Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Persistent Redirect After System Check infection


  • Please log in to reply
7 replies to this topic

#1 lchageman

lchageman

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 09 February 2012 - 03:24 PM

Hi, I have spent the last couple of days attempting to remove a System Check hijacker. I followed the Bleeping Computer.com Removal Guide Instructions and have used TDSS Killer, Rkiller, Unhide and updated and run MBAM and SAS a bunch of times. They are coming up with 0 infections now and I thought I was good because I have functional control again, but my browser keeps redirecting to newsdaily.7 and a couple other sites, and I have had a couple of AVG Active Surf-Shield notices popping up and blocking me from regular sites with a Blackhole Exploit Kit detection notice. Any idea what I still have and how to get rid of it? I am running Windows XP SP3.
Thanks!

Edited by lchageman, 09 February 2012 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 AM

Posted 09 February 2012 - 04:25 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 lchageman

lchageman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 09 February 2012 - 06:34 PM

Should I let them cure whatever they find? TDSS Killer already found another virus with the new parameters and wants me to reboot.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 AM

Posted 09 February 2012 - 06:58 PM

Yes go ahead,make sure to post the log

#5 lchageman

lchageman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 10 February 2012 - 11:26 AM

OK Posting logs (GMER took forever to run-had to leave it overnight):
17:47:05.0937 5576 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

17:47:06.0390 5576 ============================================================

17:47:06.0390 5576 Current date / time: 2012/02/09 17:47:06.0390

17:47:06.0390 5576 SystemInfo:

17:47:06.0390 5576

17:47:06.0390 5576 OS Version: 5.1.2600 ServicePack: 3.0

17:47:06.0390 5576 Product type: Workstation

17:47:06.0390 5576 ComputerName: MAIN

17:47:06.0390 5576 UserName: Christine Hageman

17:47:06.0390 5576 Windows directory: C:\WINDOWS

17:47:06.0390 5576 System windows directory: C:\WINDOWS

17:47:06.0390 5576 Processor architecture: Intel x86

17:47:06.0390 5576 Number of processors: 1

17:47:06.0390 5576 Page size: 0x1000

17:47:06.0390 5576 Boot type: Normal boot

17:47:06.0390 5576 ============================================================

17:47:16.0031 5576 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:47:16.0046 5576 \Device\Harddisk0\DR0:

17:47:16.0046 5576 MBR used

17:47:16.0046 5576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8

17:47:16.0125 5576 Initialize success

17:47:16.0125 5576 ============================================================

17:47:35.0328 5528 ============================================================

17:47:35.0328 5528 Scan started

17:47:35.0328 5528 Mode: Manual; TDLFS;

17:47:35.0328 5528 ============================================================

17:47:36.0078 5528 Abiosdsk - ok

17:47:36.0171 5528 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

17:47:36.0187 5528 abp480n5 - ok

17:47:36.0359 5528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:47:36.0375 5528 ACPI - ok

17:47:36.0593 5528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:47:36.0609 5528 ACPIEC - ok

17:47:36.0859 5528 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

17:47:36.0875 5528 adpu160m - ok

17:47:37.0062 5528 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

17:47:37.0093 5528 aeaudio - ok

17:47:37.0265 5528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:47:37.0281 5528 aec - ok

17:47:37.0390 5528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:47:37.0421 5528 AFD - ok

17:47:37.0562 5528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

17:47:37.0593 5528 agp440 - ok

17:47:38.0093 5528 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

17:47:38.0125 5528 agpCPQ - ok

17:47:38.0265 5528 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

17:47:38.0281 5528 Aha154x - ok

17:47:38.0406 5528 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

17:47:38.0421 5528 aic78u2 - ok

17:47:38.0562 5528 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

17:47:38.0578 5528 aic78xx - ok

17:47:38.0781 5528 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

17:47:38.0796 5528 AliIde - ok

17:47:38.0906 5528 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

17:47:38.0921 5528 alim1541 - ok

17:47:39.0109 5528 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

17:47:39.0125 5528 amdagp - ok

17:47:39.0281 5528 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

17:47:39.0296 5528 amsint - ok

17:47:39.0546 5528 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

17:47:39.0562 5528 asc - ok

17:47:39.0796 5528 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

17:47:39.0812 5528 asc3350p - ok

17:47:40.0093 5528 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

17:47:40.0109 5528 asc3550 - ok

17:47:40.0312 5528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:47:40.0328 5528 AsyncMac - ok

17:47:40.0437 5528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:47:40.0437 5528 atapi - ok

17:47:40.0546 5528 Atdisk - ok

17:47:40.0656 5528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:47:40.0671 5528 Atmarpc - ok

17:47:41.0859 5528 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys

17:47:41.0875 5528 ATMhelpr - ok

17:47:41.0984 5528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:47:42.0000 5528 audstub - ok

