 ================================================================================
2010/10/31 07:29:46.0390 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/10/31 07:29:48.0781 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/31 07:29:49.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/31 07:29:49.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/31 07:29:49.0640 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/31 07:29:49.0953 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/31 07:29:50.0359 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/10/31 07:29:50.0546 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/31 07:29:50.0859 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/31 07:29:51.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/31 07:29:51.0375 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/31 07:29:52.0109 atimtai (84a86a5d286afa48d4ee88ba869806dd) C:\WINDOWS\system32\DRIVERS\atimtai.sys
2010/10/31 07:29:52.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/31 07:29:52.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/31 07:29:52.0843 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/31 07:29:53.0046 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/31 07:29:53.0265 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/31 07:29:53.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/31 07:29:53.0750 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/31 07:29:53.0953 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/31 07:29:54.0203 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/31 07:29:54.0500 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/31 07:29:54.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/31 07:29:55.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/31 07:29:55.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/31 07:29:55.0765 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/31 07:29:55.0984 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/10/31 07:29:56.0000 cercsr6 - detected Unsigned file (1)
2010/10/31 07:29:56.0125 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/31 07:29:56.0343 Compbatt (2a8f149576ce593645140b72e65b4128) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/31 07:29:56.0343 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 2a8f149576ce593645140b72e65b4128, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2010/10/31 07:29:56.0359 Compbatt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/31 07:29:56.0578 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
2010/10/31 07:29:56.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/31 07:29:57.0234 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/31 07:29:57.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/31 07:29:57.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/31 07:29:58.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/31 07:29:58.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/31 07:29:58.0875 E100B (18320a557cf377f08769f91cbed346ec) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/31 07:29:59.0125 EL556ND5 (14304cb9ff0a9d2a79a7a54b28a5909a) C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
2010/10/31 07:29:59.0453 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/10/31 07:29:59.0781 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/31 07:30:00.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/31 07:30:00.0250 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/31 07:30:00.0531 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/31 07:30:00.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/31 07:30:00.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/31 07:30:01.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/31 07:30:01.0421 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/31 07:30:01.0671 GTICARD (5ccb2f5cd9f8b6a7dfd57e5346ee5796) C:\WINDOWS\system32\DRIVERS\gticard.sys
2010/10/31 07:30:01.0781 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2010/10/31 07:30:01.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/31 07:30:02.0203 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/10/31 07:30:02.0406 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/10/31 07:30:02.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/31 07:30:02.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/31 07:30:03.0328 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/31 07:30:03.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/31 07:30:03.0984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/31 07:30:04.0203 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/31 07:30:04.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/31 07:30:04.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/31 07:30:04.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/31 07:30:05.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/31 07:30:05.0359 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/31 07:30:05.0625 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/31 07:30:05.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/31 07:30:06.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/31 07:30:06.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/31 07:30:06.0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/31 07:30:06.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/31 07:30:07.0078 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/31 07:30:07.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/31 07:30:07.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/31 07:30:07.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/31 07:30:07.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/31 07:30:08.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/31 07:30:08.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/31 07:30:08.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/31 07:30:09.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/31 07:30:09.0296 Msikbd2k (9b99b04c28ccd19741dbbed64480195c) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2010/10/31 07:30:09.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/31 07:30:09.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/31 07:30:09.0843 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/31 07:30:10.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/31 07:30:10.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/31 07:30:10.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/31 07:30:11.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/31 07:30:11.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/31 07:30:11.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/31 07:30:11.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/31 07:30:12.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/31 07:30:12.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/31 07:30:12.0546 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/31 07:30:12.0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/31 07:30:13.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/31 07:30:13.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/31 07:30:13.0593 NWADI (091a1284aa583288b64dcd370d1b421e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2010/10/31 07:30:13.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/31 07:30:14.0046 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/31 07:30:14.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/31 07:30:14.0546 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/31 07:30:14.0593 omci - detected Unsigned file (1)
2010/10/31 07:30:14.0781 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/10/31 07:30:14.0906 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/31 07:30:15.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/31 07:30:15.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/31 07:30:15.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/31 07:30:16.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/31 07:30:16.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/10/31 07:30:16.0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/31 07:30:17.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/31 07:30:17.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/31 07:30:17.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/31 07:30:17.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/31 07:30:18.0187 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/31 07:30:18.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/31 07:30:18.0578 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/31 07:30:18.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/31 07:30:19.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/31 07:30:19.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/31 07:30:19.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/31 07:30:19.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/31 07:30:19.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/31 07:30:20.0187 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/31 07:30:20.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/31 07:30:20.0687 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/31 07:30:20.0968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/31 07:30:21.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/31 07:30:21.0437 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/10/31 07:30:21.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/31 07:30:21.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/31 07:30:22.0171 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/31 07:30:22.0390 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
2010/10/31 07:30:22.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/31 07:30:22.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/31 07:30:23.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/31 07:30:23.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/31 07:30:23.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/31 07:30:24.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/31 07:30:24.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/31 07:30:24.0656 tiumfwl (7ed11f79540ff1bc2ac12d2ae489474a) C:\WINDOWS\system32\drivers\tiumfwl.sys
2010/10/31 07:30:24.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/31 07:30:25.0187 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/31 07:30:25.0515 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/31 07:30:25.0734 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/31 07:30:25.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/31 07:30:26.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/31 07:30:26.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/31 07:30:26.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/31 07:30:26.0937 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2010/10/31 07:30:27.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/31 07:30:27.0640 WDHAALBA (477ed2208e2e501987dd4a1304e92091) C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys
2010/10/31 07:30:27.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/31 07:30:28.0296 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/31 07:30:28.0750 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/31 07:30:29.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/31 07:30:29.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/31 07:30:29.0515 ================================================================================
2010/10/31 07:30:29.0515 Scan finished
2010/10/31 07:30:29.0515 ================================================================================
2010/10/31 07:30:29.0640 Detected object count: 3
2010/10/31 07:30:47.0562 Unsigned file(cercsr6) - User select action: Skip
2010/10/31 07:30:47.0671 Compbatt (2a8f149576ce593645140b72e65b4128) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/31 07:30:47.0671 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 2a8f149576ce593645140b72e65b4128, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2010/10/31 07:30:47.0843 Backup copy found, using it..
2010/10/31 07:30:47.0906 C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be cured after reboot
2010/10/31 07:30:47.0906 Rootkit.Win32.TDSS.tdl3(Compbatt) - User select action: Cure
2010/10/31 07:30:47.0906 Unsigned file(omci) - User select action: Skip
2010/10/31 07:30:53.0093 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users