Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Performance Solution Hotrevenue and others


  • This topic is locked This topic is locked
25 replies to this topic

#1 444

444

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 28 September 2011 - 04:10 PM

I get this message every 10 minutes or so that Internet Explorer needs to close, I uninstalled IE a few years ago. Whats worse is sometimes I get these talking ads that come up even when I don't have any programs open. It's usually more prevalent when I play games. There's three programs in the add/remove program menu that I'm suspicious of: Mirar, Ron Too1 Du-Little, and Performance Solution Hotrevenue. The only one I attempted to uninstall was Mirar, and then it said I needed to download something to delete it. I get a rundll error at startup every time. The exact message is "Error Loading C:\windows\xccdf16_090131a.dll The specified module could not be found." Also, my PC will make a single boop sound and then it'll freeze up, forcing me to restart, but this rarely happens.


I tried to open gmer, but it freezes at the main window, and I have to close it.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 03 October 2011 - 04:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420952 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 04 October 2011 - 11:57 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 October 2011 - 12:13 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Curtis at 13:04:04 on 2011-10-05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.194 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\tcntqsdh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\DOCUME~1\Curtis\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\Curtis\LOCALS~1\Temp\4186608047.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://by140w.bay140.mail.live.com/mail/mail.aspx?wa=wsignin1.0&n=463198722
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
BHO: c:\windows\system32\gsf83iujid.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\gsf83iujid.dll
BHO: {df7cdfc9-71db-44db-9163-3b6e486019fb} - c:\windows\system32\senifetu.dll
TB: Mirar: {acbe7720-63cf-44ba-a082-3c987605ec5c} - c:\windows\system32\WINPC77.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [tezrtsjhfr84iusjfo84f] c:\docume~1\curtis\locals~1\temp\csrssc.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Windows System Recover!] c:\docume~1\curtis\locals~1\temp\notepad.exe
uRun: [Diagnostic Manager] c:\docume~1\curtis\locals~1\temp\4186608047.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [jsf8uiw3jnjgffght] c:\docume~1\curtis\locals~1\temp\winlognn.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [18246094] c:\documents and settings\all users\application data\18246094\18246094.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Gsalalegacudeze] rundll32.exe "c:\windows\Onamihevurijanox.dll",e
mRun: [Nyogo] rundll32.exe "c:\windows\ogurawaxozuvovep.dll",e
mRun: [bubihelaro] Rundll32.exe "c:\windows\system32\gafuhelu.dll",s
mRun: [ExploreUpdSched] c:\windows\system32\tcntqsdh.exe DWmmm01FF
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
StartupFolder: c:\docume~1\curtis\startm~1\programs\startup\deewoo.lnk - c:\windows\system32\tcntqsdh.exe
StartupFolder: c:\docume~1\curtis\startm~1\programs\startup\dw_start.lnk - c:\windows\system32\rqwnw64p.exe
StartupFolder: c:\docume~1\curtis\startm~1\programs\startup\gamesp~1.lnk - c:\program files\gamespot\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196448962562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 151.203.0.85 151.203.0.84
TCP: Interfaces\{F46D448B-B6F5-40EF-A4CD-0898A6AAE7DC} : DhcpNameServer = 151.203.0.85 151.203.0.84
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ,cadbzh.dll,c:\windows\system32\yaromido.dll,c:\docume~1\curtis\locals~1\temp\875734917mmx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hsfd83jfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hsfd83jfdg.dll
STS: c:\windows\system32\gsf83iujid.dll: {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\gsf83iujid.dll
LSA: Notification Packages = scecli c:\windows\system32\yaromido.dll
IFEO: a.exe - c:\windows\system32\alg.exe
IFEO: matrix31290.exe - c:\windows\system32\alg.exe
IFEO: ~tmpa.exe - c:\windows\system32\alg.exe
IFEO: ~tmpb.exe - c:\windows\system32\alg.exe
IFEO: ~tmpc.exe - c:\windows\system32\alg.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\curtis\application data\mozilla\firefox\profiles\w3nsgtt7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www11.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://www11.yoog.com/search.php?q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XUL Cache: {8506433A-5264-4294-AC57-2ACDD66F7699} - c:\documents and settings\curtis\local settings\application data\{8506433A-5264-4294-AC57-2ACDD66F7699}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www11.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www11.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-19 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-19 243152]
R1 fipss;fipss;c:\windows\system32\drivers\fipss.sys [2008-12-5 86272]
R2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2004-8-10 185344]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-11-7 308136]
R2 BtwSvc;BtwSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-12-29 20736]
S0 qfpdqhaj;qfpdqhaj;c:\windows\system32\drivers\lkfgahwh.sys []
S1 28bab381;28bab381;c:\windows\system32\drivers\28bab381.sys [2009-2-14 0]
