Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

systematic elimination of my protection


  • Please log in to reply
31 replies to this topic

#1 Tempestus

Tempestus

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 03 July 2011 - 10:19 PM

Using Windows XP, Google chrome, MSE, Malwarebytes anti-malware, and spybot search and destroy.
I use MSE and noticed it was red, and it said it needed to be restarted. I attempted to start it, and got a window saying...
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access this item."
I've since tried to fire up my spybot S+D, Malwarebytes, and Hijack this, and all three started to open, but then got nowhere. when I went to start them up again, I got the same msg as the MSE. I've tried to uninstall, and re-install MSE, but it wouldn't let me finish the installation.
Since this started happening, IE occasionally pops up to attempt to load something. I deny everything it comes up with because I don't even use IE.

What steps should I follow to identify, and clean this system?

This is a Dell Laptop Latitude d510 that I use for my small business, and need to be up and running fairly soon.

Thank you for your help,
Tempestus

Edited by hamluis, 04 July 2011 - 07:32 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 03 July 2011 - 10:54 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

===============================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 03 July 2011 - 11:16 PM

Checkup results..

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Spybot - Search & Destroy 1.4
SpywareBlaster 4.4
Spybot - Search & Destroy
HijackThis 2.0.2
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-GB)
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

=======================================
MiniToolBox by Farbar
Ran by Dell Customer (administrator) on 03-07-2011 at 23:05:25
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 activate.adobe.com

#Norton 360 Starts.


#Norton 360 Ends.






=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 5"

set address name="Local Area Connection 5" source=dhcp
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell-636c42c08e

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : paulbunyan.net



Ethernet adapter Local Area Connection 5:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-14-22-C3-3B-1B



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : paulbunyan.net

Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card

Physical Address. . . . . . . . . : 00-90-4B-E7-C8-73

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.203.101

192.168.203.102

Lease Obtained. . . . . . . . . . : Sunday, July 03, 2011 11:01:52 PM

Lease Expires . . . . . . . . . . : Monday, July 04, 2011 11:01:52 PM

Server: dns1.paulbunyan.net
Address: 192.168.203.101

Name: google.com
Addresses: 74.125.225.48, 74.125.225.49, 74.125.225.50, 74.125.225.51
74.125.225.52



Pinging google.com [74.125.225.52] with 32 bytes of data:



Reply from 74.125.225.52: bytes=32 time=22ms TTL=56

Reply from 74.125.225.52: bytes=32 time=27ms TTL=56



Ping statistics for 74.125.225.52:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 27ms, Average = 24ms

Server: dns1.paulbunyan.net
Address: 192.168.203.101

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=89ms TTL=53

Reply from 72.30.2.43: bytes=32 time=89ms TTL=53



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 89ms, Average = 89ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 22 c3 3b 1b ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 90 4b e7 c8 73 ...... Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 25
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 25
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 25
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
255.255.255.255 255.255.255.255 192.168.1.104 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2011 10:04:29 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (07/03/2011 10:03:53 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643morrobootstraper__cinstallflow__internalrun - getaminstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2011 09:59:49 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (07/03/2011 07:06:50 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (07/03/2011 06:52:16 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.0.657.00x80070643morrobootstraper__cinstallflow__internalrun - getaminstallaction - the installer has insufficient prmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2011 06:52:15 PM) (Source: MsiInstaller) (User: Dell Customer)Dell Customer
Description: Product: Microsoft Antimalware -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe.

Error: (07/03/2011 06:50:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070643morrobootstraper__cupgradeflow__internalrun - getaminstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2011 06:50:40 PM) (Source: MsiInstaller) (User: Dell Customer)Dell Customer
Description: Product: Microsoft Antimalware -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe.

Error: (07/03/2011 04:19:14 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80070005startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2011 04:11:25 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80070005startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


System errors:
=============
Error: (07/03/2011 09:21:30 PM) (Source: 0) (User: )
Description: 0xC0000010LACPI#PNP0303#2&da1a3ff&0

Error: (07/03/2011 09:19:48 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/03/2011 09:11:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (07/03/2011 09:10:11 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/03/2011 09:08:36 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/03/2011 09:08:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (07/03/2011 09:07:17 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/03/2011 06:45:03 PM) (Source: 0) (User: )
Description: 0xC0000010loader.tlbACPI#PNP0303#2&da1a3ff&0

Error: (07/03/2011 06:40:08 PM) (Source: 0) (User: )
Description: 0xC0000010loader.tlbACPI#PNP0303#2&da1a3ff&0

Error: (07/03/2011 06:34:45 PM) (Source: 0) (User: )
Description: 0xC0000010loader.tlbACPI#PNP0303#2&da1a3ff&0


Microsoft Office Sessions:
=========================
Error: (06/13/2011 08:12:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30965 seconds with 4200 seconds of active time. This session ended with a crash.


