Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill, MBAM, FixExe all fail


  • This topic is locked This topic is locked
13 replies to this topic

#1 g0dsweed

g0dsweed

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 09 August 2011 - 10:25 PM

Running Windows XP Home SP3 on a friends computer that started with the following problem:

When I first got the machine all files were on desktop but responded with a "what would you like to do with this file" message box. After running what appeared to be a successful rkill, MBAM failed at quick scan. Reboot, retry rkill and run Eset (I think that is the name). Found dozens of corrupted files, restart, and the "what would you like to do" problem is gone.

All internet browsers still redirect to spam and sites full of crap. Proxy settings have been checked, no apparent proxy settings. Run rkill and reinstall MBAM, again crashes after few seconds of quick scan. I retry all of this in safe mode, same result.

Try to run rkill and install various other AV and malware detectors. All either fail or slow to a crawl that would require days to run. I return to these forums for help. I have tried fixexe.reg, rkill (under every renaming convention), tried unhide, tried exeHelper. All result in MBAM failure.

I returned to this forum again and read "can't run Mbam" posting and tried everything there, NO CHANGE. Except for some reason I could not get the randomized EXE link to work, even after clearing cookies and cache. But I do not think that is going to solve the problem anyway. I have tried renaming the MBAM exe with no success.

I have downloaded ComboFix but figured I would come here first for suggestions.

Do not know if this is connected but last reboot came up with ATTRIB warning and to run chkdsk, PC will not boot to command prompt and using CMD and instructing to run chkdsk at reboot does not work, surprise surprise.

No apparent fake AV software has presented itself. Files on desktop are not disappearing. They do however usually turn to the generic window icon after installation, specifically MBAM installs.

Thanks for any advice.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 09 August 2011 - 10:43 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2011 - 07:33 PM

Thanks so much for you the input. Here are the results, long story short, lots of failures and seemingly no head way.

First error after running Security Check:

“The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll”

Security check log:
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

Same error with MiniToolBox.

Also this one: The ordinal 1108 could not be located in the DLL wsock32.dll. This repeated twice.

MiniToolBox log:

MiniToolBox by Farbar
Ran by ramon somoano (administrator) on 27-08-2004 at 23:30:48
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
Hosts file not detected in the default diroctory========================= IP Configuration: ================================The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.
Windows IP Configuration Host Name . . . . . . . . . . . . : DH3FFM51 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-11-11-62-DF-F6 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Friday, August 27, 2004 11:23:05 PM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PMPinging google.com [74.125.47.99] with 32 bytes of data:Reply from 74.125.47.99: bytes=32 time=43ms TTL=53Reply from 74.125.47.99: bytes=32 time=28ms TTL=53Ping statistics for 74.125.47.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 28ms, Maximum = 43ms, Average = 35msPinging yahoo.com [72.30.2.43] with 32 bytes of data:Reply from 72.30.2.43: bytes=32 time=85ms TTL=53Reply from 72.30.2.43: bytes=32 time=84ms TTL=53Ping statistics for 72.30.2.43: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 84ms, Maximum = 85ms, Average = 84msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 62 df f6 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.8 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.8 192.168.2.8 20
192.168.2.0 255.255.255.0 192.168.2.8 192.168.2.8 20
192.168.2.8 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.8 192.168.2.8 20
224.0.0.0 240.0.0.0 192.168.2.8 192.168.2.8 20
255.255.255.255 255.255.255.255 192.168.2.8 192.168.2.8 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2004 05:57:26 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to uninstall service

Error: (08/26/2004 05:50:29 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1848850864.

Error: (08/26/2004 05:50:20 AM) (Source: Application Hang) (User: )
Description: Hanging application AvastUI.exe, version 5.0.545.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/26/2004 04:34:36 AM) (Source: MsiInstaller) (User: ramon somoano)ramon somoano
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (08/26/2004 04:34:36 AM) (Source: MsiInstaller) (User: ramon somoano)ramon somoano
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (08/26/2004 04:34:35 AM) (Source: MsiInstaller) (User: ramon somoano)ramon somoano
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (08/26/2004 04:34:34 AM) (Source: MsiInstaller) (User: ramon somoano)ramon somoano
Description: Product: ESET NOD32 Antivirus -- Error 1404. Could not delete key \Software\ESET\ESET Security\CurrentVersion\Plugins\01000103\Profiles\@My profile. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (08/26/2004 04:34:26 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (08/26/2004 04:34:26 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/26/2004 04:34:26 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (08/27/2004 11:28:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
epfwtdir