S1 e5e79e6f;e5e79e6f;c:\windows\system32\drivers\e5e79e6f.sys [2009-7-9 0]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 cmdService;Command Service;c:\windows\lg\command.exe --> c:\windows\lg\command.exe [?]
S2 fastnetsrv;fastnetsrv Service;c:\windows\system32\fastnetsrv.exe --> c:\windows\system32\FastNetSrv.exe [?]
S2 mabidwe;mabidwe Service;c:\windows\system32\mabidwe.exe --> c:\windows\system32\mabidwe.exe [?]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 Network Monitor;Network Monitor;c:\program files\network monitor\netmon.exe service --> c:\program files\network monitor\netmon.exe service [?]
S2 noytcyr;noytcyr Service;c:\windows\system32\noytcyr.exe --> c:\windows\system32\noytcyr.exe [?]
S2 peresvc;peresvc Service;c:\windows\system32\peresvc.exe --> c:\windows\system32\PereSvc.exe [?]
S2 roytctm;roytctm Service;c:\windows\system32\roytctm.exe --> c:\windows\system32\roytctm.exe [?]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe --> c:\windows\system32\sopidkc.exe [?]
S2 soxpeca;soxpeca Service;c:\windows\system32\soxpeca.exe --> c:\windows\system32\soxpeca.exe [?]
S2 tdydowkc;tdydowkc Service;c:\windows\system32\tdydowkc.exe --> c:\windows\system32\tdydowkc.exe [?]
S2 wsldoekd;wsldoekd Service;c:\windows\system32\wsldoekd.exe --> c:\windows\system32\wsldoekd.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-11-7 947528]
.
=============== Created Last 30 ================
.
2011-09-28 20:53:33 1184 ----a-w- c:\windows\igonipavurogehu.dll
2011-09-28 20:09:36 548934 ----a-w- c:\windows\system32\tcntqsdh.exe
2011-09-28 19:38:35 1186 ----a-w- c:\windows\ozujogan.dll
2011-09-28 17:26:33 1190 ----a-w- c:\windows\ixobecerisubaca.dll
2011-09-28 16:20:34 1190 ----a-w- c:\windows\ugoxaqakoy.dll
2011-09-27 05:03:06 1198 ----a-w- c:\windows\ewevevamiwokoj.dll
2011-09-27 04:16:32 2098 --sh--w- c:\windows\system32\lovebise.exe
2011-09-27 02:51:06 1194 ----a-w- c:\windows\enacuvuhoxuquxoj.dll
2011-09-27 01:45:06 1192 ----a-w- c:\windows\ozuzukohoma.dll
2011-09-27 00:39:05 1192 ----a-w- c:\windows\osumerujomu.dll
2011-09-26 23:33:05 1192 ----a-w- c:\windows\onutepopegogaj.dll
2011-09-26 22:27:04 1186 ----a-w- c:\windows\ahikokupujaxa.dll
2011-09-26 00:50:56 1190 ----a-w- c:\windows\izineniq.dll
2011-09-25 23:44:56 1192 ----a-w- c:\windows\egafotoc.dll
2011-09-25 22:38:56 1190 ----a-w- c:\windows\anudatod.dll
2011-09-25 21:32:56 1200 ----a-w- c:\windows\uviwinaq.dll
2011-09-25 21:00:49 1192 ----a-w- c:\windows\aqidakoko.dll
2011-09-25 19:54:46 1186 ----a-w- c:\windows\ejuporereweril.dll
2011-09-24 00:59:14 1190 ----a-w- c:\windows\afujukoz.dll
2011-09-23 23:53:13 1198 ----a-w- c:\windows\izaxovabuyud.dll
2011-09-23 23:07:01 2098 --sh--w- c:\windows\system32\dijekaha.exe
2011-09-23 22:47:13 1190 ----a-w- c:\windows\uhayirub.dll
2011-09-23 21:41:13 1184 ----a-w- c:\windows\isebakezakoboxa.dll
2011-09-23 20:35:19 1188 ----a-w- c:\windows\ubinipuc.dll
2011-09-23 19:29:13 1190 ----a-w- c:\windows\urulukace.dll
2011-09-23 18:23:13 1192 ----a-w- c:\windows\umuyivoqubub.dll
2011-09-23 17:17:13 1190 ----a-w- c:\windows\erubavuk.dll
2011-09-21 05:33:46 1188 ----a-w- c:\windows\uwunalul.dll
2011-09-21 04:27:46 1190 ----a-w- c:\windows\okelifas.dll
2011-09-21 03:21:46 1190 ----a-w- c:\windows\oduyosam.dll
2011-09-21 02:35:10 2098 --sh--w- c:\windows\system32\lagewigo.exe
2011-09-21 02:15:46 1188 ----a-w- c:\windows\imipexom.dll
2011-09-21 01:09:47 1188 ----a-w- c:\windows\avojofoyejejifi.dll
2011-09-21 00:03:45 1188 ----a-w- c:\windows\ifululin.dll
2011-09-20 22:57:45 1188 ----a-w- c:\windows\ijehefonu.dll
2011-09-20 21:51:45 1196 ----a-w- c:\windows\arovolup.dll
2011-09-20 20:45:46 1184 ----a-w- c:\windows\afoxasux.dll
2011-09-19 04:43:37 1188 ----a-w- c:\windows\apurakip.dll
2011-09-19 03:55:35 1188 ----a-w- c:\windows\emitixivumeged.dll
2011-09-19 02:49:34 1176 ----a-w- c:\windows\iqevozeraz.dll
2011-09-19 02:25:07 1192 ----a-w- c:\windows\ifakixez.dll
2011-09-19 01:19:07 1188 ----a-w- c:\windows\uzeridubayav.dll
2011-09-19 00:13:10 1192 ----a-w- c:\windows\ehegijob.dll
2011-09-18 23:07:07 1188 ----a-w- c:\windows\azefokeyibe.dll
2011-09-18 22:01:07 1192 ----a-w- c:\windows\ebocadic.dll
2011-09-18 20:55:08 1190 ----a-w- c:\windows\arazixoc.dll
2011-09-18 18:43:07 1188 ----a-w- c:\windows\ebatudokawas.dll
2011-09-10 02:14:47 1732 ----a-w- c:\windows\ewujefifinohazoz.dll
2011-09-10 01:08:47 1732 ----a-w- c:\windows\ojogerut.dll
2011-09-10 00:22:29 2098 --sh--w- c:\windows\system32\rubuwata.exe
2011-09-10 00:02:48 1732 ----a-w- c:\windows\igadolem.dll
2011-09-09 22:56:47 1732 ----a-w- c:\windows\eyiwowohonevoz.dll
2011-09-09 21:50:47 1732 ----a-w- c:\windows\iqujelehe.dll
2011-09-09 20:44:48 1732 ----a-w- c:\windows\ipuqoseje.dll
2011-09-09 19:38:47 1732 ----a-w- c:\windows\ujaxeruxilexexe.dll
2011-09-09 18:32:47 1732 ----a-w- c:\windows\atubisovuni.dll
2011-09-08 06:03:22 1732 ----a-w- c:\windows\uzemagab.dll
2011-09-08 04:57:22 1732 ----a-w- c:\windows\ufidafuga.dll
2011-09-08 03:51:21 1732 ----a-w- c:\windows\imizugit.dll
2011-09-08 02:45:21 1732 ----a-w- c:\windows\ibifigoc.dll
2011-09-08 01:39:22 1732 ----a-w- c:\windows\ayagarorohugewu.dll
2011-09-08 00:33:20 1732 ----a-w- c:\windows\imurogodini.dll
2011-09-07 07:56:49 1736 ----a-w- c:\windows\ifegaxelayotevok.dll
2011-09-07 06:50:49 1736 ----a-w- c:\windows\ajadapeqikodado.dll
2011-09-07 05:44:49 1736 ----a-w- c:\windows\ukiwaxozuv.dll
2011-09-07 04:38:49 1736 ----a-w- c:\windows\anizoxufapifov.dll
2011-09-07 03:32:49 1736 ----a-w- c:\windows\ihogodini.dll
