Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my email is spamming my contacts


  • This topic is locked This topic is locked
24 replies to this topic

#1 kr9192

kr9192

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 13 March 2011 - 08:45 PM

My email constantly spams all my contacts. I use this address for alot of correspondence,so it has been frustrating. I can't seem to clean it up, my scans are negative. I finally copied then deleted my contacts to stop the spam but I still need to clean my pc of the problem. Any help is truly appreciated.
***
DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 19:26:12.56 on Sun 03/13/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.67 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\JupitCo.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_14\bin\jucheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATKHINEN\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://business.dellnet.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://business.dellnet.com/
uInternet Connection Wizard,ShellNext = hxxp://business.dellnet.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Merriam-Webster Online BHO: {5ada9cac-04f9-4dd2-abfd-74d673be8624} - c:\windows\_MWOLTB.DLL
BHO: BayScribeObj Class: {5e028439-81c7-4b82-bc74-25156306f532} - c:\program files\bayscribe\bayscribe.dll
BHO: Merriam-Webster: {9e1128f1-53fa-11d5-8490-0048548030ca} - c:\windows\downloaded program files\m-wtoolbar.dll
{a057a204-bacc-4d26-9990-79a187e2698e}
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
TB: Merriam-Webster: {9e1128f1-53fa-11d5-8490-0048548030ca} - c:\windows\downloaded program files\m-wtoolbar.dll
TB: Merriam-Webster Online: {b7b76dd6-b6f0-4443-af81-6a3ecf12a57d} - c:\windows\_MWOLTB.DLL
{a057a204-bacc-4d26-9990-79a187e2698e}
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\j2re1.4.2_14\bin\jusched.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{00cd55d6-ee5a-4570-9875-8a306628c032}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-b usb network adapter\WUSB11Cfg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zplanner.lnk - c:\program files\zplanner\zPlanner.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBC} - c:\program files\java\j2re1.4.2_14\bin\npjpi142_14.dll
IE: {BAC53F31-6090-11d5-8497-0048548030CA} - {9E1128F1-53FA-11d5-8490-0048548030CA} - c:\windows\downloaded program files\m-wtoolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: MIW Deployment - hxxps://141.150.187.155/downloads/MIWDeploy.cab
DPF: {09B39453-8F23-4666-A4C7-BE6F8886AD28} - hxxp://www.shorememorialcvipacs.org/Apps/PicomSRI.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://smhnote1/iNotes6W.cab
DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} - hxxp://www.m-w.com/downloads/toolbar/webinstall.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244215896785
DPF: {6972545B-FE42-4081-BED7-997DDC5E7369} - hxxp://www.shorememorialcvipacs.org/Apps/PicomQR.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_14-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38013.5161342593
DPF: {A7B17C34-D894-11D3-AE37-0050DA39FE5C} - hxxps://mweb01/magicweb/bin/WebClientInstall.cab
DPF: {C1BB037A-95F6-4453-902B-77268C323B34} - hxxp://www.shorememorialcvipacs.org/class-bin/PicomClient.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://dynamic-imaging.webex.com/client/T23L/webex/ieatgpc.cab
DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - hxxp://www.webster.com/tools/toolbar/cabs/m-w.cab
TCP: {0FF511D1-0E09-4C36-AC70-2EEDB0FABA9F} = 12.127.16.67,12.127.17.71
TCP: {6BD35284-C7E8-4DE0-A678-1C54D12C7BCD} = 12.127.16.67,12.127.17.71
TCP: {A79D00A2-E63B-4901-8ED4-00B3A96679C4} = 68.87.64.146,68.87.71.226
TCP: {B02C18EB-B9F1-42DB-BF46-793FF8DA9A17} = 68.87.64.146,68.87.71.226
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 172.20.33.145 smhnote1
Hosts: 192.168.201.20 mweb01
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1hciv3ps.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_14\bin\NPJPI142_14.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\linksys\wireless-b usb network adapter\NICServ.exe [2004-1-26 458752]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2009-2-1 2440120]
R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2006-12-7 24424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-18 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100617.051\NAVENG.SYS [2010-6-18 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100617.051\NAVEX15.SYS [2010-6-18 1347504]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\pelps2m.sys [2003-8-26 29265]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 135664]
S2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2009-3-31 241664]
S2 SECURITY;%JUPITER.DeviceDesc%;c:\windows\system32\drivers\Jupiter.sys [2003-4-3 6528]
S3 CB102;Linksys EtherFast Integrated 10/100 CardBus PC Card(PCM200);c:\windows\system32\drivers\cb102.sys [2003-12-31 42752]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 EraserUtilDrv10730;EraserUtilDrv10730;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10730.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10730.sys [?]
S3 Ich;Ich;c:\windows\system32\drivers\ich.sys --> c:\windows\system32\drivers\Ich.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]
S3 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files\ibm_ds4000\client\monitor\SMmonitor.exe [2008-3-20 69632]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [2002-3-28 51072]
S4 PICOMQR;PICOMQR;c:\program files\picom viewer\PicomQR.exe [2010-5-26 159744]
.
=============== File Associations ===============
.
jsffile=c:\program files\picom viewer\PViewXYT.exe %1
.
=============== Created Last 30 ================
.
2011-02-17 03:20:13 -------- d-----w- c:\docume~1\admini~1\applic~1\AVG10
2011-02-17 03:16:19 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-17 03:12:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-17 03:04:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-12 21:23:10 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-02-12 21:23:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-12 21:22:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-12 21:22:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-12 21:22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-12 19:43:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-02-12 16:54:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Symantec
.
==================== Find3M ====================
.
2003-03-31 12:00:00 180224 ----a-w- c:\program files\common files\msadox.dll
.
============= FINISH: 19:27:59.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 18 March 2011 - 08:44 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 20 March 2011 - 06:48 PM