Error: (08/27/2004 11:24:22 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Ad-Aware
Ad-Aware (Version: 8.1.1)
Adobe AIR (Version: 2.7.0.19530)
Adobe Download Assistant (Version: 1.0.2)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader 7.0.9 (Version: 7.0.9)
America Online (Choose which version to remove)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ASIO4ALL
AudibleManager (Version: 2147311616.2147348480.1344072.1244472)
AutocompletePro
Avanquest update (Version: 1.17)
AVI Codec Pack
AviSynth 2.5
Banctec Service Agreement (Version: 1.00.00)
BitTorrent (Version: 7.2.0)
Bonjour (Version: 2.0.4.0)
CDDRV_Installer (Version: 4.60)
Coupon Printer for Windows (Version: 4.0)
Creative MediaSource
Creative System Information
Dell Digital Jukebox Driver
Dell Networking Guide (Version: 1.00.0001)
Dell ResourceCD
Dell Solution Center (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
DellSupport (Version: 6.0.3062)
erLT (Version: 1.20.0137)
ffdshow [rev 1443] [2007-08-29] (Version: 1.0)
Film Factory Lite
FL Studio 9
FLV Player 2.0, build 23 (Version: 2.0, build 23)
Free Audio Editor
GIMP 2.6.11 (Version: 2.6.11)
GMI (Version: 1.00.0000)
Google Chrome (Version: 13.0.782.107)
Google Earth (Version: 3.0.0762)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.1920.1238)
Google Update Helper (Version: 1.3.21.57)
Hardcore
Help and Support Customization (Version: 1.00.0000)
IL Download Manager
InstallIQ Updater (Version: 1.4.1.0)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
Internet Explorer Default Page (Version: 1.00.03)
J2SE Runtime Environment 5.0 Update 1 (Version: 1.5.0.10)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 2 (Version: 1.5.0.20)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 14.0.8117.416)
KhalInstallWrapper (Version: 2.00.0000)
Learn2 Player (Uninstall Only)
Lexmark 2600 Series
Lexmark Fax Solutions
Lexmark Toolbar (Version: 4.13.37.0)
Logitech Gaming Software (Version: 4.30)
Logitech SetPoint (Version: 4.80)
Madden NFL 08
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MLB 2K10 (Version: 1.0.0)
MLB 2K9 (Version: 1.0.0)
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
Motorola Driver Installation (Version: 2.7.2)
Motorola Phone Tools (Version: 4.3.6c 10-23-2006)
Motorola Phone Tools (Version: 4.30)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSN Music Assistant
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My DSC
myYearbook Toolbar
NHL® 09 (Version: 2.0.1.0)
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 4.0-04-11-28-01
OpenMG Secure Module 4.0.05 (Version: 4.0.05.10290)
PABC.exe custom database
Ploose
PowerDVD 5.1
PowerISO (Version: 4.7)
PSP Video Express(remove only)
QuickTime (Version: 7.69.80.9)
RatchetDeadlocked Screen Saver
RatchetDeadlocked2 Screen Saver
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Road Runner Medic 5.4
Sawer
Screensavers Installer
Segoe UI (Version: 14.0.4327.805)
Setup Support for RelevantKnowledge 1.0 (Version: 1.0)
Shockwave
Simppull Toolbar (Version: 1.0.0.25)
Sonic DLA (Version: 4.90)
Sonic RecordNow! (Version: 7.10)
Sonic Update Manager (Version: 2.9)
SonicStage
Sound Blaster Audigy 2
Surf Canyon Search Engine Assistant (Version: 3.2.0)
Toxic Biohazard
TWC Client ActiveX Controls (Version: 11)
UltimaDownloads
VDownloader 2.10.509.2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
vixy converter uninstall (Version: 1.0)
vShare Plugin
WebFldrs XP (Version: 9.50.6513)
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 15.5 (Version: 15.5.9510)
WordPerfect Office 12 (Version: 12.0.0.238)
Yahoo! Software Update
Yahoo! Toolbar
YVD

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 510.98 MB
Available physical RAM: 224.88 MB
Total Pagefile: 1248.79 MB
Available Pagefile: 1011.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.3 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.01 GB) (Free:1.7 GB) NTFS
6 Drive g: (PENDRIVE) (Removable) (Total:3.76 GB) (Free:1.78 GB) FAT32

========================= Users: ========================================

User accounts for \\DH3FFM51

Administrator ASPNET daniel s
Guest HelpAssistant lily s
ramon s SUPPORT_388945a0 SUPPORT_3f151ab9


== End of log ==

After reboot into Safe Mode, failed. Only works in “with Networking mode.” Also, link to SuperAnti is dead shortcut.