2011-09-07 02:46:32 2098 --sh--w- c:\windows\system32\sogumonu.exe
2011-09-07 02:26:49 1736 ----a-w- c:\windows\iwadajugabor.dll
2011-09-07 01:20:50 1736 ----a-w- c:\windows\ofuwiducena.dll
2011-09-07 00:14:49 1736 ----a-w- c:\windows\utuferoc.dll
2011-09-06 23:08:49 1736 ----a-w- c:\windows\oyiqifepuxekuv.dll
2011-09-06 22:02:49 1736 ----a-w- c:\windows\ajididakipipa.dll
2011-09-06 20:56:49 1736 ----a-w- c:\windows\ugubuxerugug.dll
2011-09-06 07:51:41 1732 ----a-w- c:\windows\eqitonud.dll
2011-09-06 06:44:51 1580 ----a-w- c:\windows\ijizelagar.dll
2011-09-06 05:38:51 1580 ----a-w- c:\windows\emefezipahalaf.dll
2011-09-06 04:32:51 1732 ----a-w- c:\windows\axocowopozeka.dll
2011-09-06 03:26:53 1732 ----a-w- c:\windows\onigisohunir.dll
2011-09-06 02:20:51 1732 ----a-w- c:\windows\ayiniwarehe.dll
2011-09-06 00:43:58 1732 ----a-w- c:\windows\ahuburuyaxu.dll
2011-09-05 23:37:58 1732 ----a-w- c:\windows\ekexelay.dll
2011-09-05 22:31:58 1732 ----a-w- c:\windows\aziticabaqeyuhas.dll
2011-09-05 21:25:58 1732 ----a-w- c:\windows\imocohot.dll
2011-09-05 20:19:59 1732 ----a-w- c:\windows\ibohehuc.dll
2011-09-05 19:13:58 1732 ----a-w- c:\windows\ijojukijadu.dll
2011-09-05 18:07:59 1732 ----a-w- c:\windows\ijomahed.dll
.
==================== Find3M ====================
.
2011-10-05 16:48:25 865 ----a-w- c:\windows\system32\winpfz33.sys
2011-09-27 03:57:06 1194 ----a-w- c:\windows\awizonusohomatum.dll
2011-09-06 01:14:51 1732 ----a-w- c:\windows\anitariveha.dll
2011-09-04 05:31:09 1732 ----a-w- c:\windows\apevanuzafavina.dll
2011-09-04 04:25:09 1732 ----a-w- c:\windows\ibemehigat.dll
2011-09-04 03:19:09 1732 ----a-w- c:\windows\ogidegemidaribiy.dll
2011-09-04 02:13:09 1732 ----a-w- c:\windows\ijuzohecewew.dll
2011-09-04 01:07:09 1732 ----a-w- c:\windows\ikumahohewaz.dll
2011-09-04 00:01:09 1732 ----a-w- c:\windows\ifutanekulemuna.dll
2011-09-03 22:55:09 1732 ----a-w- c:\windows\anuruhakucadic.dll
2011-09-03 22:06:54 1732 ----a-w- c:\windows\ojudatodejexij.dll
2011-09-03 21:03:57 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-09-03 21:00:55 1732 ----a-w- c:\windows\oziwinaq.dll
1601-01-01 00:12:31 74537 --sha-w- c:\windows\system32\gafuhelu.dll
1601-01-01 00:12:31 74537 --sha-w- c:\windows\system32\yaromido.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x86351CC3]<< >>UNKNOWN [0xAA2932B6]<<
_asm { JMP 0x23f415f3; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8656CAB8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 13:05:57.90 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2007 1:51:38 PM
System Uptime: 10/5/2011 1:00:40 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 74.175 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: Microsoft eHome Infrared Transceiver
Device ID: IRBUS\VID_0471&PID_0815\6&2E8DD13B&0&0001
Manufacturer: Microsoft
Name: Microsoft eHome Infrared Transceiver
PNP Device ID: IRBUS\VID_0471&PID_0815\6&2E8DD13B&0&0001
Service: HidIr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Agere Systems PCI Soft Modem
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BufferChm
Command
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Company of Heroes
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
Destructive Forces 1.21
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax_CDA
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 5.3
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Impossible Creatures
Intel® Graphics Media Accelerator Driver
iTunes
Linksys Wireless-G PCI Adapter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mirar
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MSXML4 Parser
Network Monitor
NewCopy_CDA
Opera 10.53
Performance Solution Hotrevenue
ProductContextNPI
QuickTime
RCT3 Soaked
Readme
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Registry Easy v5.6
RollerCoaster Tycoon® 3
RON Too1 Du-little
Scan
ScannerCopy
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SimCity 4 Deluxe
SolutionCenter
Status
TrayApp
Tropico: Paradise Island
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Zoo Tycoon 2 - African Adventure
.
==== Event Viewer Messages From Past Week ========
.
9/28/2011 4:06:27 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
9/28/2011 12:17:54 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/28/2011 12:13:55 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
9/28/2011 12:09:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: qfpdqhaj SASKUTIL
9/28/2011 12:09:39 PM, error: Service Control Manager [7023] - The msncache service terminated with the following error: The specified module could not be found.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The wsldoekd Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The tdydowkc Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The soxpeca Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The sopidkc Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The roytctm Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The peresvc Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The noytcyr Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The Network Monitor service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The mabidwe Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 12:09:39 PM, error: Service Control Manager [7000] - The fastnetsrv Service service failed to start due to the following error: The system cannot find the file specified.
9/28/2011 1:49:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================







RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xAAB2C000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4800512 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6FA1000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1150976 bytes (Agere Systems, SoftModem Device Driver)
0xBFA2B000 C:\WINDOWS\System32\ialmdd5.DLL 843776 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF71DA000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 774144 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7327000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9F9C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF710B000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF6E13000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xAA1A6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA90DD000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9247000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAA16C000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xA9F25000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF6E6C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7459000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF70DD000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 188416 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xF72FA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9350000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAA00B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBFA02000 C:\WINDOWS\System32\ialmdev5.DLL 167936 bytes (Intel Corporation, Component GHAL Driver)
0xAA058000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7403000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF71A1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF70BA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8C15000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF717E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA036000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAAB0A000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73CB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7429000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF72DF000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73EB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9E2B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7166000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 98304 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xA8E18000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF73B4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6F76000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9F86000 C:\WINDOWS\System32\drivers\fipss.sys 90112 bytes
0xA9A06000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6F8D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF71C6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA1FE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7448000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6E9D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7788000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7648000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xA8B95000 C:\WINDOWS\win32k.sys:2 61440 bytes
0xF7708000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7588000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF77D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9DB3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76C8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7598000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF77C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77A8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76E8000 C:\WINDOWS\system32\DRIVERS\IrBus.sys 49152 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0xF7668000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7658000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77E8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xF7698000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7688000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA86DA000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7728000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7758000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7798000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF75A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
!!!!!!!!!!!Hidden driver: 0xF75F8000 lkfgahwh.sys 36864 bytes
0xF7678000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7718000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF76F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7978000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7900000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7860000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78C8000 C:\DOCUME~1\Curtis\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7808000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7970000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7888000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7948000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7988000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7858000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7910000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF78E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7908000 C:\WINDOWS\system32\ZDCNDIS5.sys 24576 bytes (ZDC., Inc. (ZDC), ZDC NDIS 5.0 SPR Protocol Driver)
0xF7968000 C:\WINDOWS\win32k.sys:1 20480 bytes
0xF78F0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7810000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7828000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7818000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7850000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7990000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7950000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7890000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF6CDF000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A78000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9D3B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7998000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAAAE6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6CE3000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6CDB000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A58000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6ECE000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AB0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A8E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7ADA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AAE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A8C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A88000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B4C000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xF7ABE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AB4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AA6000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7AA8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AA4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C25000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BBE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C96000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B50000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xA9F7258A unknown_irp_handler 2678 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [mhndrv.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
0xAA293A2A Unknown page with executable code, 1494 bytes
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [point32.sys]
0xAA292881 Unknown page with executable code, 1919 bytes
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [alcxwdm.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\fipss.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
0xAA294133 Unknown page with executable code, 3789 bytes
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [ohci1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [scsiport.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Edited by 444, 05 October 2011 - 07:36 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 05 October 2011 - 02:42 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 October 2011 - 03:27 PM