I am here and interested in your support. thank you kr

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 20 March 2011 - 07:13 PM

Did you/can you run Gmer?

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#5 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 20 March 2011 - 07:21 PM

yes I did but I can not find the log file. It tool a long time to run.
I can run again kr

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 20 March 2011 - 07:41 PM

Yes please :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 21 March 2011 - 06:08 AM

gmer log for your review:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-21 06:59:04
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVE-00WZT0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwlyrpow.sys


---- System - GMER 1.0.15 ----

SSDT 8380FC60 ZwAlertResumeThread
SSDT 838C2B30 ZwAlertThread
SSDT 83A67080 ZwAllocateVirtualMemory
SSDT 838CEAB0 ZwConnectPort
SSDT 83A4E0C0 ZwCreateMutant
SSDT 838F3C60 ZwCreateThread
SSDT 83A65080 ZwFreeVirtualMemory
SSDT 838D1AD0 ZwImpersonateAnonymousToken
SSDT 83787A80 ZwImpersonateThread
SSDT 83A4B070 ZwMapViewOfSection
SSDT 837A7A80 ZwOpenEvent
SSDT 83930EF8 ZwOpenProcessToken
SSDT 83A3F0C0 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF7A22840]
SSDT 837A0B08 ZwResumeThread
SSDT 83ACD280 ZwSetContextThread
SSDT 83A340C0 ZwSetInformationProcess
SSDT 83A49008 ZwSetInformationThread
SSDT 83891A80 ZwSuspendProcess
SSDT 83895E00 ZwSuspendThread
SSDT 83661E58 ZwTerminateProcess
SSDT 83915EF8 ZwTerminateThread
SSDT 839F9AE0 ZwUnmapViewOfSection
SSDT 83A66080 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2734 4 Bytes JMP 2006838C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 21 March 2011 - 04:45 PM