After re-install of Super Anti Spyware crashes and dies. Before dieing I saw “Rogue Total secure” (09 I think) and “Trojan Media codec (V4 I think).

GMER crashed and died. The desktop now has 2 instances of GMER files that are untouchable, I can not delete them or launch them.

Good god this seems to be a monster I have never encountered...

Edited by g0dsweed, 10 August 2011 - 08:17 PM.


#4 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2011 - 07:54 PM

Sorry need to add this:

Ran GMER in safe mode with networking. It crashed and died after un-selecting "devices". Saw this prior to crash TLD4@MBR.

Hope this helps. Sorry if this post appears more than once...Chrome issues...

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 10 August 2011 - 08:32 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2011 - 11:05 PM

2004/08/28 03:12:32.0921 0568 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2004/08/28 03:12:32.0937 0568 ================================================================================
2004/08/28 03:12:32.0937 0568 SystemInfo:
2004/08/28 03:12:32.0937 0568
2004/08/28 03:12:32.0953 0568 OS Version: 5.1.2600 ServicePack: 3.0
2004/08/28 03:12:32.0953 0568 Product type: Workstation
2004/08/28 03:12:32.0953 0568 ComputerName: DH3FFM51
2004/08/28 03:12:32.0953 0568 UserName: ramon somoano
2004/08/28 03:12:32.0953 0568 Windows directory: C:\WINDOWS
2004/08/28 03:12:32.0953 0568 System windows directory: C:\WINDOWS
2004/08/28 03:12:32.0953 0568 Processor architecture: Intel x86
2004/08/28 03:12:32.0953 0568 Number of processors: 1
2004/08/28 03:12:32.0953 0568 Page size: 0x1000
2004/08/28 03:12:32.0953 0568 Boot type: Normal boot
2004/08/28 03:12:32.0953 0568 ================================================================================
2004/08/28 03:12:33.0984 0568 Initialize success
2004/08/28 03:12:42.0203 1104 ================================================================================
2004/08/28 03:12:42.0203 1104 Scan started
2004/08/28 03:12:42.0203 1104 Mode: Manual;
2004/08/28 03:12:42.0203 1104 ================================================================================
2004/08/28 03:12:43.0203 1104 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2004/08/28 03:12:43.0281 1104 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2004/08/28 03:12:43.0359 1104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2004/08/28 03:12:43.0437 1104 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2004/08/28 03:12:43.0515 1104 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2004/08/28 03:12:43.0578 1104 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2004/08/28 03:12:43.0656 1104 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2004/08/28 03:12:43.0718 1104 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2004/08/28 03:12:43.0781 1104 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2004/08/28 03:12:43.0828 1104 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2004/08/28 03:12:43.0906 1104 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2004/08/28 03:12:43.0953 1104 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2004/08/28 03:12:44.0031 1104 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2004/08/28 03:12:44.0093 1104 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2004/08/28 03:12:44.0140 1104 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2004/08/28 03:12:44.0218 1104 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2004/08/28 03:12:44.0328 1104 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2004/08/28 03:12:44.0390 1104 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2004/08/28 03:12:44.0437 1104 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2004/08/28 03:12:44.0500 1104 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2004/08/28 03:12:44.0593 1104 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2004/08/28 03:12:44.0671 1104 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2004/08/28 03:12:44.0765 1104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2004/08/28 03:12:44.0828 1104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2004/08/28 03:12:44.0921 1104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2004/08/28 03:12:45.0015 1104 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2004/08/28 03:12:45.0125 1104 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2004/08/28 03:12:45.0171 1104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2004/08/28 03:12:45.0265 1104 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2004/08/28 03:12:45.0328 1104 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2004/08/28 03:12:45.0390 1104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2004/08/28 03:12:45.0453 1104 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2004/08/28 03:12:45.0500 1104 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2004/08/28 03:12:45.0625 1104 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2004/08/28 03:12:45.0718 1104 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2004/08/28 03:12:45.0828 1104 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
2004/08/28 03:12:45.0921 1104 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
2004/08/28 03:12:46.0000 1104 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2004/08/28 03:12:46.0062 1104 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2004/08/28 03:12:46.0109 1104 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2004/08/28 03:12:46.0187 1104 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2004/08/28 03:12:46.0250 1104 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2004/08/28 03:12:46.0328 1104 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