Combofix won't open. I disabled my anti-virus, and keep double clicking the combofix icon, but but it does nothing.

Edited by 444, 05 October 2011 - 03:29 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 05 October 2011 - 06:49 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 October 2011 - 07:13 PM

20:04:56.0218 1364 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
20:04:58.0234 1364 ============================================================
20:04:58.0234 1364 Current date / time: 2011/10/05 20:04:58.0234
20:04:58.0234 1364 SystemInfo:
20:04:58.0234 1364
20:04:58.0234 1364 OS Version: 5.1.2600 ServicePack: 2.0
20:04:58.0234 1364 Product type: Workstation
20:04:58.0234 1364 ComputerName: CURTIS
20:04:58.0234 1364 UserName: Curtis
20:04:58.0234 1364 Windows directory: C:\WINDOWS
20:04:58.0234 1364 System windows directory: C:\WINDOWS
20:04:58.0234 1364 Processor architecture: Intel x86
20:04:58.0234 1364 Number of processors: 2
20:04:58.0234 1364 Page size: 0x1000
20:04:58.0234 1364 Boot type: Normal boot
20:04:58.0234 1364 ============================================================
20:04:59.0500 1364 Initialize success
20:05:16.0453 0616 ============================================================
20:05:16.0453 0616 Scan started
20:05:16.0453 0616 Mode: Manual;
20:05:16.0453 0616 ============================================================
20:05:17.0390 0616 28bab381 - ok
20:05:17.0406 0616 Abiosdsk - ok
20:05:17.0437 0616 abp480n5 - ok
20:05:17.0484 0616 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:05:17.0484 0616 ACPI - ok
20:05:17.0531 0616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:05:17.0546 0616 ACPIEC - ok
20:05:17.0578 0616 adpu160m - ok
20:05:17.0671 0616 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:05:17.0671 0616 aec - ok
20:05:17.0734 0616 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:05:17.0734 0616 AFD - ok
20:05:17.0843 0616 AgereSoftModem (994a42d273c35b43ee9d1e8a5d8bc639) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:05:17.0875 0616 AgereSoftModem - ok
20:05:17.0906 0616 Aha154x - ok
20:05:17.0937 0616 aic78u2 - ok
20:05:17.0953 0616 aic78xx - ok
20:05:18.0000 0616 AliIde - ok
20:05:18.0015 0616 amsint - ok
20:05:18.0109 0616 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:05:18.0109 0616 Arp1394 - ok
20:05:18.0125 0616 asc - ok
20:05:18.0156 0616 asc3350p - ok
20:05:18.0187 0616 asc3550 - ok
20:05:18.0250 0616 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:05:18.0250 0616 AsyncMac - ok
20:05:18.0265 0616 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:05:18.0281 0616 atapi - ok
20:05:18.0296 0616 Atdisk - ok
20:05:18.0343 0616 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:05:18.0343 0616 Atmarpc - ok
20:05:18.0406 0616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:05:18.0406 0616 audstub - ok
20:05:18.0484 0616 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
20:05:18.0500 0616 AvgLdx86 - ok
20:05:18.0531 0616 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
20:05:18.0531 0616 AvgMfx86 - ok
20:05:18.0828 0616 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
20:05:18.0843 0616 AvgTdiX - ok
20:05:18.0937 0616 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:05:18.0953 0616 BCM43XX - ok
20:05:19.0015 0616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:05:19.0015 0616 Beep - ok
20:05:19.0093 0616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:05:19.0093 0616 cbidf2k - ok
20:05:19.0140 0616 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:05:19.0140 0616 CCDECODE - ok
20:05:19.0171 0616 cd20xrnt - ok
20:05:19.0218 0616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:19.0218 0616 Cdaudio - ok
20:05:19.0281 0616 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:19.0281 0616 Cdfs - ok
20:05:19.0375 0616 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:19.0375 0616 Cdrom - ok
20:05:19.0406 0616 Changer - ok
20:05:19.0453 0616 CmdIde - ok
20:05:19.0515 0616 Cpqarray - ok
20:05:19.0546 0616 dac2w2k - ok
20:05:19.0578 0616 dac960nt - ok
20:05:19.0656 0616 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:19.0656 0616 Disk - ok
20:05:19.0718 0616 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:05:19.0734 0616 dmboot - ok
20:05:19.0796 0616 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
20:05:19.0796 0616 dmio - ok
20:05:19.0937 0616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:05:19.0937 0616 dmload - ok
20:05:20.0125 0616 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:05:20.0125 0616 DMusic - ok
20:05:20.0171 0616 dpti2o - ok
20:05:20.0218 0616 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:20.0234 0616 drmkaud - ok
20:05:20.0265 0616 e5e79e6f - ok
20:05:20.0359 0616 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:05:20.0359 0616 Fastfat - ok
20:05:20.0406 0616 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
20:05:20.0406 0616 Fdc - ok
20:05:20.0468 0616 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:05:20.0468 0616 Fips - ok
20:05:20.0531 0616 fipss (474bd392050315850e8d1363b6ab243f) C:\WINDOWS\system32\drivers\fipss.sys
20:05:20.0531 0616 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\fipss.sys. md5: 474bd392050315850e8d1363b6ab243f
20:05:20.0531 0616 fipss ( LockedFile.Multi.Generic ) - warning
20:05:20.0531 0616 fipss - detected LockedFile.Multi.Generic (1)
20:05:20.0578 0616 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:05:20.0578 0616 Flpydisk - ok
20:05:20.0656 0616 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:05:20.0656 0616 FltMgr - ok