That looks okay, please run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 21 March 2011 - 07:53 PM

good evening m0le,
TDSSkiller:log
2011/03/21 20:43:25.0628 3432 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/21 20:43:25.0838 3432 ================================================================================
2011/03/21 20:43:25.0838 3432 SystemInfo:
2011/03/21 20:43:25.0838 3432
2011/03/21 20:43:25.0838 3432 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/21 20:43:25.0838 3432 Product type: Workstation
2011/03/21 20:43:25.0838 3432 ComputerName: RAD34137
2011/03/21 20:43:25.0838 3432 UserName: Administrator
2011/03/21 20:43:25.0838 3432 Windows directory: C:\WINDOWS
2011/03/21 20:43:25.0838 3432 System windows directory: C:\WINDOWS
2011/03/21 20:43:25.0838 3432 Processor architecture: Intel x86
2011/03/21 20:43:25.0838 3432 Number of processors: 1
2011/03/21 20:43:25.0838 3432 Page size: 0x1000
2011/03/21 20:43:25.0838 3432 Boot type: Normal boot
2011/03/21 20:43:25.0838 3432 ================================================================================
2011/03/21 20:43:26.0701 3432 Initialize success
2011/03/21 20:43:53.0303 3024 ================================================================================
2011/03/21 20:43:53.0303 3024 Scan started
2011/03/21 20:43:53.0303 3024 Mode: Manual;
2011/03/21 20:43:53.0303 3024 ================================================================================
2011/03/21 20:43:54.0848 3024 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/03/21 20:43:54.0959 3024 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/03/21 20:43:55.0099 3024 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/21 20:43:55.0189 3024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/21 20:43:55.0370 3024 ADM8511 (d3fd36c3dab82cd4c85a4bd9a6538a6b) C:\WINDOWS\system32\DRIVERS\NET8511.SYS
2011/03/21 20:43:55.0460 3024 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/03/21 20:43:55.0601 3024 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/21 20:43:55.0741 3024 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/21 20:43:55.0861 3024 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/21 20:43:55.0972 3024 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/03/21 20:43:56.0072 3024 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/03/21 20:43:56.0132 3024 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/03/21 20:43:56.0544 3024 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/03/21 20:43:56.0885 3024 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/03/21 20:43:57.0115 3024 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/03/21 20:43:57.0266 3024 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/03/21 20:43:57.0376 3024 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/03/21 20:43:57.0466 3024 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/03/21 20:43:57.0537 3024 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/03/21 20:43:57.0607 3024 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/03/21 20:43:57.0747 3024 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/03/21 20:43:57.0898 3024 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/21 20:43:57.0968 3024 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/21 20:43:58.0359 3024 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/21 20:43:58.0449 3024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/21 20:43:58.0550 3024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/21 20:43:58.0630 3024 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2011/03/21 20:43:58.0760 3024 CB102 (c90fe74cac8f223d059b98fed6213145) C:\WINDOWS\system32\DRIVERS\cb102.sys
2011/03/21 20:43:58.0821 3024 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/03/21 20:43:58.0861 3024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/21 20:43:58.0991 3024 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/03/21 20:43:59.0152 3024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/21 20:43:59.0392 3024 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/21 20:43:59.0453 3024 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/21 20:43:59.0673 3024 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/21 20:43:59.0733 3024 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/03/21 20:43:59.0854 3024 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/03/21 20:43:59.0904 3024 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/21 20:44:00.0024 3024 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/03/21 20:44:00.0115 3024 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/03/21 20:44:00.0385 3024 CVPNDRVA (4a2a552c4d1dec844a165b90ce4ac7aa) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/03/21 20:44:00.0526 3024 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/03/21 20:44:00.0656 3024 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/03/21 20:44:00.0967 3024 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/21 20:44:01.0218 3024 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/21 20:44:01.0298 3024 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/21 20:44:01.0358 3024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/21 20:44:01.0409 3024 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/21 20:44:01.0689 3024 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/21 20:44:02.0342 3024 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/03/21 20:44:02.0452 3024 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/21 20:44:02.0663 3024 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/21 20:44:02.0793 3024 EL90XBC (8b33194d1290595fee065889374ee5f9) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/03/21 20:44:02.0943 3024 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/21 20:44:03.0134 3024 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/21 20:44:03.0224 3024 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/21 20:44:03.0415 3024 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/21 20:44:03.0565 3024 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/21 20:44:03.0706 3024 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/21 20:44:03.0786 3024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/21 20:44:03.0886 3024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/21 20:44:03.0997 3024 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/21 20:44:04.0167 3024 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/21 20:44:04.0247 3024 