17:47:42.0171 5528 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

17:47:42.0171 5528 AvgLdx86 - ok

17:47:42.0281 5528 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys

17:47:42.0281 5528 AvgMfx86 - ok

17:47:42.0453 5528 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys

17:47:42.0453 5528 AvgTdiX - ok

17:47:42.0640 5528 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys

17:47:42.0734 5528 BCMModem - ok

17:47:42.0921 5528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:47:42.0937 5528 Beep - ok

17:47:43.0031 5528 BlueletAudio (534b95fbd867d0512dcb43e6cc1aa91e) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

17:47:43.0046 5528 BlueletAudio - ok

17:47:43.0203 5528 BlueletSCOAudio (01d1832f2b13dfaf7384884f7c3e0124) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys

17:47:43.0218 5528 BlueletSCOAudio - ok

17:47:43.0343 5528 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

17:47:43.0343 5528 BT - ok

17:47:43.0531 5528 Btcsrusb (f7ff961f1b8bd229f94f648889a87b94) C:\WINDOWS\system32\Drivers\btcusb.sys

17:47:43.0546 5528 Btcsrusb - ok

17:47:43.0687 5528 BTHidEnum (e69d9e7854095a9c81acee40d766fe2d) C:\WINDOWS\system32\DRIVERS\vbtenum.sys

17:47:43.0703 5528 BTHidEnum - ok

17:47:43.0796 5528 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys

17:47:43.0812 5528 BTHidMgr - ok

17:47:43.0906 5528 BTNetFilter (6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32\drivers\BTNetFilter.sys

17:47:43.0921 5528 BTNetFilter - ok

17:47:44.0031 5528 bvrp_pci - ok

17:47:44.0140 5528 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

17:47:44.0156 5528 cbidf - ok

17:47:44.0281 5528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:47:44.0281 5528 cbidf2k - ok

17:47:44.0406 5528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:47:44.0406 5528 CCDECODE - ok

17:47:44.0656 5528 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

17:47:44.0671 5528 cd20xrnt - ok

17:47:44.0875 5528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:47:44.0890 5528 Cdaudio - ok

17:47:45.0031 5528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:47:45.0046 5528 Cdfs - ok

17:47:45.0203 5528 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

17:47:45.0218 5528 Cdralw2k - ok

17:47:45.0359 5528 Changer - ok

17:47:45.0593 5528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

17:47:45.0640 5528 CmdIde - ok

17:47:45.0796 5528 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

17:47:45.0812 5528 Cpqarray - ok

17:47:46.0093 5528 crlscsi (e08ac114b931dacafbdd9d5e0b93815c) C:\WINDOWS\system32\drivers\crlscsi.sys

17:47:46.0156 5528 crlscsi - ok

17:47:46.0343 5528 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

17:47:46.0375 5528 ctsfm2k - ok

17:47:46.0562 5528 cur_bus (ddb3368425f9f08c17de41b3415e89b2) C:\WINDOWS\system32\DRIVERS\cur_bus.sys

17:47:46.0593 5528 cur_bus - ok

17:47:46.0875 5528 cur_mdfl (3a38d5212b0b7e4c8644eb79e7d9fd8f) C:\WINDOWS\system32\DRIVERS\cur_mdfl.sys

17:47:47.0031 5528 cur_mdfl - ok

17:47:47.0328 5528 cur_mdm (c74b1d66fb0e970385fa8468bcfa9ac5) C:\WINDOWS\system32\DRIVERS\cur_mdm.sys

17:47:47.0343 5528 cur_mdm - ok

17:47:47.0609 5528 cur_serd (a330f4449ad54b4905a9f6adecd585e1) C:\WINDOWS\system32\DRIVERS\cur_serd.sys

17:47:47.0640 5528 cur_serd - ok

17:47:48.0015 5528 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

17:47:48.0046 5528 dac2w2k - ok

17:47:48.0218 5528 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

17:47:48.0265 5528 dac960nt - ok

17:47:48.0656 5528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:47:48.0859 5528 Disk - ok

17:47:49.0093 5528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:47:49.0515 5528 dmboot - ok

17:47:49.0687 5528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:47:49.0718 5528 dmio - ok

17:47:49.0890 5528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:47:49.0906 5528 dmload - ok

17:47:50.0078 5528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:47:50.0109 5528 DMusic - ok

17:47:50.0296 5528 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

17:47:50.0312 5528 dpti2o - ok

17:47:50.0468 5528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:47:50.0500 5528 drmkaud - ok

17:47:50.0859 5528 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

17:47:50.0906 5528 DSproct - ok

17:47:51.0109 5528 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

17:47:51.0140 5528 dsunidrv - ok

17:47:51.0328 5528 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys

17:47:51.0375 5528 E100B - ok

17:47:51.0609 5528 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

17:47:51.0640 5528 EL90XBC - ok

17:47:51.0859 5528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:47:52.0093 5528 Fastfat - ok