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 77%
Total physical RAM: 503.37 MB
Available physical RAM: 111.63 MB
Total Pagefile: 1994.6 MB
Available Pagefile: 1666.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.33 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:37.26 GB) (Free:3.04 GB) NTFS

================= Users: ==================================================

User accounts for \\

-------------------------------------------------------------------------------
Administrator Dell Customer Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_3f151ab9
The command completed with one or more errors.

================= End of Users ============================================



==============================================================================================



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF75E5000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1175552 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF735F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF72B2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7519000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF839C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA627000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF71CE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA70C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF16E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF74D6000 C:\WINDOWS\system32\drivers\stac97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xF745C000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF722C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8503000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF836F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA697000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA6E4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA601000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF74B2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF75AD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF748F000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA6C2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8465000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84B5000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84D4000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7298000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF8355000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF849D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA5C1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8485000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF843C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF726D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA1EB000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA9F56000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7284000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF75D1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA765000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8429000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8453000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84F2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF725C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8822000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7AE8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8642000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7B08000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7B28000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7AD8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA113000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF87D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8652000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8692000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7B18000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8722000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8672000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8782000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF86B2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7B38000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF8802000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7AF8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8662000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8772000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8632000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF87B2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF86A2000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF87A2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA9A18000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8682000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8682000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7B48000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8792000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF87E2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8892000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88C2000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF89B2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A12000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF89AA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF899A000 C:\WINDOWS\System32\Drivers\987033735.SYS 28672 bytes
0xF88B2000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF89C2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF89BA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF89A2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A02000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A0A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF89EA000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF88BA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF89DA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF89CA000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF89E2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF89D2000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8A1A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A4A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8B26000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7A72000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA30D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8B2E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8A42000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8A46000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF71BA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAA163000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A92000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8B02000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B82000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B8C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B80000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B36000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B32000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B84000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B68000 C:\WINDOWS\system32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000/XP)
0xF8BCC000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B86000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B76000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B38000 tiumflt.sys 8192 bytes (Texas Instruments Inc., tiumflt.sys)
0xF8B7A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B34000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D0F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8CD9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C6C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BFA000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8D5C000 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
0x82A510DE unknown_irp_handler 3874 bytes
0xF86D8890 unknown_irp_handler 1904 bytes
==============================================
>Stealth
==============================================
0xF86D811F Unknown page with executable code, 3809 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\987033735.sys]
0xF86D96F0 Unknown thread object [ ETHREAD 0x82E3AAA8 ] TID: 124, 600 bytes

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 03 July 2011 - 11:56 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 04 July 2011 - 12:10 AM