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/03/21 20:44:04.0328 3024 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2011/03/21 20:44:04.0428 3024 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/21 20:44:04.0518 3024 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/21 20:44:04.0619 3024 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/21 20:44:04.0789 3024 HSFHWICH (c217100a04e6773cfb2d2a8b4c4ab836) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/03/21 20:44:04.0909 3024 HSF_DP (757491ec8c95a3aa4814ea25cdc2b1ba) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/21 20:44:05.0090 3024 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/21 20:44:05.0230 3024 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/21 20:44:05.0622 3024 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/03/21 20:44:05.0722 3024 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/21 20:44:05.0882 3024 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/21 20:44:06.0003 3024 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/03/21 20:44:06.0103 3024 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/21 20:44:06.0324 3024 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/21 20:44:06.0555 3024 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/21 20:44:06.0795 3024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/21 20:44:06.0956 3024 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/21 20:44:07.0086 3024 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/21 20:44:07.0176 3024 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/21 20:44:07.0277 3024 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/21 20:44:07.0708 3024 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/21 20:44:08.0129 3024 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/21 20:44:08.0671 3024 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/21 20:44:09.0173 3024 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/21 20:44:09.0504 3024 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/21 20:44:09.0634 3024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/21 20:44:09.0754 3024 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/21 20:44:09.0875 3024 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/21 20:44:09.0965 3024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/21 20:44:10.0055 3024 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/21 20:44:10.0176 3024 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/03/21 20:44:10.0246 3024 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/21 20:44:10.0407 3024 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/21 20:44:10.0547 3024 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/21 20:44:10.0677 3024 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/21 20:44:10.0758 3024 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/21 20:44:10.0828 3024 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/21 20:44:10.0928 3024 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/21 20:44:11.0038 3024 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/21 20:44:11.0299 3024 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100617.051\NAVENG.SYS
2011/03/21 20:44:11.0460 3024 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100617.051\NAVEX15.SYS
2011/03/21 20:44:11.0650 3024 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/21 20:44:11.0721 3024 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/21 20:44:11.0781 3024 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/21 20:44:11.0861 3024 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/21 20:44:11.0941 3024 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/21 20:44:11.0991 3024 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/21 20:44:12.0052 3024 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/21 20:44:12.0222 3024 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/21 20:44:12.0353 3024 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/21 20:44:12.0533 3024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/21 20:44:12.0714 3024 nv (02c9b8dfe1fdc98e27ef61a4ad9704a0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/21 20:44:12.0934 3024 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/03/21 20:44:13.0095 3024 NWADI (67fb86eeb94059177642050718d57460) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/03/21 20:44:13.0175 3024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/21 20:44:13.0255 3024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/21 20:44:13.0316 3024 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/03/21 20:44:13.0426 3024 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/03/21 20:44:13.0506 3024 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/03/21 20:44:13.0596 3024 omci (8f57dcd17ca9a5dcd93256ea9e7a4863) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/03/21 20:44:13.0697 3024 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/03/21 20:44:13.0747 3024 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/21 20:44:13.0797 3024 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/21 20:44:13.0927 3024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/21 20:44:14.0058 3024 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\System32\PCANDIS5.SYS
2011/03/21 20:44:14.0178 3024 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/03/21 20:44:14.0299 3024 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/21 20:44:14.0419 3024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/03/21 20:44:14.0489 3024 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/21 20:44:14.0770 3024 pelmouse (88b3e4f521047edc4e7599f020a8d1bc) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/03/21 20:44:14.0820 3024 pelps2m (32a7d4fdc8ecfe37444ff2b805ec0b06) C:\WINDOWS\system32\DRIVERS\pelps2m.sys