20:05:20.0687 0616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:05:20.0687 0616 Fs_Rec - ok
20:05:20.0718 0616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:05:20.0718 0616 Ftdisk - ok
20:05:20.0781 0616 gearaspiwdm (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:05:20.0781 0616 gearaspiwdm - ok
20:05:20.0828 0616 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:05:20.0843 0616 Gpc - ok
20:05:20.0906 0616 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
20:05:20.0921 0616 hcwPP2 - ok
20:05:20.0984 0616 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
20:05:20.0984 0616 HdAudAddService - ok
20:05:21.0031 0616 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:05:21.0031 0616 HDAudBus - ok
20:05:21.0125 0616 HidIr (cc6b00739ed83a64cd817dc93d26a667) C:\WINDOWS\system32\DRIVERS\hidir.sys
20:05:21.0125 0616 HidIr - ok
20:05:21.0171 0616 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:05:21.0171 0616 HidUsb - ok
20:05:21.0203 0616 hpn - ok
20:05:21.0265 0616 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
20:05:21.0265 0616 HTTP - ok
20:05:21.0406 0616 i2omgmt - ok
20:05:21.0421 0616 i2omp - ok
20:05:21.0484 0616 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:05:21.0484 0616 i8042prt - ok
20:05:21.0593 0616 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:05:21.0640 0616 ialm - ok
20:05:21.0828 0616 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:05:21.0828 0616 Imapi - ok
20:05:21.0875 0616 ini910u - ok
20:05:22.0078 0616 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:05:22.0203 0616 IntcAzAudAddService - ok
20:05:22.0265 0616 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:05:22.0265 0616 IntelIde - ok
20:05:22.0343 0616 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:05:22.0343 0616 intelppm - ok
20:05:22.0375 0616 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:05:22.0390 0616 Ip6Fw - ok
20:05:22.0437 0616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:05:22.0437 0616 IpFilterDriver - ok
20:05:22.0484 0616 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:05:22.0484 0616 IpInIp - ok
20:05:22.0546 0616 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:05:22.0546 0616 IpNat - ok
20:05:22.0593 0616 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:05:22.0593 0616 IPSec - ok
20:05:22.0656 0616 IrBus (7381237118fdc710e7ff698baa5a2e67) C:\WINDOWS\system32\DRIVERS\IrBus.sys
20:05:22.0656 0616 IrBus - ok
20:05:22.0812 0616 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:05:22.0812 0616 IRENUM - ok
20:05:22.0890 0616 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:05:22.0890 0616 isapnp - ok
20:05:22.0968 0616 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:05:22.0968 0616 Kbdclass - ok
20:05:23.0015 0616 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:05:23.0015 0616 kbdhid - ok
20:05:23.0187 0616 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:05:23.0187 0616 kmixer - ok
20:05:23.0250 0616 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
20:05:23.0250 0616 KSecDD - ok
20:05:23.0296 0616 lbrtfdc - ok
20:05:23.0406 0616 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:05:23.0406 0616 MHNDRV - ok
20:05:23.0437 0616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:05:23.0437 0616 mnmdd - ok
20:05:23.0468 0616 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:05:23.0484 0616 Modem - ok
20:05:23.0531 0616 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:05:23.0531 0616 Mouclass - ok
20:05:23.0609 0616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:05:23.0609 0616 mouhid - ok
20:05:23.0718 0616 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:05:23.0734 0616 MountMgr - ok
20:05:23.0750 0616 mraid35x - ok
20:05:23.0796 0616 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:05:23.0796 0616 MRxDAV - ok
20:05:23.0875 0616 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:05:23.0890 0616 MRxSmb - ok
20:05:23.0968 0616 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:05:23.0968 0616 Msfs - ok
20:05:24.0109 0616 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:05:24.0109 0616 MSKSSRV - ok
20:05:24.0187 0616 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:05:24.0187 0616 MSPCLOCK - ok
20:05:24.0250 0616 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:05:24.0265 0616 MSPQM - ok
20:05:24.0343 0616 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:05:24.0343 0616 mssmbios - ok
20:05:24.0500 0616 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
20:05:24.0500 0616 MSTEE - ok
20:05:24.0531 0616 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:05:24.0531 0616 Mup - ok
20:05:24.0578 0616 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:05:24.0578 0616 NABTSFEC - ok
20:05:24.0640 0616 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:05:24.0656 0616 NDIS - ok
20:05:24.0687 0616 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:05:24.0687 0616 NdisIP - ok
20:05:24.0734 0616 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:05:24.0750 0616 NdisTapi - ok
20:05:24.0812 0616 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:05:24.0812 0616 Ndisuio - ok
20:05:24.0843 0616 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:05:24.0843 0616 NdisWan - ok
20:05:24.0906 0616 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:05:24.0906 0616 NDProxy - ok
20:05:24.0953 0616 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:05:24.0953 0616 NetBIOS - ok
20:05:25.0000 0616 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:05:25.0015 0616 NetBT - ok
20:05:25.0140 0616 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:05:25.0140 0616 NIC1394 - ok
