Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, Trojan, Spyware


  • This topic is locked This topic is locked
66 replies to this topic

#1 zooter

zooter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 01 July 2011 - 07:18 PM

continuation from my other thread http://www.bleepingcomputer.com/forums/topic398314.html/page__st__45
as requested:
DDS log
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by M Iudice at 16:54:37 on 2011-07-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.34 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.solsticeweb.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511080435.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [DataLayer] c:\progra~1\common~1\pcsuite\datala~1\DATALA~1.EXE
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
LSP: mswsock.dll
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{75D862A1-5B6E-4602-AEAC-E9228C0E697B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srr scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\m iudice\application data\mozilla\firefox\profiles\mfuxj8qu.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mail.solsticeweb.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\m iudice\application data\mozilla\firefox\profiles\mfuxj8qu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\m iudice\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Total Validator: validator@totalvalidator.com - %profile%\extensions\validator@totalvalidator.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-5 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-30 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-30 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-30 188136]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-7-24 508544]
R3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-7-24 3768]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-30 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-30 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-30 88736]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-30 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-30 271480]
S2 McShield;McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-30 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-30 56064]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-5 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-30 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-30 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-5 40552]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-7-24 184320]
.
=============== Created Last 30 ================
.
2011-06-30 21:57:34 54016 ----a-w- c:\windows\system32\drivers\bsryws.sys
2011-06-30 17:13:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-30 17:06:17 -------- d-----w- c:\windows\system32\CatRoot2
2011-06-30 07:44:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-30 07:44:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-17 10:25:39 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-06-09 01:58:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 01:17:37 135560296 ----a-w- C:\RegBackup.reg
2011-05-20 17:30:01 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
.
============= FINISH: 17:02:09.31 ===============

Also I wasnt able to attach the attch.txt or as a zip file. It says the file is too big
please advise........

Edited by boopme, 06 July 2011 - 11:48 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 10 July 2011 - 06:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 July 2011 - 07:37 PM

Hello
Yes Ive been anxiously awaiting a reply and help
let me know what to do next
thanks

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 11 July 2011 - 04:19 PM

I've took a look at the last topic. Can you just confirm the symptoms you have.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 11 July 2011 - 04:29 PM

ok here are the results of the scan
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 14:27:05
-----------------------------
14:27:05.210 OS Version: Windows 5.1.2600 Service Pack 3
14:27:05.210 Number of processors: 2 586 0x403
14:27:05.210 ComputerName: L***** UserName:
14:27:22.710 Initialize success
14:27:42.804 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:27:42.804 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
14:27:44.850 Disk 0 MBR read successfully
14:27:44.866 Disk 0 MBR scan
14:27:44.866 Disk 0 unknown MBR code
14:27:46.866 Disk 0 scanning sectors +156232125
14:27:46.897 Disk 0 scanning C:\WINDOWS\system32\drivers
14:27:50.397 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
14:28:04.804 Service scanning
14:28:08.913 Disk 0 trace - called modules:
14:28:08.929 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf85db890]<<
14:28:08.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8315cab8]
14:28:08.929 3 CLASSPNP.SYS[f84b5fd7] -> nt!IofCallDriver -> [0x8283c030]
14:28:08.929 \Driver\Disk[0x83023368] -> IRP_MJ_CREATE -> 0xf85db890
14:28:08.929 Scan finished successfully
14:28:32.225 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\M Iudice\Desktop\MBR.dat"
14:28:32.225 The log file has been saved successfully to "C:\Documents and Settings\M Iudice\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 11 July 2011 - 07:23 PM

Please run TDSSKiller and then MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And


Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 12 July 2011 - 12:38 AM

here is the 1st log
2011/07/11 22:29:41.0210 3468 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 22:29:42.0179 3468 ================================================================================
2011/07/11 22:29:42.0194 3468 SystemInfo:
2011/07/11 22:29:42.0194 3468
2011/07/11 22:29:42.0194 3468 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/11 22:29:42.0194 3468 Product type: Workstation
2011/07/11 22:29:42.0194 3468 ComputerName: L*****
2011/07/11 22:29:42.0194 3468 UserName: M I*****
2011/07/11 22:29:42.0194 3468 Windows directory: C:\WINDOWS
2011/07/11 22:29:42.0194 3468 System windows directory: C:\WINDOWS
2011/07/11 22:29:42.0194 3468 Processor architecture: Intel x86
2011/07/11 22:29:42.0194 3468 Number of processors: 2
2011/07/11 22:29:42.0194 3468 Page size: 0x1000
2011/07/11 22:29:42.0194 3468 Boot type: Normal boot
2011/07/11 22:29:42.0194 3468 ================================================================================
2011/07/11 22:29:44.0600 3468 Initialize success
2011/07/11 22:30:23.0897 3816 Deinitialize success