2011/03/21 20:44:14.0910 3024 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/03/21 20:44:14.0981 3024 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/03/21 20:44:15.0151 3024 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/21 20:44:15.0211 3024 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/21 20:44:15.0282 3024 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/21 20:44:15.0342 3024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/21 20:44:15.0422 3024 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/21 20:44:15.0542 3024 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/03/21 20:44:15.0623 3024 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/03/21 20:44:15.0693 3024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/03/21 20:44:15.0763 3024 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/03/21 20:44:15.0843 3024 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/03/21 20:44:15.0944 3024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/21 20:44:16.0024 3024 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/21 20:44:16.0064 3024 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/21 20:44:16.0134 3024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/21 20:44:16.0255 3024 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/21 20:44:16.0315 3024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/21 20:44:16.0385 3024 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/21 20:44:16.0495 3024 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/21 20:44:16.0616 3024 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/21 20:44:16.0836 3024 RTL8187B (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2011/03/21 20:44:17.0067 3024 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/21 20:44:17.0107 3024 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/21 20:44:17.0288 3024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/21 20:44:17.0458 3024 SECURITY (4e6e1d43dc733dd8393d285c3f883291) C:\WINDOWS\system32\DRIVERS\JUPITER.sys
2011/03/21 20:44:17.0569 3024 Ser2pl (95eeb5a6843238c829aaa9c05168c09c) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/03/21 20:44:17.0669 3024 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/21 20:44:17.0890 3024 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/21 20:44:17.0940 3024 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2011/03/21 20:44:18.0090 3024 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/21 20:44:18.0301 3024 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/03/21 20:44:18.0421 3024 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/03/21 20:44:18.0702 3024 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/21 20:44:18.0813 3024 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/21 20:44:18.0933 3024 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/21 20:44:19.0003 3024 SRTSP (522651a0e7dc6415e083317370b609cc) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/03/21 20:44:19.0083 3024 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/03/21 20:44:19.0204 3024 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/03/21 20:44:19.0334 3024 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/21 20:44:19.0545 3024 STAC97 (422627d5573df7c05fa6715cc992a430) C:\WINDOWS\system32\drivers\STAC97.sys
2011/03/21 20:44:19.0685 3024 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/21 20:44:19.0846 3024 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/21 20:44:19.0966 3024 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/03/21 20:44:20.0016 3024 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/03/21 20:44:20.0107 3024 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/03/21 20:44:20.0227 3024 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/03/21 20:44:20.0337 3024 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/03/21 20:44:20.0387 3024 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/03/21 20:44:20.0468 3024 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/03/21 20:44:20.0608 3024 SynTP (1beaf7203965910ce3dfcb2c5c031f4d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/21 20:44:20.0718 3024 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/21 20:44:20.0849 3024 SysPlant (5383efa1351463f2f036a3e1b5f87d0c) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2011/03/21 20:44:20.0989 3024 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/21 20:44:21.0100 3024 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/21 20:44:21.0230 3024 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/21 20:44:21.0371 3024 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2011/03/21 20:44:21.0521 3024 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/21 20:44:21.0641 3024 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/03/21 20:44:21.0782 3024 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/21 20:44:21.0902 3024 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/03/21 20:44:21.0972 3024 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/21 20:44:22.0083 3024 USB20L (758650fb8322d2256ec37375c380e886) C:\WINDOWS\system32\DRIVERS\USB200M.sys
2011/03/21 20:44:22.0173 3024 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/21 20:44:22.0283 3024 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/21 20:44:22.0384 3024 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/21 20:44:22.0464 3024 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/21 20:44:22.0554 3024 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/21 20:44:22.0624 3024 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/21 20:44:22.0725 3024 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/21 20:44:22.0825 3024 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/03/21 20:44:22.0895 3024 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/03/21 20:44:23.0066 3024 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/21 20:44:23.0176 3024 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/03/21 20:44:23.0337 3024 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/21 20:44:23.0477 3024 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/21 20:44:23.0607 3024 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
2011/03/21 20:44:23.0748 3024 winachsf (3085330815cb14fc740053b610f8a1d3) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/21 20:44:23.0999 3024 WPC11 (2e476c4fa724a17d9b693007c342e9d1) C:\WINDOWS\system32\DRIVERS\LSWLNDS.sys
2011/03/21 20:44:24.0069 3024 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/21 20:44:24.0159 3024 WPS (28d229ba1182591e43aca9d58f539dce) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/03/21 20:44:24.0229 3024 WpsHelper (d253d6ebd33fffa6d229c8df8d76121a) C:\WINDOWS\system32\drivers\WpsHelper.sys
2011/03/21 20:44:24.0360 3024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/21 20:44:24.0440 3024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/21 20:44:24.0861 3024 ================================================================================
2011/03/21 20:44:24.0861 3024 Scan finished
2011/03/21 20:44:24.0871 3024 ================================================================================