20:05:25.0187 0616 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:05:25.0187 0616 Npfs - ok
20:05:25.0265 0616 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:05:25.0296 0616 Ntfs - ok
20:05:25.0453 0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:05:25.0453 0616 Null - ok
20:05:25.0500 0616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:05:25.0500 0616 NwlnkFlt - ok
20:05:25.0562 0616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:05:25.0562 0616 NwlnkFwd - ok
20:05:25.0718 0616 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:05:25.0734 0616 ohci1394 - ok
20:05:25.0796 0616 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:05:25.0796 0616 Parport - ok
20:05:25.0828 0616 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:05:25.0828 0616 PartMgr - ok
20:05:25.0859 0616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:05:25.0859 0616 ParVdm - ok
20:05:25.0906 0616 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:05:25.0906 0616 PCI - ok
20:05:25.0937 0616 PCIDump - ok
20:05:25.0968 0616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:05:25.0968 0616 PCIIde - ok
20:05:26.0015 0616 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:05:26.0015 0616 Pcmcia - ok
20:05:26.0062 0616 PDCOMP - ok
20:05:26.0093 0616 PDFRAME - ok
20:05:26.0125 0616 PDRELI - ok
20:05:26.0156 0616 PDRFRAME - ok
20:05:26.0171 0616 perc2 - ok
20:05:26.0203 0616 perc2hib - ok
20:05:26.0312 0616 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
20:05:26.0312 0616 Point32 - ok
20:05:26.0375 0616 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:05:26.0375 0616 PptpMiniport - ok
20:05:26.0421 0616 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:05:26.0421 0616 PSched - ok
20:05:26.0468 0616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:05:26.0484 0616 Ptilink - ok
20:05:26.0578 0616 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:05:26.0578 0616 PxHelp20 - ok
20:05:26.0640 0616 qfpdqhaj (912ab081295a0cc2cdc52b50490310d5) C:\WINDOWS\system32\drivers\lkfgahwh.sys
20:05:26.0640 0616 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\lkfgahwh.sys. md5: 912ab081295a0cc2cdc52b50490310d5
20:05:26.0640 0616 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\lkfgahwh.sys. md5: 912ab081295a0cc2cdc52b50490310d5
20:05:26.0640 0616 qfpdqhaj ( LockedFile.Multi.Generic ) - warning
20:05:26.0640 0616 qfpdqhaj - detected LockedFile.Multi.Generic (1)
20:05:26.0671 0616 ql1080 - ok
20:05:26.0703 0616 Ql10wnt - ok
20:05:26.0734 0616 ql12160 - ok
20:05:26.0750 0616 ql1240 - ok
20:05:26.0781 0616 ql1280 - ok
20:05:26.0828 0616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:05:26.0828 0616 RasAcd - ok
20:05:26.0875 0616 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:05:26.0875 0616 Rasl2tp - ok
20:05:27.0031 0616 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:05:27.0031 0616 RasPppoe - ok
20:05:27.0078 0616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:05:27.0078 0616 Raspti - ok
20:05:27.0140 0616 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:05:27.0156 0616 Rdbss - ok
20:05:27.0296 0616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:05:27.0312 0616 RDPCDD - ok
20:05:27.0406 0616 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:05:27.0406 0616 rdpdr - ok
20:05:27.0468 0616 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:05:27.0468 0616 RDPWD - ok
20:05:27.0531 0616 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:05:27.0531 0616 redbook - ok
20:05:27.0656 0616 RTL8023xp (e0cd8c78f70accb2f1f21343fbbd3b54) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:05:27.0656 0616 RTL8023xp - ok
20:05:27.0687 0616 rtl8139 - ok
20:05:27.0781 0616 SASKUTIL - ok
20:05:27.0890 0616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:05:27.0890 0616 Secdrv - ok
20:05:27.0984 0616 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
20:05:27.0984 0616 Serial - ok
20:05:28.0062 0616 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:05:28.0062 0616 Sfloppy - ok
20:05:28.0109 0616 Simbad - ok
20:05:28.0171 0616 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:05:28.0171 0616 SLIP - ok
20:05:28.0234 0616 Sparrow - ok
20:05:28.0281 0616 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:05:28.0281 0616 splitter - ok
20:05:28.0390 0616 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\System32\Drivers\sptd.sys
20:05:28.0421 0616 sptd - ok
20:05:28.0546 0616 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:05:28.0562 0616 sr - ok
20:05:28.0640 0616 Srv (7a0111577d8046633d5162a3ce15e9e1) C:\WINDOWS\system32\DRIVERS\srv.sys
20:05:28.0640 0616 Srv - ok
20:05:28.0843 0616 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:05:28.0843 0616 StillCam - ok
20:05:28.0906 0616 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:05:28.0906 0616 streamip - ok
20:05:28.0937 0616 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:05:28.0937 0616 swenum - ok
20:05:29.0000 0616 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:05:29.0000 0616 swmidi - ok
20:05:29.0031 0616 symc810 - ok
20:05:29.0078 0616 symc8xx - ok
20:05:29.0109 0616 sym_hi - ok
20:05:29.0140 0616 sym_u3 - ok
20:05:29.0203 0616 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:05:29.0203 0616 sysaudio - ok
20:05:29.0296 0616 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:05:29.0312 0616 Tcpip - ok
20:05:29.0406 0616 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:05:29.0421 0616 TDPIPE - ok
20:05:29.0453 0616 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:05:29.0453 0616 TDTCP - ok
20:05:29.0531 0616 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:05:29.0531 0616 TermDD - ok