2004/08/28 03:12:46.0421 1104 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2004/08/28 03:12:46.0531 1104 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2004/08/28 03:12:46.0609 1104 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2004/08/28 03:12:46.0671 1104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2004/08/28 03:12:46.0765 1104 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2004/08/28 03:12:46.0812 1104 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2004/08/28 03:12:46.0906 1104 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2004/08/28 03:12:46.0984 1104 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2004/08/28 03:12:47.0046 1104 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2004/08/28 03:12:47.0203 1104 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2004/08/28 03:12:47.0281 1104 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2004/08/28 03:12:47.0359 1104 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2004/08/28 03:12:47.0750 1104 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2004/08/28 03:12:47.0828 1104 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
2004/08/28 03:12:48.0000 1104 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2004/08/28 03:12:48.0078 1104 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2004/08/28 03:12:48.0125 1104 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2004/08/28 03:12:48.0203 1104 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2004/08/28 03:12:48.0250 1104 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2004/08/28 03:12:48.0359 1104 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2004/08/28 03:12:48.0406 1104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2004/08/28 03:12:48.0468 1104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2004/08/28 03:12:48.0531 1104 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2004/08/28 03:12:48.0656 1104 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2004/08/28 03:12:48.0750 1104 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
2004/08/28 03:12:48.0828 1104 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2004/08/28 03:12:48.0921 1104 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2004/08/28 03:12:49.0015 1104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2004/08/28 03:12:49.0078 1104 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2004/08/28 03:12:49.0140 1104 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2004/08/28 03:12:49.0218 1104 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2004/08/28 03:12:49.0296 1104 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2004/08/28 03:12:49.0375 1104 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2004/08/28 03:12:49.0468 1104 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2004/08/28 03:12:49.0531 1104 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2004/08/28 03:12:49.0609 1104 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2004/08/28 03:12:49.0671 1104 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2004/08/28 03:12:49.0718 1104 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2004/08/28 03:12:49.0765 1104 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2004/08/28 03:12:49.0859 1104 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2004/08/28 03:12:49.0921 1104 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2004/08/28 03:12:50.0015 1104 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2004/08/28 03:12:50.0093 1104 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2004/08/28 03:12:50.0218 1104 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2004/08/28 03:12:50.0343 1104 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2004/08/28 03:12:50.0421 1104 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2004/08/28 03:12:50.0484 1104 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2004/08/28 03:12:50.0531 1104 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2004/08/28 03:12:50.0593 1104 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2004/08/28 03:12:50.0656 1104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2004/08/28 03:12:50.0703 1104 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2004/08/28 03:12:50.0781 1104 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2004/08/28 03:12:50.0843 1104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2004/08/28 03:12:50.0937 1104 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2004/08/28 03:12:51.0000 1104 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2004/08/28 03:12:51.0093 1104 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2004/08/28 03:12:51.0140 1104 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2004/08/28 03:12:51.0234 1104 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2004/08/28 03:12:51.0312 1104 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2004/08/28 03:12:51.0375 1104 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2004/08/28 03:12:51.0437 1104 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2004/08/28 03:12:51.0531 1104 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2004/08/28 03:12:51.0593 1104 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2004/08/28 03:12:51.0703 1104 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2004/08/28 03:12:51.0765 1104 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2004/08/28 03:12:51.0828 1104 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2004/08/28 03:12:51.0953 1104 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2004/08/28 03:12:52.0046 1104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2004/08/28 03:12:52.0125 1104 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2004/08/28 03:12:52.0218 1104 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2004/08/28 03:12:52.0296 1104 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2004/08/28 03:12:52.0375 1104 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2004/08/28 03:12:52.0468 1104 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2004/08/28 03:12:52.0562 1104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2004/08/28 