2011/07/03 23:58:06.0390 2272 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/03 23:58:07.0093 2272 ================================================================================
2011/07/03 23:58:07.0093 2272 SystemInfo:
2011/07/03 23:58:07.0093 2272
2011/07/03 23:58:07.0093 2272 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/03 23:58:07.0093 2272 Product type: Workstation
2011/07/03 23:58:07.0093 2272 ComputerName: DELL-636C42C08E
2011/07/03 23:58:07.0093 2272 UserName: Dell Customer
2011/07/03 23:58:07.0093 2272 Windows directory: C:\WINDOWS
2011/07/03 23:58:07.0093 2272 System windows directory: C:\WINDOWS
2011/07/03 23:58:07.0093 2272 Processor architecture: Intel x86
2011/07/03 23:58:07.0093 2272 Number of processors: 1
2011/07/03 23:58:07.0093 2272 Page size: 0x1000
2011/07/03 23:58:07.0093 2272 Boot type: Normal boot
2011/07/03 23:58:07.0093 2272 ================================================================================
2011/07/03 23:58:11.0218 2272 Initialize success
2011/07/03 23:58:25.0609 2576 ================================================================================
2011/07/03 23:58:25.0609 2576 Scan started
2011/07/03 23:58:25.0609 2576 Mode: Manual;
2011/07/03 23:58:25.0609 2576 ================================================================================
2011/07/03 23:58:27.0250 2576 Suspicious service (NoAccess): 987033735
2011/07/03 23:58:27.0375 2576 987033735 (78bdf35b004b490074acea8a885cbb8d) C:\WINDOWS\system32\drivers\987033735.sys
2011/07/03 23:58:27.0375 2576 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\987033735.sys. md5: 78bdf35b004b490074acea8a885cbb8d
2011/07/03 23:58:27.0390 2576 987033735 - detected LockedService.Multi.Generic (1)
2011/07/03 23:58:27.0484 2576 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/07/03 23:58:27.0531 2576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/03 23:58:27.0890 2576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/03 23:58:28.0031 2576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/03 23:58:28.0078 2576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/03 23:58:28.0125 2576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/03 23:58:28.0343 2576 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/07/03 23:58:28.0406 2576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/03 23:58:28.0562 2576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/03 23:58:28.0750 2576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/03 23:58:28.0859 2576 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/03 23:58:28.0968 2576 atimtai (84a86a5d286afa48d4ee88ba869806dd) C:\WINDOWS\system32\DRIVERS\atimtai.sys
2011/07/03 23:58:29.0062 2576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/03 23:58:29.0156 2576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/03 23:58:29.0218 2576 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/07/03 23:58:29.0312 2576 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/03 23:58:29.0375 2576 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/03 23:58:29.0515 2576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/03 23:58:29.0562 2576 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/07/03 23:58:29.0687 2576 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/07/03 23:58:29.0796 2576 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/07/03 23:58:29.0859 2576 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/07/03 23:58:29.0921 2576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/03 23:58:30.0031 2576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/03 23:58:30.0093 2576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/03 23:58:30.0187 2576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/03 23:58:30.0250 2576 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/03 23:58:30.0328 2576 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/03 23:58:30.0390 2576 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/03 23:58:30.0578 2576 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
2011/07/03 23:58:30.0656 2576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/03 23:58:30.0765 2576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/03 23:58:30.0890 2576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/03 23:58:31.0000 2576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/03 23:58:31.0046 2576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/03 23:58:31.0171 2576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/03 23:58:31.0218 2576 E100B (18320a557cf377f08769f91cbed346ec) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/03 23:58:31.0281 2576 EL556ND5 (14304cb9ff0a9d2a79a7a54b28a5909a) C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
2011/07/03 23:58:31.0343 2576 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/07/03 23:58:31.0406 2576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/03 23:58:31.0484 2576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/03 23:58:31.0531 2576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/03 23:58:31.0578 2576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/03 23:58:31.0750 2576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/03 23:58:31.0812 2576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/03 23:58:31.0843 2576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/03 23:58:31.0890 2576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/03 23:58:31.0937 2576 GTICARD (5ccb2f5cd9f8b6a7dfd57e5346ee5796) C:\WINDOWS\system32\DRIVERS\gticard.sys
2011/07/03 23:58:31.0984 2576 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/07/03 23:58:32.0093 2576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/03 23:58:32.0218 2576 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/03 23:58:32.0328 2576 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2011/07/03 23:58:32.0484 2576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/03 23:58:32.0609 2576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/03 23:58:32.0781 2576 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/03 23:58:32.0937 2576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/03 23:58:33.0031 2576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/03 23:58:33.0078 2576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/03 23:58:33.0125 2576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/03 23:58:33.0187 2576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/03 23:58:33.0265 2576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/03 23:58:33.0312 2576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/03 23:58:33.0359 2576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/03 23:58:33.0406 2576 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/07/03 23:58:33.0437 2576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/03 23:58:33.0500 2576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/03 23:58:33.0546 2576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/03 23:58:33.0718 2576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/03 23:58:33.0781 2576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/03 23:58:33.0906 2576 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/03 23:58:33.0953 2576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/03 23:58:34.0046 2576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/03 23:58:34.0093 2576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/03 23:58:34.0156 2576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/03 23:58:34.0187 2576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/03 23:58:34.0796 2576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/03 23:58:34.0875 2576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/03 23:58:34.0968 2576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/03 23:58:35.0046 2576 Msikbd2k (9b99b04c28ccd19741dbbed64480195c) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2011/07/03 23:58:35.0093 2576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/03 23:58:35.0125 2576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/03 23:58:35.0156 2576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/03 23:58:35.0203 2576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/03 23:58:35.0281 2576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/03 23:58:35.0406 2576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/03 23:58:35.0453 2576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/03 23:58:35.0484 2576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/03 23:58:35.0531 2576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/03 23:58:35.0625 2576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/03 23:58:35.0687 2576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/03 23:58:36.0000 2576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/03 23:58:36.0171 2576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/03 23:58:36.0218 2576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/03 23:58:36.0296 2576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/03 23:58:36.0421 2576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/03 23:58:36.0484 2576 NWADI (091a1284aa583288b64dcd370d1b421e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/07/03 23:58:36.0546 2576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/03 23:58:36.0593 2576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/03 23:58:36.0718 2576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/03 23:58:36.0781 2576 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/07/03 23:58:36.0843 2576 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2011/07/03 23:58:36.0906 2576 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/07/03 23:58:36.0937 2576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/03 23:58:37.0046 2576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/03 23:58:37.0093 2576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/03 23:58:37.0171 2576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/03 23:58:37.0265 2576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/03 23:58:37.0296 2576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/03 23:58:37.0593 2576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/03 23:58:37.0656 2576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/03 23:58:37.0718 2576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/03 23:58:37.0796 2576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/03 23:58:37.0984 2576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/03 23:58:38.0046 2576 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/03 23:58:38.0171 2576 Rasl2tp (1b8467013b302151a5f20fd6900ed262) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/03 23:58:38.0187 2576 Rasl2tp - detected Rootkit.Win32.ZAccess.c (0)
2011/07/03 23:58:38.0234 2576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/03 23:58:38.0250 2576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/03 23:58:38.0296 2576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/03 23:58:38.0343 2576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/03 23:58:38.0406 2576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/03 23:58:38.0500 2576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/03 23:58:38.0562 2576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/03 23:58:38.0671 2576 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/07/03 23:58:38.0828 2576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/03 23:58:38.0890 2576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/03 23:58:38.0921 2576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/03 23:58:38.0984 2576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/03 23:58:39.0171 2576 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/07/03 23:58:39.0265 2576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/03 23:58:39.0328 2576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/03 23:58:39.0453 2576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/03 23:58:39.0593 2576 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
2011/07/03 23:58:39.0875 2576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/03 23:58:39.0968 2576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/03 23:58:41.0359 2576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/03 23:58:41.0500 2576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/03 23:58:41.0734 2576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/03 23:58:41.0781 2576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/03 23:58:41.0828 2576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/03 23:58:41.0890 2576 tiumfwl (7ed11f79540ff1bc2ac12d2ae489474a) C:\WINDOWS\system32\drivers\tiumfwl.sys
2011/07/03 23:58:42.0078 2576 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/07/03 23:58:42.0187 2576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/03 23:58:42.0343 2576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/03 23:58:42.0468 2576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/03 23:58:42.0531 2576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/03 23:58:42.0796 2576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/03 23:58:43.0015 2576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/03 23:58:43.0250 2576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/03 23:58:43.0421 2576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/03 23:58:43.0593 2576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/03 23:58:44.0515 2576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/03 23:58:44.0703 2576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/03 23:58:45.0218 2576 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/07/03 23:58:45.0437 2576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/03 23:58:45.0625 2576 WDHAALBA (477ed2208e2e501987dd4a1304e92091) C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys
2011/07/03 23:58:45.0953 2576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/03 23:58:46.0453 2576 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/03 23:58:46.0890 2576 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/03 23:58:48.0125 2576 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/03 23:58:48.0234 2576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/03 23:58:48.0546 2576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/03 23:58:48.0906 2576 MBR (0x1B8) (5f8b5082f3482cc06b72ec5806598ae9) \Device\Harddisk0\DR0
2011/07/03 23:58:49.0000 2576 Boot (0x1200) (525b8890505ea169566d8c503f4f749e) \Device\Harddisk0\DR0\Partition0
2011/07/03 23:58:49.0015 2576 ================================================================================
2011/07/03 23:58:49.0015 2576 Scan finished
2011/07/03 23:58:49.0015 2576 ================================================================================
2011/07/03 23:58:49.0062 2740 Detected object count: 2
2011/07/03 23:58:49.0062 2740 Actual detected object count: 2
2011/07/03 23:59:40.0453 2740 LockedService.Multi.Generic(987033735) - User select action: Skip
2011/07/03 23:59:40.0578 2740 Rasl2tp (1b8467013b302151a5f20fd6900ed262) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/03 23:59:45.0406 2740 Backup copy found, using it..
2011/07/03 23:59:45.0468 2740 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - will be cured after reboot
2011/07/03 23:59:45.0468 2740 Rootkit.Win32.ZAccess.c(Rasl2tp) - User select action: Cure
2011/07/03 23:59:55.0312 2640 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 04 July 2011 - 12:12 AM