17:47:52.0281 5528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:47:52.0296 5528 Fdc - ok

17:47:52.0500 5528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:47:52.0515 5528 Fips - ok

17:47:52.0671 5528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:47:52.0750 5528 Flpydisk - ok

17:47:52.0906 5528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:47:52.0953 5528 FltMgr - ok

17:47:53.0062 5528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:47:53.0109 5528 Fs_Rec - ok

17:47:53.0453 5528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:47:53.0484 5528 Ftdisk - ok

17:47:53.0640 5528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

17:47:53.0656 5528 gameenum - ok

17:47:53.0921 5528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

17:47:54.0109 5528 GEARAspiWDM - ok

17:47:54.0265 5528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:47:54.0281 5528 Gpc - ok

17:47:54.0437 5528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:47:54.0656 5528 HidUsb - ok

17:47:54.0781 5528 HPCFILT6 (db892e31bbee7f4a975ffda8d3d68a2c) C:\WINDOWS\System32\Drivers\HpcFilt6.sys

17:47:54.0812 5528 HPCFILT6 - ok

17:47:54.0984 5528 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

17:47:55.0000 5528 hpn - ok

17:47:55.0203 5528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:47:55.0406 5528 HTTP - ok

17:47:55.0578 5528 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:47:55.0578 5528 i2omgmt - ok

17:47:55.0703 5528 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

17:47:55.0953 5528 i2omp - ok

17:47:56.0093 5528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:47:56.0296 5528 i8042prt - ok

17:47:56.0515 5528 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

17:47:56.0531 5528 i81x - ok

17:47:56.0656 5528 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

17:47:56.0687 5528 iAimFP0 - ok

17:47:56.0906 5528 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

17:47:56.0921 5528 iAimFP1 - ok

17:47:57.0203 5528 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

17:47:57.0218 5528 iAimFP2 - ok

17:47:57.0375 5528 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

17:47:57.0593 5528 iAimFP3 - ok

17:47:57.0765 5528 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

17:47:58.0046 5528 iAimFP4 - ok

17:47:58.0343 5528 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

17:47:58.0921 5528 iAimTV0 - ok

17:47:59.0218 5528 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

17:47:59.0234 5528 iAimTV1 - ok

17:47:59.0406 5528 iAimTV2 - ok

17:47:59.0640 5528 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

17:47:59.0859 5528 iAimTV3 - ok

17:48:00.0109 5528 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

17:48:00.0218 5528 iAimTV4 - ok

17:48:00.0562 5528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:48:00.0609 5528 Imapi - ok

17:48:00.0812 5528 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

17:48:00.0828 5528 ini910u - ok

17:48:01.0000 5528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

17:48:01.0046 5528 IntelIde - ok

17:48:01.0343 5528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:48:01.0578 5528 intelppm - ok

17:48:01.0718 5528 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:48:01.0734 5528 ip6fw - ok

17:48:01.0906 5528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:48:01.0921 5528 IpFilterDriver - ok

17:48:02.0187 5528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:48:02.0203 5528 IpInIp - ok

17:48:02.0359 5528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:48:02.0375 5528 IpNat - ok

17:48:02.0578 5528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:48:02.0593 5528 IPSec - ok

17:48:02.0703 5528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:48:02.0718 5528 IRENUM - ok

17:48:02.0890 5528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:48:04.0328 5528 isapnp - ok

17:48:04.0484 5528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:48:04.0500 5528 Kbdclass - ok

17:48:04.0687 5528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:48:04.0687 5528 kmixer - ok

17:48:04.0843 5528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:48:05.0109 5528 KSecDD - ok

17:48:05.0406 5528 lbrtfdc - ok

17:48:05.0640 5528 LHidFlt2 (e8e25edb0d3ab0bc459405bcaf824fdf) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys

17:48:05.0656 5528 LHidFlt2 - ok

17:48:06.0109 5528 LHidUsb (ff683c656ac51e28afe5ccb53a4bd247) C:\WINDOWS\system32\drivers\LHidUsb.Sys

17:48:06.0125 5528 LHidUsb - ok

17:48:06.0296 5528 LKbdFlt2 (18e48e9d5683860773a078c7c3837daf) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys

17:48:06.0296 5528 LKbdFlt2 - ok

17:48:06.0484 5528 LMouFlt2 (d1d5f7cbecef5c0c9f019b0c534be289) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys

17:48:06.0500 5528 LMouFlt2 - ok

17:48:06.0656 5528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:48:06.0671 5528 mnmdd - ok

17:48:06.0781 5528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:48:06.0796 5528 Modem - ok

17:48:07.0000 5528 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

17:48:07.0015 5528 MODEMCSA - ok

17:48:07.0203 5528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:48:07.0328 5528 Mouclass - ok