03:12:52.0640 1104 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2004/08/28 03:12:52.0750 1104 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2004/08/28 03:12:52.0796 1104 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2004/08/28 03:12:52.0921 1104 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2004/08/28 03:12:53.0062 1104 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2004/08/28 03:12:53.0140 1104 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2004/08/28 03:12:53.0218 1104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2004/08/28 03:12:53.0281 1104 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2004/08/28 03:12:53.0375 1104 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2004/08/28 03:12:53.0437 1104 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2004/08/28 03:12:53.0500 1104 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2004/08/28 03:12:53.0578 1104 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2004/08/28 03:12:53.0640 1104 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2004/08/28 03:12:53.0703 1104 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2004/08/28 03:12:53.0781 1104 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2004/08/28 03:12:53.0828 1104 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2004/08/28 03:12:53.0875 1104 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2004/08/28 03:12:53.0984 1104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2004/08/28 03:12:54.0031 1104 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2004/08/28 03:12:54.0093 1104 NetBT (c8f29622fa4846fdefcea0c381a260d0) C:\WINDOWS\system32\DRIVERS\netbt.sys
2004/08/28 03:12:54.0109 1104 NetBT - detected Rootkit.Win32.ZAccess.c (0)
2004/08/28 03:12:54.0203 1104 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2004/08/28 03:12:54.0265 1104 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2004/08/28 03:12:54.0328 1104 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2004/08/28 03:12:54.0406 1104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2004/08/28 03:12:54.0531 1104 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2004/08/28 03:12:54.0640 1104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2004/08/28 03:12:54.0718 1104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2004/08/28 03:12:54.0781 1104 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2004/08/28 03:12:54.0859 1104 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2004/08/28 03:12:54.0968 1104 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
2004/08/28 03:12:55.0046 1104 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2004/08/28 03:12:55.0093 1104 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2004/08/28 03:12:55.0156 1104 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2004/08/28 03:12:55.0218 1104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2004/08/28 03:12:55.0265 1104 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2004/08/28 03:12:55.0359 1104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2004/08/28 03:12:55.0437 1104 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2004/08/28 03:12:55.0656 1104 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2004/08/28 03:12:55.0734 1104 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2004/08/28 03:12:55.0843 1104 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
2004/08/28 03:12:55.0921 1104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2004/08/28 03:12:55.0984 1104 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2004/08/28 03:12:56.0046 1104 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2004/08/28 03:12:56.0093 1104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2004/08/28 03:12:56.0187 1104 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2004/08/28 03:12:56.0234 1104 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2004/08/28 03:12:56.0296 1104 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2004/08/28 03:12:56.0359 1104 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2004/08/28 03:12:56.0421 1104 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2004/08/28 03:12:56.0484 1104 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2004/08/28 03:12:56.0546 1104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2004/08/28 03:12:56.0625 1104 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2004/08/28 03:12:56.0703 1104 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2004/08/28 03:12:56.0750 1104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2004/08/28 03:12:56.0796 1104 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2004/08/28 03:12:56.0843 1104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2004/08/28 03:12:56.0937 1104 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2004/08/28 03:12:57.0015 1104 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2004/08/28 03:12:57.0078 1104 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2004/08/28 03:12:57.0234 1104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2004/08/28 03:12:57.0281 1104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2004/08/28 03:12:57.0359 1104 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2004/08/28 03:12:57.0468 1104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2004/08/28 03:12:57.0562 1104 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2004/08/28 03:12:57.0609 1104 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2004/08/28 03:12:57.0687 1104 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2004/08/28 03:12:57.0828 1104 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2004/08/28 03:12:57.0937 1104 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2004/08/28 03:12:58.0062 1104 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2004/08/28 03:12:58.0140 1104 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2004/08/28 03:12:58.0234 1104 