20:05:29.0625 0616 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
20:05:29.0640 0616 tmcomm - ok
20:05:29.0718 0616 TnIDriver - ok
20:05:29.0843 0616 TosIde - ok
20:05:29.0875 0616 Suspicious service (NoAccess): UACd.sys
20:05:29.0921 0616 UACd.sys (b2b554a5cd61cfb071aa57f34b86710b) C:\WINDOWS\system32\drivers\UACwimrdlll.sys
20:05:29.0921 0616 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\UACwimrdlll.sys. md5: b2b554a5cd61cfb071aa57f34b86710b
20:05:29.0921 0616 UACd.sys ( Rootkit.Win32.TDSS.tdl2 ) - infected
20:05:29.0921 0616 UACd.sys - detected Rootkit.Win32.TDSS.tdl2 (0)
20:05:29.0968 0616 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:05:29.0968 0616 Udfs - ok
20:05:30.0125 0616 ultra - ok
20:05:30.0234 0616 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:05:30.0250 0616 Update - ok
20:05:30.0343 0616 usbaapl (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:05:30.0343 0616 usbaapl - ok
20:05:30.0406 0616 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:05:30.0406 0616 usbccgp - ok
20:05:30.0437 0616 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:05:30.0437 0616 usbehci - ok
20:05:30.0531 0616 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:05:30.0531 0616 usbhub - ok
20:05:30.0593 0616 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:05:30.0593 0616 usbprint - ok
20:05:30.0656 0616 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:05:30.0671 0616 USBSTOR - ok
20:05:30.0703 0616 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:05:30.0703 0616 usbuhci - ok
20:05:30.0734 0616 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:05:30.0734 0616 VgaSave - ok
20:05:30.0765 0616 ViaIde - ok
20:05:30.0796 0616 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:05:30.0796 0616 VolSnap - ok
20:05:30.0859 0616 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:05:30.0875 0616 Wanarp - ok
20:05:30.0890 0616 WDICA - ok
20:05:30.0968 0616 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:05:30.0968 0616 wdmaud - ok
20:05:31.0281 0616 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:05:31.0281 0616 WSTCODEC - ok
20:05:31.0390 0616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:05:31.0390 0616 WudfPf - ok
20:05:31.0593 0616 ZDCNDIS5 (1e206ae7b474b393e97a14c7769ba9a4) C:\WINDOWS\system32\ZDCNDIS5.sys
20:05:31.0625 0616 ZDCNDIS5 - ok
20:05:31.0703 0616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:05:31.0796 0616 \Device\Harddisk0\DR0 - ok
20:05:31.0812 0616 Boot (0x1200) (b711e8cd1076f34d8a9b215b271c6422) \Device\Harddisk0\DR0\Partition0
20:05:31.0812 0616 \Device\Harddisk0\DR0\Partition0 - ok
20:05:31.0812 0616 ============================================================
20:05:31.0812 0616 Scan finished
20:05:31.0812 0616 ============================================================
20:05:31.0859 1916 Detected object count: 3
20:05:31.0859 1916 Actual detected object count: 3
20:07:03.0015 1916 fipss ( LockedFile.Multi.Generic ) - skipped by user
20:07:03.0015 1916 fipss ( LockedFile.Multi.Generic ) - User select action: Skip
20:07:03.0031 1916 qfpdqhaj ( LockedFile.Multi.Generic ) - skipped by user
20:07:03.0031 1916 qfpdqhaj ( LockedFile.Multi.Generic ) - User select action: Skip
20:07:03.0031 1916 C:\WINDOWS\system32\drivers\UACwimrdlll.sys - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACnptfqpxu.dll - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACrujdaijw.dat - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACsfoexywt.dll - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACshnqqpkv.dll - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACwqhxvgsh.dll - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACqaiqbnqt.log - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UAClwmdhxvk.log - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACbwkdwuuf.log - will be deleted on reboot
20:07:03.0031 1916 C:\WINDOWS\system32\UACksixlllo.dll - will be deleted on reboot
20:07:03.0031 1916 HKLM\SYSTEM\ControlSet001\services\UACd.sys - will be deleted on reboot
20:07:03.0062 1916 HKLM\SYSTEM\ControlSet002\services\UACd.sys - will be deleted on reboot
20:07:03.0062 1916 C:\WINDOWS\system32\drivers\UACwimrdlll.sys - will be deleted on reboot
20:07:03.0062 1916 UACd.sys ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Delete
20:07:09.0546 3776 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 05 October 2011 - 08:28 PM

Hello


try and run combofix again for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 October 2011 - 11:51 PM

Ok, so I ran ComboFix and it worked this time. Ran through and everything, but afterward I had to restart. After about an hour of checking the disks, it brought me to my account login, but I forgot the password for it and I can't continue further. Is there a trick or something to recovering my password?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 06 October 2011 - 08:58 AM

Hello


Is there a trick or something to recovering my password?

You forgot the password to log into the computer?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 06 October 2011 - 11:48 AM

yes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 06 October 2011 - 12:10 PM

That I don't know how to help you with


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 444

444
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 07 October 2011 - 02:22 PM

It's okay. Just give me a couple days to have this sorted out.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:46 PM

Posted 07 October 2011 - 05:01 PM

I will wait for you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users