here is 2nd log
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF8975000 \WINDOWS\system32\KDCOM.DLL
0xF8885000 \WINDOWS\system32\BOOTVID.dll
0xF835F000 73847789.sys
0xF8331000 ACPI.sys
0xF8977000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8320000 pci.sys
0xF8475000 isapnp.sys
0xF8A3D000 pciide.sys
0xF86F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8979000 intelide.sys
0xF8485000 MountMgr.sys
0xF8301000 ftdisk.sys
0xF897B000 dmload.sys
0xF82DB000 dmio.sys
0xF86FD000 PartMgr.sys
0xF8495000 VolSnap.sys
0xF82C3000 atapi.sys
0xF84A5000 disk.sys
0xF84B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82A3000 fltmgr.sys
0xF8291000 sr.sys
0xF8234000 mfehidk.sys
0xF821E000 DRVMCDB.SYS
0xF84C5000 PxHelp20.sys
0xF8207000 KSecDD.sys
0xF81F4000 WudfPf.sys
0xF8167000 Ntfs.sys
0xF813A000 NDIS.sys
0xF8120000 Mup.sys
0xF8535000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF74B9000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF74A5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF747D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF87DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7459000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF87E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7425000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF7402000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7303000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF725C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF87ED000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7236000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8545000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF89AB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF8555000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8565000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8B71000 \SystemRoot\system32\DRIVERS\CamdVideo32.sys
0xF71B9000 \SystemRoot\system32\drivers\CamdDriverV32.sys
0xF7195000 \SystemRoot\system32\drivers\portcls.sys
0xF8575000 \SystemRoot\system32\drivers\drmk.sys
0xF8B7C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7181000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF8585000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF80CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF716A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8595000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF85A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF87F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7159000 \SystemRoot\system32\DRIVERS\psched.sys
0xF85B5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7135000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF70EA000 \SystemRoot\system32\drivers\mfefirek.sys
0xF87FD000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8805000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7092000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF85C5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF880D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8815000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF89B1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7034000 \SystemRoot\system32\DRIVERS\update.sys
0xF8935000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF85D5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8959000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA6AA000 \SystemRoot\system32\drivers\sthda.sys
0xF8605000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8969000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF89BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A55000 \SystemRoot\System32\Drivers\Null.SYS
0xF89BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8835000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF883D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8845000 \SystemRoot\System32\drivers\vga.sys
0xF89BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF884D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8855000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF80EB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA396000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA33D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA32A000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF8635000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA302000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA2E0000 \SystemRoot\System32\drivers\afd.sys
0xF8645000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF885D000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xAA2BE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8865000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA293000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA223000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8665000 \SystemRoot\System32\Drivers\Fips.SYS
0xF886D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF70D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8695000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF70CE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF70C6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA90E4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8E88000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF89CF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7010000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87C5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B75000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF15A000 \SystemRoot\System32\ATMFD.DLL
0xF86E5000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8AD6000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA8DFA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF7014000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF89E5000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF8875000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA8DE2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA8DCC000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA8E18000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8B47000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8A07000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8A3E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8996000 \SystemRoot\system32\DRIVERS\srv.sys
0xA89F6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA87C9000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8926000 \SystemRoot\system32\drivers\sysaudio.sys
0xA87A9000 \SystemRoot\system32\drivers\cfwids.sys
0xF897F000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA7A28000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
940 C:\WINDOWS\system32\smss.exe
988 csrss.exe
1012 C:\WINDOWS\system32\winlogon.exe
1056 C:\WINDOWS\system32\services.exe
1068 C:\WINDOWS\system32\lsass.exe
1268 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1484 C:\WINDOWS\system32\svchost.exe
1528 C:\WINDOWS\system32\svchost.exe
1568 svchost.exe
1608 svchost.exe
1912 C:\WINDOWS\system32\spoolsv.exe
240 svchost.exe
292 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
296 C:\Program Files\Bonjour\mDNSResponder.exe
348 C:\WINDOWS\ehome\ehrecvr.exe
364 C:\WINDOWS\ehome\ehSched.exe
424 C:\Program Files\Java\jre6\bin\jqs.exe
560 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
688 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1456 C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
1632 C:\WINDOWS\explorer.exe
1660 C:\WINDOWS\system32\rundll32.exe
340 svchost.exe
1116 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
804 C:\WINDOWS\system32\wuauclt.exe
1316 mcrdsvc.exe
1540 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3068 C:\WINDOWS\system32\dllhost.exe
3124 C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
3212 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
3312 C:\Program Files\McAfee.com\Agent\mcagent.exe
3452 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3632 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3692 C:\WINDOWS\system32\wscntfy.exe
3708 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3724 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3812 C:\Program Files\DellSupport\DSAgnt.exe
3840 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
4012 C:\WINDOWS\system32\ctfmon.exe
648 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3388 C:\Program Files\Mozilla Firefox\firefox.exe
1324 C:\Documents and Settings\M Iudice\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`cfdf4400 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 12 July 2011 - 04:45 PM