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2004/08/28 03:12:58.0312 1104 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2004/08/28 03:12:58.0421 1104 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2004/08/28 03:12:58.0500 1104 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2004/08/28 03:12:58.0562 1104 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2004/08/28 03:12:58.0625 1104 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2004/08/28 03:12:58.0671 1104 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2004/08/28 03:12:58.0750 1104 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2004/08/28 03:12:58.0828 1104 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2004/08/28 03:12:58.0921 1104 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2004/08/28 03:12:58.0984 1104 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2004/08/28 03:12:59.0046 1104 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2004/08/28 03:12:59.0109 1104 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2004/08/28 03:12:59.0234 1104 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2004/08/28 03:12:59.0312 1104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2004/08/28 03:12:59.0375 1104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2004/08/28 03:12:59.0421 1104 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2004/08/28 03:12:59.0531 1104 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2004/08/28 03:12:59.0578 1104 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2004/08/28 03:12:59.0625 1104 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2004/08/28 03:12:59.0687 1104 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
2004/08/28 03:12:59.0734 1104 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2004/08/28 03:12:59.0781 1104 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2004/08/28 03:12:59.0843 1104 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2004/08/28 03:12:59.0921 1104 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2004/08/28 03:12:59.0984 1104 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2004/08/28 03:13:00.0140 1104 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2004/08/28 03:13:00.0234 1104 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2004/08/28 03:13:00.0296 1104 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2004/08/28 03:13:00.0390 1104 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2004/08/28 03:13:00.0484 1104 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2004/08/28 03:13:00.0578 1104 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2004/08/28 03:13:00.0625 1104 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2004/08/28 03:13:00.0687 1104 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2004/08/28 03:13:00.0734 1104 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2004/08/28 03:13:00.0781 1104 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2004/08/28 03:13:00.0859 1104 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2004/08/28 03:13:00.0937 1104 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2004/08/28 03:13:01.0000 1104 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2004/08/28 03:13:01.0046 1104 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2004/08/28 03:13:01.0140 1104 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2004/08/28 03:13:01.0203 1104 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2004/08/28 03:13:01.0281 1104 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2004/08/28 03:13:01.0359 1104 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2004/08/28 03:13:01.0437 1104 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2004/08/28 03:13:01.0531 1104 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2004/08/28 03:13:01.0656 1104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2004/08/28 03:13:01.0781 1104 WmBEnum (671db6a9b772b807721147c28faf760f) C:\WINDOWS\system32\drivers\WmBEnum.sys
2004/08/28 03:13:01.0859 1104 WmFilter (cffe18db8140b00335221907a694dd01) C:\WINDOWS\system32\drivers\WmFilter.sys
2004/08/28 03:13:01.0968 1104 WmVirHid (2e17ea3b132963e3c07d50d68d2df54e) C:\WINDOWS\system32\drivers\WmVirHid.sys
2004/08/28 03:13:02.0031 1104 WmXlCore (0ece3bb49eb9ee42c411a0f1ec39dda9) C:\WINDOWS\system32\drivers\WmXlCore.sys
2004/08/28 03:13:02.0125 1104 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2004/08/28 03:13:02.0218 1104 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2004/08/28 03:13:02.0296 1104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2004/08/28 03:13:02.0359 1104 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2004/08/28 03:13:02.0375 1104 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2004/08/28 03:13:02.0406 1104 Boot (0x1200) (975f033fa50e4c16ad58c4056d252007) \Device\Harddisk0\DR0\Partition0
2004/08/28 03:13:02.0406 1104 ================================================================================
2004/08/28 03:13:02.0406 1104 Scan finished
2004/08/28 03:13:02.0406 1104 ================================================================================
2004/08/28 03:13:02.0437 1796 Detected object count: 2
2004/08/28 03:13:02.0437 1796 Actual detected object count: 2
2004/08/28 03:13:11.0343 1796 NetBT (c8f29622fa4846fdefcea0c381a260d0) C:\WINDOWS\system32\DRIVERS\netbt.sys
2004/08/28 03:13:11.0343 1796 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
2004/08/28 03:13:14.0484 1796 Backup copy found, using it..
2004/08/28 03:13:14.0515 1796 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2004/08/28 03:13:14.0515 1796 Rootkit.Win32.ZAccess.c(NetBT) - User select action: Cure
2004/08/28 03:13:14.0578 1796 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2004/08/28 03:13:14.0578 1796 \Device\Harddisk0\DR0 - ok
2004/08/28 03:13:14.0578 1796 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2004/08/28 03:13:30.0296 0560 Deinitialize success