17:48:07.0468 5528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:48:07.0484 5528 mouhid - ok

17:48:07.0640 5528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:48:07.0656 5528 MountMgr - ok

17:48:07.0875 5528 mozyFilter (31dfc6f8efaec37e7e863002c63f0dbe) C:\WINDOWS\system32\DRIVERS\mozy.sys

17:48:07.0875 5528 mozyFilter - ok

17:48:08.0046 5528 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

17:48:08.0062 5528 mraid35x - ok

17:48:08.0218 5528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:48:08.0234 5528 MRxDAV - ok

17:48:08.0328 5528 MRxSmb (5a52ec4c22a8e9065bf5080432899801) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:48:08.0421 5528 MRxSmb ( Virus.Win32.ZAccess.c ) - infected

17:48:08.0421 5528 MRxSmb - detected Virus.Win32.ZAccess.c (0)

17:48:08.0640 5528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:48:08.0656 5528 Msfs - ok

17:48:09.0125 5528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:48:09.0265 5528 MSKSSRV - ok

17:48:09.0468 5528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:48:09.0468 5528 MSPCLOCK - ok

17:48:09.0796 5528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:48:09.0921 5528 MSPQM - ok

17:48:10.0078 5528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:48:10.0093 5528 mssmbios - ok

17:48:10.0203 5528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:48:10.0203 5528 MSTEE - ok

17:48:10.0375 5528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:48:10.0390 5528 Mup - ok

17:48:10.0484 5528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:48:10.0500 5528 NABTSFEC - ok

17:48:10.0609 5528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:48:10.0625 5528 NDIS - ok

17:48:10.0875 5528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:48:10.0890 5528 NdisIP - ok

17:48:11.0078 5528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:48:11.0125 5528 NdisTapi - ok

17:48:11.0312 5528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:48:11.0312 5528 Ndisuio - ok

17:48:11.0531 5528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:48:11.0781 5528 NdisWan - ok

17:48:11.0937 5528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:48:11.0953 5528 NDProxy - ok

17:48:12.0046 5528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:48:12.0062 5528 NetBIOS - ok

17:48:12.0234 5528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:48:12.0250 5528 NetBT - ok

17:48:12.0437 5528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:48:12.0453 5528 Npfs - ok

17:48:12.0640 5528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:48:12.0718 5528 Ntfs - ok

17:48:12.0843 5528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:48:12.0859 5528 Null - ok

17:48:13.0265 5528 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:48:13.0359 5528 nv - ok

17:48:13.0515 5528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:48:13.0531 5528 NwlnkFlt - ok

17:48:13.0687 5528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:48:13.0703 5528 NwlnkFwd - ok

17:48:13.0843 5528 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

17:48:13.0859 5528 omci - ok

17:48:14.0046 5528 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

17:48:14.0140 5528 ossrv - ok

17:48:14.0359 5528 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys

17:48:14.0500 5528 P16X - ok

17:48:14.0687 5528 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

17:48:14.0703 5528 P3 - ok

17:48:14.0796 5528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:48:14.0828 5528 Parport - ok

17:48:15.0843 5528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:48:15.0859 5528 PartMgr - ok

17:48:16.0046 5528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:48:16.0062 5528 ParVdm - ok

17:48:16.0234 5528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:48:16.0250 5528 PCI - ok

17:48:16.0390 5528 PCIDump - ok

17:48:16.0484 5528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:48:16.0500 5528 PCIIde - ok

17:48:16.0734 5528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:48:17.0171 5528 Pcmcia - ok

17:48:17.0250 5528 PDCOMP - ok

17:48:17.0312 5528 PDFRAME - ok

17:48:17.0375 5528 PDRELI - ok

17:48:17.0437 5528 PDRFRAME - ok

17:48:17.0531 5528 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

17:48:17.0562 5528 perc2 - ok

17:48:17.0781 5528 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

17:48:17.0796 5528 perc2hib - ok

17:48:17.0968 5528 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

17:48:17.0968 5528 PfModNT - ok

17:48:18.0156 5528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:48:18.0171 5528 PptpMiniport - ok

17:48:18.0265 5528 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:48:18.0281 5528 Processor - ok

17:48:18.0390 5528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:48:18.0406 5528 PSched - ok

17:48:18.0593 5528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:48:18.0671 5528 Ptilink - ok

17:48:18.0890 5528 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

17:48:18.0906 5528 PxHelp20 - ok

17:48:19.0109 5528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

17:48:19.0125 5528 ql1080 - ok

17:48:19.0390 5528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

17:48:19.0390 5528 Ql10wnt - ok

17:48:19.0609 5528 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

17:48:19.0625 5528 ql12160 - ok

17:48:19.0812 5528 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

17:48:19.0828 5528 ql1240 - ok

17:48:19.0937 5528 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

17:48:19.0937 5528 ql1280 - ok

17:48:20.0046 5528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:48:20.0062 5528 RasAcd - ok