TDSSKiller didn't run to conclusion. Try running it again and post the log before we continue on.
Posted Image
m0le is a proud member of UNITE

#9 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 12 July 2011 - 05:21 PM

2011/07/12 15:20:32.0916 3940 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 15:20:33.0806 3940 ================================================================================
2011/07/12 15:20:33.0806 3940 SystemInfo:
2011/07/12 15:20:33.0806 3940
2011/07/12 15:20:33.0806 3940 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 15:20:33.0806 3940 Product type: Workstation
2011/07/12 15:20:33.0806 3940 ComputerName: LANDICE
2011/07/12 15:20:33.0806 3940 UserName: M Iudice
2011/07/12 15:20:33.0806 3940 Windows directory: C:\WINDOWS
2011/07/12 15:20:33.0806 3940 System windows directory: C:\WINDOWS
2011/07/12 15:20:33.0806 3940 Processor architecture: Intel x86
2011/07/12 15:20:33.0806 3940 Number of processors: 2
2011/07/12 15:20:33.0806 3940 Page size: 0x1000
2011/07/12 15:20:33.0806 3940 Boot type: Normal boot
2011/07/12 15:20:33.0806 3940 ================================================================================
2011/07/12 15:20:36.0150 3940 Initialize success
2011/07/12 15:20:38.0712 1684 ================================================================================
2011/07/12 15:20:38.0712 1684 Scan started
2011/07/12 15:20:38.0712 1684 Mode: Manual;
2011/07/12 15:20:38.0712 1684 ================================================================================
2011/07/12 15:20:41.0416 1684 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/12 15:20:41.0462 1684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 15:20:41.0494 1684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 15:20:41.0525 1684 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/12 15:20:41.0556 1684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 15:20:41.0650 1684 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 15:20:41.0728 1684 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/12 15:20:41.0759 1684 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/12 15:20:41.0806 1684 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/12 15:20:41.0822 1684 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/12 15:20:41.0900 1684 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/12 15:20:41.0931 1684 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/12 15:20:41.0962 1684 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/12 15:20:42.0009 1684 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/12 15:20:42.0072 1684 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/12 15:20:42.0103 1684 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/12 15:20:42.0181 1684 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/12 15:20:42.0228 1684 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/12 15:20:42.0291 1684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 15:20:42.0337 1684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 15:20:42.0431 1684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 15:20:42.0478 1684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 15:20:42.0494 1684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 15:20:42.0587 1684 CamdDriverV32 (eb6e7f3f1f5ed65c3afdc0ea9cd24a72) C:\WINDOWS\system32\drivers\CamdDriverV32.sys
2011/07/12 15:20:42.0666 1684 CamdVideo32 (cdd8b9ba186874f11618ff4b835fad75) C:\WINDOWS\system32\DRIVERS\CamdVideo32.sys
2011/07/12 15:20:42.0728 1684 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/12 15:20:42.0744 1684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 15:20:42.0806 1684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/12 15:20:42.0822 1684 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/12 15:20:42.0853 1684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 15:20:42.0884 1684 Cdfs (994b68efb4d24c52da52cf5072311564) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 15:20:42.0900 1684 Cdfs - detected Rootkit.Win32.ZAccess.c (0)
2011/07/12 15:20:42.0947 1684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 15:20:43.0025 1684 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/07/12 15:20:43.0103 1684 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/12 15:20:43.0150 1684 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/12 15:20:43.0197 1684 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/12 15:20:43.0291 1684 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/12 15:20:43.0462 1684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 15:20:43.0556 1684 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/12 15:20:43.0572 1684 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/12 15:20:43.0587 1684 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/12 15:20:43.0634 1684 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/12 15:20:43.0666 1684 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/12 15:20:43.0697 1684 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/12 15:20:43.0775 1684 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/12 15:20:43.0806 1684 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/12 15:20:43.0837 1684 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/12 15:20:43.0916 1684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 15:20:43.0994 1684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 15:20:44.0041 1684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 15:20:44.0087 1684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 15:20:44.0150 1684 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/12 15:20:44.0244 1684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 15:20:44.0322 1684 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/12 15:20:44.0353 1684 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/12 15:20:44.0494 1684 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/07/12 15:20:44.0556 1684 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/07/12 15:20:44.0619 1684 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/12 15:20:44.0712 1684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 15:20:44.0744 1684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 15:20:44.0806 1684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 15:20:44.0853 1684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 15:20:44.0884 1684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 15:20:44.0931 1684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 15:20:45.0009 1684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 15:20:45.0181 