MBR check:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7D4D000 \WINDOWS\system32\KDCOM.DLL
0xF7C5D000 \WINDOWS\system32\BOOTVID.dll
0xF77FE000 ACPI.sys
0xF7D4F000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF77ED000 pci.sys
0xF784D000 isapnp.sys
0xF7C61000 compbatt.sys
0xF7C65000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7D51000 intelide.sys
0xF7ACD000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF77CF000 pcmcia.sys
0xF785D000 MountMgr.sys
0xF77B0000 ftdisk.sys
0xF7D53000 dmload.sys
0xF778A000 dmio.sys
0xF7AD5000 PartMgr.sys
0xF7C69000 ACPIEC.sys
0xF7E15000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF786D000 VolSnap.sys
0xF7772000 atapi.sys
0xF787D000 disk.sys
0xF788D000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7752000 fltmgr.sys
0xF7740000 sr.sys
0xF7ADD000 PxHelp20.sys
0xF7729000 KSecDD.sys
0xF7716000 WudfPf.sys
0xF7689000 Ntfs.sys
0xF765C000 NDIS.sys
0xF7641000 Mup.sys
0xF789D000 agp440.sys
0xF7AAD000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6EE5000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF6ED1000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7B75000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6EAE000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF6E9C000 \SystemRoot\System32\DRIVERS\el90xbc5.sys
0xF7ABD000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B7D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7B85000 \SystemRoot\System32\DRIVERS\pelps2m.sys
0xF7B8D000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF6E88000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7B95000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7CF9000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF78BD000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF70A7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6E65000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6E4D000 \SystemRoot\system32\drivers\STAC97.sys
0xF6E29000 \SystemRoot\system32\drivers\portcls.sys
0xF7097000 \SystemRoot\system32\drivers\drmk.sys
0xF6E05000 \SystemRoot\System32\DRIVERS\HSFHWICH.sys
0xF6CFA000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF6C6F000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF7B9D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C53000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7F91000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7087000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D05000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6C3C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7077000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7067000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7BA5000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6C0C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7057000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7BAD000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7BB5000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6B33000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7037000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF6AFD000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF7D6F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6AA4000 \SystemRoot\System32\DRIVERS\update.sys
0xF7BBD000 \SystemRoot\System32\DRIVERS\omci.sys
0xF7D25000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF6A70000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF7027000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78DD000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7D77000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\pelmouse.sys
0xF7BCD000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7D79000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BD5000 \SystemRoot\system32\DRIVERS\NET8511.SYS
0xF59FE000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF7BDD000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF58B6000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100617.051\NAVEX15.SYS
0xF5891000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF587D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100617.051\NAVENG.SYS
0xF79CD000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF7DE7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7EA0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7DE9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C55000 \SystemRoot\System32\drivers\vga.sys
0xF7DEB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7DED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7AFD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B05000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6A54000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF584A000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF57F2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF7A5D000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xF57C4000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF579C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF577A000 \SystemRoot\System32\drivers\afd.sys
0xF7A6D000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5710000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xF56EF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF78ED000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF56A5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7B15000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF567A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF560B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF793D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF55AD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF5590000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF7B2D000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7B35000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF79ED000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF79FD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5578000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7DF5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C00000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B45000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF7F0C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4068000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF3C04000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7DAD000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3D28000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF3D00000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF3B35000 \SystemRoot\System32\DRIVERS\srv.sys
0xF37E0000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xF7C45000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xF36A5000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF35C8000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7017000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3239000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B3D000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF2C3A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
1068 C:\WINDOWS\SYSTEM32\smss.exe
1204 csrss.exe
1228 C:\WINDOWS\SYSTEM32\winlogon.exe
1272 C:\WINDOWS\SYSTEM32\services.exe
1284 C:\WINDOWS\SYSTEM32\lsass.exe
1448 C:\WINDOWS\SYSTEM32\svchost.exe
1508 svchost.exe
1672 C:\WINDOWS\SYSTEM32\svchost.exe
1712 C:\WINDOWS\SYSTEM32\svchost.exe
1764 C:\Program Files\Symantec AntiVirus\Smc.exe
1904 svchost.exe
1984 svchost.exe
400 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
616 C:\WINDOWS\SYSTEM32\spoolsv.exe
1408 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1596 C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
1732 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1812 C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
1856 C:\WINDOWS\SYSTEM32\HPZipm12.exe
1992 C:\WINDOWS\SYSTEM32\svchost.exe
1932 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
576 C:\Program Files\RealVNC\WinVNC\winvnc.exe
388 alg.exe
2748 C:\Program Files\Citrix\ICA Client\ssonsvr.exe
2936 C:\WINDOWS\explorer.exe
3100 C:\Program Files\Symantec AntiVirus\SmcGui.exe
624 C:\WINDOWS\SYSTEM32\ico.exe
1808 C:\WINDOWS\SYSTEM32\PELMICED.EXE
1844 C:\WINDOWS\SYSTEM32\JupitCo.exe
2324 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2328 C:\WINDOWS\SYSTEM32\svchost.exe
2352 C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe
2644 C:\Program Files\Java\j2re1.4.2_14\bin\jucheck.exe
2820 C:\Program Files\WinZip\WZQKPICK.EXE
3068 C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
3376 C:\Program Files\Mozilla Firefox\firefox.exe
2144 C:\Program Files\Mozilla Firefox\plugin-container.exe
2124 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVE-00WZT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