17:48:20.0265 5528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:48:20.0515 5528 Rasl2tp - ok

17:48:20.0671 5528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:48:20.0687 5528 RasPppoe - ok

17:48:20.0796 5528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:48:20.0828 5528 Raspti - ok

17:48:20.0921 5528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:48:20.0937 5528 Rdbss - ok

17:48:21.0093 5528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:48:21.0093 5528 RDPCDD - ok

17:48:21.0203 5528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:48:21.0234 5528 rdpdr - ok

17:48:21.0390 5528 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:48:21.0406 5528 RDPWD - ok

17:48:21.0515 5528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:48:21.0531 5528 redbook - ok

17:48:21.0640 5528 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

17:48:21.0656 5528 RimVSerPort - ok

17:48:21.0843 5528 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:48:21.0859 5528 ROOTMODEM - ok

17:48:22.0000 5528 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys

17:48:22.0046 5528 RT25USBAP - ok

17:48:22.0125 5528 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

17:48:22.0171 5528 SASDIFSV - ok

17:48:22.0187 5528 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

17:48:22.0187 5528 SASENUM - ok

17:48:22.0234 5528 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

17:48:22.0265 5528 SASKUTIL - ok

17:48:22.0484 5528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:48:22.0500 5528 Secdrv - ok

17:48:22.0687 5528 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

17:48:22.0703 5528 Ser2pl - ok

17:48:22.0890 5528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:48:22.0906 5528 serenum - ok

17:48:23.0343 5528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:48:23.0359 5528 Serial - ok

17:48:23.0562 5528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:48:23.0578 5528 Sfloppy - ok

17:48:23.0734 5528 Simbad - ok

17:48:23.0843 5528 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

17:48:23.0875 5528 sisagp - ok

17:48:24.0031 5528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:48:24.0031 5528 SLIP - ok

17:48:24.0281 5528 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys

17:48:24.0343 5528 smwdm - ok

17:48:24.0515 5528 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys

17:48:24.0515 5528 Soluto - ok

17:48:24.0671 5528 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

17:48:24.0687 5528 Sparrow - ok

17:48:24.0875 5528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:48:24.0890 5528 splitter - ok

17:48:25.0062 5528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:48:25.0609 5528 sr - ok

17:48:25.0781 5528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:48:25.0859 5528 Srv - ok

17:48:26.0046 5528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:48:26.0062 5528 streamip - ok

17:48:26.0218 5528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:48:26.0234 5528 swenum - ok

17:48:26.0328 5528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:48:26.0343 5528 swmidi - ok

17:48:26.0531 5528 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

17:48:26.0546 5528 symc810 - ok

17:48:26.0687 5528 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

17:48:26.0703 5528 symc8xx - ok

17:48:26.0828 5528 SymIM - ok

17:48:26.0984 5528 SymIMMP - ok

17:48:27.0093 5528 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

17:48:27.0125 5528 sym_hi - ok

17:48:27.0312 5528 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

17:48:27.0312 5528 sym_u3 - ok

17:48:27.0468 5528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:48:27.0468 5528 sysaudio - ok

17:48:27.0656 5528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:48:27.0796 5528 Tcpip - ok

17:48:27.0968 5528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:48:27.0984 5528 TDPIPE - ok

17:48:28.0093 5528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:48:28.0109 5528 TDTCP - ok

17:48:28.0250 5528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:48:28.0265 5528 TermDD - ok

17:48:28.0406 5528 TfFsMon - ok

17:48:28.0546 5528 TfNetMon - ok

17:48:28.0625 5528 TfSysMon - ok

17:48:28.0750 5528 tmcomm - ok

17:48:28.0875 5528 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

17:48:28.0890 5528 TosIde - ok

17:48:29.0046 5528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:48:29.0062 5528 Udfs - ok

17:48:29.0171 5528 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

17:48:29.0187 5528 ultra - ok

17:48:29.0359 5528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:48:29.0437 5528 Update - ok

17:48:29.0656 5528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:48:29.0671 5528 USBAAPL - ok

17:48:29.0906 5528 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:48:29.0921 5528 usbaudio - ok

17:48:30.0000 5528 usbbus - ok

17:48:30.0109 5528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:48:30.0125 5528 usbccgp - ok

17:48:30.0265 5528 UsbDiag - ok

17:48:30.0359 5528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:48:30.0375 5528 usbehci - ok

17:48:30.0578 5528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:48:31.0359 5528 usbhub - ok

17:48:31.0437 5528 USBModem - ok

17:48:31.0531 5528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:48:31.0718 5528 usbprint - ok

17:48:31.0890 5528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:48:31.0906 5528 usbscan - ok

17:48:32.0046 5528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:48:32.0078 5528 USBSTOR - ok