Very good :)
Please re-run RKUnhooker and post fresh log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 04 July 2011 - 12:18 AM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF759A000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1175552 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7314000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7267000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF74CE000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF8387000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA627000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7183000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA70C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF16E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF748B000 C:\WINDOWS\system32\drivers\stac97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xF7411000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF71E1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF84EE000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF835A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA697000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA6E4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA601000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7467000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7562000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7444000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA6C2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8450000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84A0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84BF000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF724D000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF8340000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8488000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA5E9000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8470000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF8427000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7222000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA2B3000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF851C000 97405540.sys 86016 bytes
0xAA046000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7239000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7586000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA765000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8414000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF843E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84DD000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7211000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8802000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF86F2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8642000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A8D000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7AAD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8702000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA1C3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8782000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8652000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8692000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7A9D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8712000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8672000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8732000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF86B2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7ABD000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF87C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF86E2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8662000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8722000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8632000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8762000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF86A2000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8752000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA97F0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8682000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7ACD000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8742000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8792000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF87B2000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88C2000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF89BA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A22000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF89B2000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF89A2000 C:\WINDOWS\System32\Drivers\987033735.SYS 28672 bytes
0xF88B2000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF89CA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF89C2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF89AA000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A12000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A1A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF89FA000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF88BA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF89EA000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF89D2000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF89F2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF89DA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF88FA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A4A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8B22000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF82E7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA3D9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF830B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8A42000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8A46000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7A3B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAA147000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF82FF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8AE6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B88000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8BA4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B86000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B36000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B32000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B8A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B78000 C:\WINDOWS\system32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000/XP)
0xF8B7A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B8C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B7C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B38000 tiumflt.sys 8192 bytes (Texas Instruments Inc., tiumflt.sys)
0xF8B80000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B34000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D54000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8D32000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D65000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BFA000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8C29000 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
0x82A290DE unknown_irp_handler 3874 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\987033735.sys]