1684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 15:20:45.0228 1684 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/12 15:20:45.0259 1684 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 15:20:45.0291 1684 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/12 15:20:45.0384 1684 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/12 15:20:45.0462 1684 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/12 15:20:45.0619 1684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 15:20:45.0681 1684 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/12 15:20:45.0759 1684 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/12 15:20:45.0806 1684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 15:20:45.0916 1684 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/12 15:20:46.0103 1684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 15:20:46.0181 1684 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/12 15:20:46.0259 1684 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/12 15:20:46.0306 1684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/12 15:20:46.0337 1684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 15:20:46.0400 1684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 15:20:46.0494 1684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 15:20:46.0541 1684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 15:20:46.0587 1684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 15:20:46.0634 1684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 15:20:46.0728 1684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 15:20:46.0791 1684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 15:20:46.0837 1684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/12 15:20:46.0869 1684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 15:20:46.0916 1684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 15:20:47.0087 1684 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/12 15:20:47.0166 1684 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/12 15:20:47.0244 1684 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/12 15:20:47.0337 1684 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/12 15:20:47.0416 1684 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/07/12 15:20:47.0462 1684 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/12 15:20:47.0541 1684 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/12 15:20:47.0556 1684 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/12 15:20:47.0634 1684 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/07/12 15:20:47.0666 1684 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/07/12 15:20:47.0712 1684 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/07/12 15:20:47.0759 1684 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/07/12 15:20:47.0806 1684 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/12 15:20:47.0869 1684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 15:20:47.0916 1684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 15:20:47.0947 1684 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/12 15:20:47.0978 1684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 15:20:48.0009 1684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 15:20:48.0056 1684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 15:20:48.0119 1684 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2011/07/12 15:20:48.0181 1684 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/12 15:20:48.0228 1684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 15:20:48.0306 1684 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 15:20:48.0369 1684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 15:20:48.0431 1684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 15:20:48.0509 1684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 15:20:48.0587 1684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 15:20:48.0634 1684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 15:20:48.0666 1684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/12 15:20:48.0744 1684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 15:20:48.0791 1684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/12 15:20:48.0853 1684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 15:20:48.0900 1684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/12 15:20:48.0947 1684 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 15:20:48.0978 1684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 15:20:49.0009 1684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 15:20:49.0056 1684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 15:20:49.0103 1684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 15:20:49.0212 1684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 15:20:49.0306 1684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 15:20:49.0431 1684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 15:20:49.0759 1684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 15:20:49.0869 1684 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/12 15:20:49.0978 1684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 15:20:50.0072 1684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 15:20:50.0119 1684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 15:20:50.0150 1684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 15:20:50.0181 1684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 15:20:50.0259 1684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 15:20:50.0306 1684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/12 15:20:50.0400 1684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 15:20:50.0603 1684 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/12 15:20:50.0634 1684 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/12 15:20:50.0728 1684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 15:20:50.0759 1684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 15:20:50.0791 1684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 15:20:50.0853 1684 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/12 15:20:50.0900 1684 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/12 15:20:50.0931 1684 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/12 15:20:51.0041 1684 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/12 15:20:51.0087 1684 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/12 15:20:51.0134 1684 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/12 15:20:51.0244 1684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 15:20:51.0306 1684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 