17:48:32.0281 5528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:48:32.0281 5528 usbuhci - ok

17:48:32.0406 5528 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:48:32.0421 5528 usbvideo - ok

17:48:32.0593 5528 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys

17:48:32.0609 5528 VComm - ok

17:48:32.0781 5528 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys

17:48:32.0796 5528 VcommMgr - ok

17:48:33.0015 5528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:48:33.0031 5528 VgaSave - ok

17:48:33.0265 5528 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

17:48:33.0312 5528 viaagp - ok

17:48:33.0421 5528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

17:48:33.0437 5528 ViaIde - ok

17:48:33.0578 5528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:48:33.0593 5528 VolSnap - ok

17:48:33.0796 5528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:48:33.0812 5528 Wanarp - ok

17:48:33.0937 5528 wanatw - ok

17:48:34.0062 5528 WDICA - ok

17:48:34.0375 5528 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys

17:48:34.0390 5528 Wdm1 - ok

17:48:34.0546 5528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:48:34.0546 5528 wdmaud - ok

17:48:34.0750 5528 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:48:34.0781 5528 WpdUsb - ok

17:48:35.0187 5528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:48:35.0218 5528 WS2IFSL - ok

17:48:35.0328 5528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:48:35.0343 5528 WSTCODEC - ok

17:48:35.0484 5528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:48:35.0515 5528 WudfPf - ok

17:48:35.0750 5528 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

17:48:36.0000 5528 WUDFRd - ok

17:48:36.0093 5528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:48:36.0312 5528 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:48:36.0312 5528 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:48:36.0343 5528 Boot (0x1200) (ccd4687bd299343156d62555bdc30d00) \Device\Harddisk0\DR0\Partition0

17:48:36.0343 5528 \Device\Harddisk0\DR0\Partition0 - ok

17:48:36.0343 5528 ============================================================

17:48:36.0343 5528 Scan finished

17:48:36.0359 5528 ============================================================

17:48:36.0375 3744 Detected object count: 2

17:48:36.0375 3744 Actual detected object count: 2

18:29:59.0765 3744 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine

18:29:59.0937 3744 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813

18:30:04.0656 3744 Backup copy found, using it..

18:30:04.0687 3744 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot

18:30:29.0703 3744 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure

18:30:29.0703 3744 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:30:29.0703 3744 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:33:28.0906 2616 Deinitialize success



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-10 06:46:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.16
Running: 0muus3p6.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB7161640]