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 04 July 2011 - 12:20 AM

Very well. That looks better.

I want you to check if MBAM will update and run now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 04 July 2011 - 12:27 AM

updated mbam, and am scanning now

#10 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 04 July 2011 - 12:32 AM

mbam shut down after it had scanned just a few items. when i tried to start it again, my symptoms started all over again.
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access this item."

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 04 July 2011 - 10:32 AM

Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 04 July 2011 - 11:50 PM

Sorry about the super slow response. Along the way, my wireless connection is shot. Haven't figured out how to get it to connect again yet. Am flying out of town tomorrow for work, but will probably have the laptop along and will continue to try and get it sorted out.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 04 July 2011 - 11:51 PM

Let me know....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Tempestus

Tempestus
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota/Iowa USA
  • Local time:07:27 PM

Posted 07 July 2011 - 07:47 AM

ok, so i ran the kaspersky, and it removed about 20. i tried to get back online, and found that i could no longer access my wireless, so i did not see to get the report. I am on a wired network now, and ran kaspersky again. it did not find anything new this time.
So some stuff got removed, but i do not know what.
What should i try and see next?
I'll figure out the wireless after things are back up and running.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 PM

Posted 07 July 2011 - 07:40 PM

What's the story with your AV program?
You mentioned MSE and I can see some Norton's leftovers, but I don't really see anything running.

I really wanted to see Kaspersky's tool report.
Do you still have it?

Can you post fresh RKUnhooker log?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users