15:20:51.0353 1684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 15:20:51.0400 1684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 15:20:51.0447 1684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 15:20:51.0478 1684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 15:20:51.0587 1684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 15:20:51.0619 1684 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 15:20:51.0650 1684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 15:20:51.0775 1684 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 15:20:51.0822 1684 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 15:20:51.0947 1684 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/07/12 15:20:52.0056 1684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 15:20:52.0103 1684 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/12 15:20:52.0150 1684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 15:20:52.0244 1684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 15:20:52.0353 1684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 15:20:52.0462 1684 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/12 15:20:52.0494 1684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/12 15:20:52.0541 1684 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/12 15:20:52.0587 1684 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/12 15:20:52.0634 1684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 15:20:52.0697 1684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 15:20:52.0759 1684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 15:20:52.0853 1684 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/12 15:20:52.0994 1684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/12 15:20:53.0056 1684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 15:20:53.0087 1684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 15:20:53.0134 1684 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/12 15:20:53.0166 1684 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/12 15:20:53.0212 1684 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/12 15:20:53.0306 1684 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/12 15:20:53.0353 1684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 15:20:53.0431 1684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 15:20:53.0478 1684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 15:20:53.0494 1684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 15:20:53.0525 1684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 15:20:53.0666 1684 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/12 15:20:53.0728 1684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 15:20:53.0775 1684 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/12 15:20:53.0806 1684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 15:20:53.0931 1684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 15:20:54.0056 1684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 15:20:54.0087 1684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 15:20:54.0119 1684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 15:20:54.0150 1684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 15:20:54.0212 1684 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 15:20:54.0228 1684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 15:20:54.0275 1684 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/12 15:20:54.0337 1684 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/12 15:20:54.0400 1684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 15:20:54.0494 1684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 15:20:54.0619 1684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 15:20:54.0681 1684 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/12 15:20:54.0822 1684 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/12 15:20:54.0884 1684 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/12 15:20:54.0947 1684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/12 15:20:55.0025 1684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 15:20:55.0087 1684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 15:20:55.0197 1684 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/07/12 15:20:55.0212 1684 Boot (0x1200) (9ce426db20431de6fdbeb5f556284148) \Device\Harddisk0\DR0\Partition0
2011/07/12 15:20:55.0259 1684 Boot (0x1200) (73469003bce0972dfc8edda707c6b99c) \Device\Harddisk0\DR0\Partition1
2011/07/12 15:20:55.0259 1684 ================================================================================
2011/07/12 15:20:55.0259 1684 Scan finished
2011/07/12 15:20:55.0259 1684 ================================================================================
2011/07/12 15:20:55.0275 3492 Detected object count: 1
2011/07/12 15:20:55.0275 3492 Actual detected object count: 1
2011/07/12 15:21:01.0322 3492 Cdfs (994b68efb4d24c52da52cf5072311564) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 15:21:08.0556 3492 Backup copy found, using it..
2011/07/12 15:21:08.0619 3492 C:\WINDOWS\system32\drivers\Cdfs.sys - will be cured after reboot
2011/07/12 15:21:08.0619 3492 Rootkit.Win32.ZAccess.c(Cdfs) - User select action: Cure

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 12 July 2011 - 06:15 PM

A-ha! Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 12 July 2011 - 08:14 PM

Results of MBAM scan
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 5:57:54 PM
mbam-log-2011-07-12 (17-57-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 366493
Time elapsed: 1 hour(s), 28 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 12 July 2011 - 09:02 PM

I noticed that still when I go to Start Menu>all programs> (whatever program shows it as being (empty)

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 13 July 2011 - 04:16 PM

Now that the rootkit has been dispatched can you run Unhide again - instructions, if you need them, below

Please download Unhide

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Edited by m0le, 13 July 2011 - 04:23 PM.

Posted Image
m0le is a proud member of UNITE

#14 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 13 July 2011 - 04:27 PM

while running unhide, I got a popup from the bottom right tool bar that says, attrib.exe corrupt file
please run the Chkdsk untility

#15 zooter

zooter
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 13 July 2011 - 04:40 PM

finished running unhide, though some files from Start>all programs> show >(empty) still




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users