---- Kernel code sections - GMER 1.0.15 ----

? 67969212.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9693380, 0x346307, 0xE8000020]
.text ipsec.sys B727D000 105 Bytes [B7, FF, B5, 04, FF, FF, FF, ...]
.text ipsec.sys B727D06A 4 Bytes [6A, 07, 56, 68]
.text ipsec.sys B727D06F 64 Bytes [BF, 28, B7, 68, 1A, D2, 27, ...]
.text ipsec.sys B727D0B0 53 Bytes [B5, 04, FF, FF, FF, E8, 8E, ...]
.text ipsec.sys B727D0E6 1 Byte [74]
.text ...
? C:\WINDOWS\System32\DRIVERS\ipsec.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0266000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0267000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0265000C
? C:\WINDOWS\System32\svchost.exe[1212] C:\WINDOWS\System32\smss.exe image checksum mismatch; time/date stamp mismatch;
.text C:\program files\real\realplayer\update\realsched.exe[2668] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeInitializeEvent] 90909090
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeEnterCriticalRegion] 8B55FF8B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExAcquireFastMutexUnsafe] 458B51EC
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExReleaseFastMutexUnsafe] 04408B0C
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeLeaveCriticalRegion] 000C6583
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExAllocatePool] 56C93353
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExFreePoolWithTag] 8908758B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] 3341FC45
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] 648E39C0
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] 74000002
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!NtOpenFile] 68868D06
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!NtQueryVolumeInformationFile] 80000002
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!NtClose] 5000107D
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!swprintf] 0C458D51
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlInitUnicodeString] 10458D50
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 6476FF50
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] FF6076FF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] 76FF5476
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExReleaseResourceLite] E8077450
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] FFFFE9AC
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwCreateFile] 3D8118EB
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoGetStackLimits] [B728BF8C] \SystemRoot\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!MmFlushImageSection] 12345678
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcInitializeCacheMap] 86E80775
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcPurgeCacheSection] EB000019
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcSetFileSizes] EA5CE805
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwClose] D88BFFFF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 7B7CDB85
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcFlushCache] 5754568B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcUninitializeCacheMap] 8B107D8B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IofCallDriver] D5B0E8CF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IofCompleteRequest] 4E80FFFF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoSetInformation] DB85043A
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!CcCopyWrite] 8B447E89
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!FsRtlCopyRead] 084E8D10
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] 89044189
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwAllocateVirtualMemory] 044A8911
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQuerySystemInformation] 24750889
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!_stricmp] BE5C05FF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwOpenThread] 4D8BB728
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQueryInformationThread] 20418B0C
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PsLookupProcessByProcessId] 1474C085
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PsGetProcessPeb] 203841F6
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeStackAttachProcess] 4D8B0875
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ProbeForRead] 445939FC
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlEqualUnicodeString] E8500675
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExDeleteResourceLite] FFFFFEA7
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PsLookupProcessThreadByCid] 8310458B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeInitializeApc] 5F003878
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ObfReferenceObject] 4E830A74
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeInsertQueueApc] 488B0438
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeDelayExecutionThread] 684E8938
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PsCreateSystemThread] 83FC4D8B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwOpenKey] 74004479
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQueryValueKey] 384E8304
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwSetValueKey] 0640F601
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwOpenFile] 50067403
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQueryObject] FFD4CFE8
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQueryInformationFile] 5EC033FF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwDeviceIoControlFile] 0CC2C95B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwCreateSymbolicLinkObject] 90909000
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwCreateDirectoryObject] FF8B9090
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwWriteFile] 83EC8B55
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwCreateSection] 65830CEC
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoGetCurrentProcess] 658300F4
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwOpenSection] 565300F8
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwMapViewOfSection] FE458D57
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!MmAllocatePagesForMdl] BC08BF50
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!MmUnmapLockedPages] E857B728
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!MmFreePagesFromMdl] FFFF4631
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwUnmapViewOfSection] 28BC04BB
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlHashUnicodeString] FFCB8BB7
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwReadFile] 28B90015
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoFreeIrp] FF4588B7
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeSetEvent] 458D046A
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!RtlPrefixUnicodeString] 458B50F8
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoAllocateIrp] E830FF08
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeWaitForSingleObject] FFFFCC93
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 097DC085
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwEnumerateKey] 0D0845C7
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwDeleteKey] EBC00000
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PoStartNextPowerIrp] F4458D1A
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!PoCallDriver] DCF4E850
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwFlushVirtualMemory] F08BFFFF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwQueryKey] 277DF685
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwSetSystemInformation] E8F875FF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDriver] FFFFD05D
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ObMakeTemporaryObject] 8A087589
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ZwDeleteFile] 358BFF55
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ObReferenceObjectByName] [B728B904] \SystemRoot\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoDriverObjectType] D6FFCB8B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoEnumerateDeviceObjectList] 8BFE558A
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!wcsrchr] 8BD6FFCF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ExInitializeResourceLite] 17E90845
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoQueryFileInformation] 8B000002
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!KeUnstackDetachProcess] 458BF475
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!ObfDereferenceObject] 384E830C
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!_allmul] 30055602
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!_except_handler3] 50FFFFFF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!memcpy] E80875FF
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!memset] FFFFF5AD
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[HAL.dll!KfLowerIrql] 15FFCB8B
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[HAL.dll!KeGetCurrentIrql] [B728B904] \SystemRoot\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[HAL.dll!KfRaiseIrql] 5D5B5E5F