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 10 August 2011 - 11:09 PM

Good :)

See, if MBAM will update and run now.
If so post its log.

Also...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2011 - 11:29 PM

Regular boot: Clean install of MBAM failed update and crashed at scan.

Results of Unhooker:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3338240 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.02 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7E7F000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1265664 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 )
0xF7CFD000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xEE7A0000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 774144 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF7C68000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF7AE3000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8461000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE4A0000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xF7BF8000 C:\WINDOWS\system32\drivers\ctaud2k.sys 458752 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xEE543000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7A5D000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE672000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEDA4D000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF341000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xED069000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF85A7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEDBE5000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8434000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7BA9000 C:\WINDOWS\system32\drivers\ctoss2k.sys 176128 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xECEAE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE5B3000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7B85000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xECE8A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7BD4000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7E47000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7E24000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE650000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEE5DE000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEE746000 C:\WINDOWS\System32\drivers\ctac32k.sys 131072 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF853F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xEE726000 C:\WINDOWS\System32\drivers\hap16v2k.sys 131072 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xEE766000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 126976 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF8577000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEE785000 C:\WINDOWS\System32\drivers\emupia2k.sys 110592 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF841A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEDF23000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xEDF0A000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF855F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEE488000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8501000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7ACC000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF8518000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEDF3C000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
0xED948000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7B71000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7E6B000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE6CB000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF84EE000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF852D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8596000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7ABB000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8766000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8856000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF86A6000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8666000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8796000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8756000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8736000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8726000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF8646000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF8866000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEDB05000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7FD4000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8676000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF86E6000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF8636000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8044000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8616000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF87A6000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xEE8E5000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF8024000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8686000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF86F6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8846000 C:\WINDOWS\system32\drivers\Imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8606000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8034000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7FF4000 C:\WINDOWS\system32\drivers\WmXlCore.sys 45056 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xEE885000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF85F6000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7FE4000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xED88D000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF8004000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
!!!!!!!!!!!Hidden driver: 0xF8826000 4171534776 36864 bytes
0xECEF9000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8626000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8786000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8716000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8014000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF86B6000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8656000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7FB4000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8706000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8966000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF896E000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF88C6000 C:\WINDOWS\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF89CE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF894E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF89BE000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF89D6000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8936000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8876000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF898E000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8976000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8906000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF895E000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0xF89C6000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF890E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8956000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF892E000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF89B6000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF893E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88FE000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF891E000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8946000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8916000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF887E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88EE000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88F6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88E6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF897E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEE6FE000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8AAE000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF83DD000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEDE42000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xEDAE5000 C:\WINDOWS\System32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF8AEA000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEE63C000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8A06000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEE638000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEE706000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8AC6000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF8AC2000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF83E5000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8AD2000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF83D9000 C:\WINDOWS\system32\drivers\WmBEnum.sys 12288 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver )
0xF8B38000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF8B46000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B34000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF8B82000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF8B52000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B44000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8AF6000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B48000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B7A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8B4A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B36000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8B3A000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B5A000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8B42000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8AF8000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D40000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8C36000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8D07000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xF8CC4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8BBE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8D24000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8D23000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
!!!!!!!!!!!Hidden driver: 0xF874C9D0 00000715 1584 bytes
0xF874C9D0 unknown_irp_handler 1584 bytes
==============================================
>Stealth
==============================================
0xF874C693 Unknown page with executable code, 2413 bytes
0xF8749617 Unknown page with executable code, 2537 bytes
0xF874D53F Unknown page with executable code, 2753 bytes
0xF87494E6 Unknown page with executable code, 2842 bytes
0xF882AD20 Unknown thread object [ ETHREAD 0x831035C0 ] TID: 120, 600 bytes
0xF874E105 Unknown thread object [ ETHREAD 0x83103170 ] TID: 124, 600 bytes
WARNING: Virus alike driver modification [serial.sys]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 10 August 2011 - 11:31 PM

Re-run TDSSKiller one more time.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 10 August 2011 - 11:46 PM

Jeez.

Now TDSS does not work. Old link dies. Can not delete, rename or move. "Access denied"

Placed another copy on desktop with slight name change. Crashed almost instantly.

Thanks again for the help, even though we are getting nowhere...

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 11 August 2011 - 04:06 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 11 August 2011 - 06:53 PM

Tried FixTDSS, after reboot I get BSOD with the following errors:


0x0000007e
0xc0000005
0xf8770ebb
0xf8a49534
0xf8a49230

PC only reboots with safe mode with networking or "with last known good configuration" and FixTDSS says it failed. Tried once more and same result.

TDSS icon is not available in safe mode or I would try FixTDSS that way, but...

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 AM

Posted 11 August 2011 - 06:56 PM

Well we'll need to employ some higher powers here...

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:33 AM

Posted 12 August 2011 - 01:14 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic413988.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users