thank you kr

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 21 March 2011 - 07:59 PM

Looks fine. Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 March 2011 - 08:08 PM

running mbam now kr

#12 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 March 2011 - 09:57 PM

mbam log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6137

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/22/2011 10:54:57 PM
mbam-log-2011-03-22 (22-54-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 256454
Time elapsed: 1 hour(s), 21 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{e87a81fb-fdcf-4b92-a20c-951710f82d7c}\RP2118\A0434697.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
c:\program files\usb-flash disk\stopjupc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

thank you kr

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 23 March 2011 - 08:37 PM

So something was there. Please now scan the PC with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#14 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 23 March 2011 - 09:58 PM

ok running scan.. kr

#15 kr9192

kr9192
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 24 March 2011 - 07:02 AM

ESET scan log:
C:\Aim\Install_AIM.exe Win32/Adware.WBug.A application deleted - quarantined
C:\DELL\radmin\psexec.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\Program Files\Picom Viewer\PViewXYT.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Picom Viewer\xytsetup.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Radmin\radmin\psexec.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\radmin\psexec.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\radmin\radmin\psexec.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\radmin\radmin21\radmin\psexec.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2092\A0389222.msi probably a variant of Win32/Genetik trojan deleted - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444907.exe Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444908.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444909.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444910.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444911.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444912.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444913.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2137\A0444914.exe Win32/PsExec.131 application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\r_server.exe Win32/RemoteAdmin application cleaned by deleting - quarantined

thank you kr




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users