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtTerminateProcess] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtRaiseHardError] 458D74EC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitUnicodeString] 15FF50F8
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAdjustPrivilege] [019DF014] C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFreeHeap] 01FC7531
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 458DF875
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 15FF508C
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAllocateHeap] [019DF004] C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 458D086A
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgPrintEx] 458D50F8
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 15FF508C
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] [019DF000] C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenFile] 508C458D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtClose] F00815FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcslen] 458B019D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcscpy] E84533E4
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationProcess] 33EC4533
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreatePagingFile] C3C9F045
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationFile] 8BEC8B55
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationFile] EC833040
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgPrint] 57565314
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQuerySystemInformation] D98B388B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_allmul] EB04708D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetSecurityObject] 46B70F20
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 30448D1A
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] F0F0681C
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 4F50019D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateAcl] 00DCAFE8
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 85595900
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 811374C0
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 00011CC6
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF8500
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryValueKey] 5FC033DC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!swprintf] C2C95B5E
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenKey] 468B0008
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetValueKey] F4458908
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateKey] 8B0C468B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateFile] 45890473
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReadFile] 74F685F0
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_chkstk] D8BB8D77
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcsstr] 57000000
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_wcsupr] 9E015068
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 8D426A01
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 4E50FC45
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenDirectoryObject] F0E015FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcsncpy] C085019D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 458D537C
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitAnsiString] 046A50EC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_stricmp] 50F8458D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateSection] 75FF096A
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksum] DC15FFFC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 85019DF0
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 8B317CC0
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrUnloadDll] 452BF845
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrGetProcedureAddress] F0453BF4
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitString] 006A2673
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrLoadDll] FFFC75FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 9DF0D415
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEqualString] [7CC08501] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!memmove] 0C4D8B17
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_wcsicmp] 1F8B018B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 8908558B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5F8BC21C
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] C25C8904
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 01894004
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] FFFC75FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 9DF0D815
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtWaitForSingleObject] 40C78301
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtResumeThread] 8F75F685
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] E940C033
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUserProcess] FFFFFF67
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateProcessParameters] 51EC8B55
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 0173A051
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 5653019E
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLockBootStatusData] C0BE0F57
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDisplayString] 7D89FF33
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!sprintf] DC2AE8F8
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDuplicateObject] DC8B0000
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLengthSid] 45C7F633
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlGetAce] 001000FC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] FC458B00
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F73F83B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 11E8C72B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 8B0000DC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 2BC38BF4
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFindMessage] 8DF88BC6
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetEvent] 5750FC45
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetSystemInformation] FF056A56
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateEvent] 9DF0D015
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLeaveCriticalSection] 00043D01
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEnterCriticalSection] D574C000
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcscat] 047DC085
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 60EBC033
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDelayExecution] F003C033
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtInitializeRegistry] 468D016A
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 18685038
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDeleteValueKey] FF019DF1
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateEnvironment] 9DF0CC15
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUserThread] 75C08401
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreatePort] 85068B08
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitializeCriticalSection] EBE375C0
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationProcess] [68006A3C] C:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateTagHeap] 00040000
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationThread] F07415FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationToken] F88B019D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenThreadToken] 2974FF85
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtImpersonateClientOfPort] FF016A57
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtConnectPort] 15FF4476
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCompleteConnectPort] [019DF020] C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtAcceptConnectPort] 127CC085
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenProcess] 8B0C75FF
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReplyWaitReceivePort] 0875FFCE
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExitUserThread] 81E8C78B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReplyPort] 89FFFFFE
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FF57F845
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 9DF02415
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] F8458B01
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FEC658D
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtAdjustPrivilegesToken] C2C95B5E
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenProcessToken] 8B550008
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 3CEC81EC
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnwind] 56000002
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryVirtualMemory] E856F08B
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgBreakPoint] 0000DB36
IAT C:\WINDOWS\System32\svchost.exe[1212] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] [00803D59] C:\WINDOWS\System32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B6788000-B6798000 (65536 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\SYSTEM32\ping.exe (*** hidden *** ) 4996

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB19369$\3217176251 0 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699 0 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\cfg.ini 170 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\L 0 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\L\asobptkf 75264 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U 0 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\80000000.@ 66048 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB19369$\3441067699\version 856 bytes

---- EOF - GMER 1.0.15 ----




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software

Run date: 2012-02-10 10:10:17

-----------------------------

10:10:17.843 OS Version: Windows 5.1.2600 Service Pack 3

10:10:17.843 Number of processors: 1 586 0x209

10:10:17.843 ComputerName: MAIN UserName:

10:10:25.953 Initialize success

10:11:12.750 AVAST engine defs: 12021000

10:11:51.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

10:11:51.343 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3

10:11:51.531 Disk 0 MBR read successfully

10:11:51.546 Disk 0 MBR scan

10:11:51.593 Disk 0 Windows XP default MBR code

10:11:51.687 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63

10:11:51.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325

10:11:51.906 Disk 0 scanning sectors +156232125

10:11:52.781 Disk 0 scanning C:\WINDOWS\system32\drivers

10:13:07.843 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Sirefef-JQ [Trj]

10:14:28.328 Disk 0 trace - called modules:

10:14:28.437 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb678bfc0]<<

10:14:28.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad0fab8]

10:14:28.984 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x89f7c030]

10:14:29.000 \Driver\00004707[0x8ac15718] -> IRP_MJ_CREATE -> 0xb678bfc0

10:14:30.187 AVAST engine scan C:\WINDOWS

10:17:45.796 AVAST engine scan C:\WINDOWS\system32

10:30:21.406 AVAST engine scan C:\WINDOWS\system32\drivers

10:30:57.203 File: C:\WINDOWS\system32\drivers\ipsec.sys **INFECTED** Win32:Sirefef-JQ [Trj]

10:32:00.140 AVAST engine scan C:\Documents and Settings\Christine Hageman

10:37:03.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Christine Hageman\Desktop\Anti Spyware Programs\MBR.dat"

10:37:03.406 The log file has been saved successfully to "C:\Documents and Settings\Christine Hageman\Desktop\Anti Spyware Programs\aswMBR.txt"











#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 AM

Posted 11 February 2012 - 12:22 AM

You're infected with zero access rootkit which needs advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 11 February 2012 - 12:23 AM.


#7 lchageman

lchageman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 11 February 2012 - 02:59 PM

Thanks for your help-I have posted to the other forum.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:05 AM

Posted 11 February 2012 - 05:37 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users