1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Cannot run some scans

Discussion in 'Malware and Virus Removal Archive' started by cspgsl, 2011/06/12.

Page 1 of 2
  1. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    [Inactive] Cannot run some scans

    I have a XP Media Centre machine, P4, 3GHz, 1.75GB RAM. Lots of HDD space.

    It is infected with a rogue (can't tell which one it is as it shows up randomly when Windows Explorer is opened) but I cannot run MS Security Essentials, Malwarebytes or GMER - tried to run RKILL but all four processes are killed when they start.

    I was able to run MBRCheck and DDS and the logs are attached.

    Any assistance appreciated, thanks

    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-12 07:27:19
    -----------------------------
    07:27:19.052 OS Version: Windows 5.1.2600 Service Pack 3
    07:27:19.052 Number of processors: 2 586 0x403
    07:27:19.052 ComputerName: YOUR-2E61B29445 UserName: Tom
    07:27:20.224 Initialize success
    07:27:26.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    07:27:26.036 Disk 0 Vendor: WDC_WD2500JD-22HBC0 08.02D08 Size: 238475MB BusType: 3
    07:27:28.083 Disk 0 MBR read successfully
    07:27:28.083 Disk 0 MBR scan
    07:27:28.083 Disk 0 unknown MBR code
    07:27:30.161 Disk 0 scanning sectors +488376000
    07:27:30.192 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:27:33.771 Service scanning
    07:27:34.692 Disk 0 trace - called modules:
    07:27:34.708 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb827d134]<<
    07:27:34.724 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a50aab8]
    07:27:34.724 3 CLASSPNP.SYS[b8168fd7] -> nt!IofCallDriver -> [0x89cd9030]
    07:27:34.724 \Driver\Disk[0x8a2a3030] -> IRP_MJ_CREATE -> 0xb827d134
    07:27:34.739 Scan finished successfully
    07:27:59.021 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom\Desktop\MBR.dat "
    07:27:59.021 The log file has been saved successfully to "C:\Documents and Settings\Tom\Desktop\aswMBR.txt "
     
    Last edited: 2011/06/12
    cspgsl,
    #1
  2. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Tom at 7:29:07 on 2011-06-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1226 [GMT -3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    "\\.\globalroot\Device\svchost.exe\svchost.exe "
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.gateway.com/
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRunOnce: [Malwarebytes' Anti-Malware] c:\documents and settings\tom\desktop\malwarebytes\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{63491761-BE88-45E6-A12C-9CBE68B6452F} : DhcpNameServer = 192.168.2.1
    Notify: igfxcui - igfxsrvc.dll
    Notify: LMIinit - LMIinit.dll
    IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tom\application data\mozilla\firefox\profiles\vt5ckdkj.default\
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-11 47640]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-21 39984]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-06-11 16:12:38 -------- d-----w- c:\documents and settings\tom\application data\TeamViewer
    2011-06-11 16:11:51 -------- d-----w- c:\documents and settings\tom\application data\Malwarebytes
    2011-06-11 13:40:57 -------- d-----w- c:\documents and settings\tom\application data\ElevatedDiagnostics
    2011-06-11 13:17:33 -------- d-----w- c:\documents and settings\tom\local settings\application data\Mozilla
    2011-06-11 13:11:52 -------- d-sh--w- c:\documents and settings\tom\PrivacIE
    2011-06-11 13:03:44 -------- d-----w- c:\windows\pss
    2011-06-11 12:58:24 -------- d-----w- c:\program files\VS Revo Group
    2011-06-11 12:46:27 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2011-06-11 12:46:27 29568 ----a-w- c:\windows\system32\LMIport.dll
    2011-06-11 12:46:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-06-11 12:46:26 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-06-11 12:46:20 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-06-11 12:46:15 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
    2011-06-11 12:46:05 -------- d-----w- c:\program files\LogMeIn
    .
    ==================== Find3M ====================
    .
    2011-06-11 13:04:59 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-06-11 13:04:58 589824 ----a-w- c:\windows\system32\lxdxcoms.exe
    2011-05-29 12:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 12:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-19 17:34:59 73728 ----a-w- c:\windows\ALCFDRTM.VER
    2011-04-19 17:34:59 73728 ----a-w- c:\windows\ALCFDRTM.EXE
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JD-22HBC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xB827D134]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xb8280858]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A50AAB8]
    3 CLASSPNP[0xB8168FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89CD9030]
    \Driver\Disk[0x8A2A3030] -> IRP_MJ_CREATE -> 0xB827D134
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
    user & kernel MBR OK
    .
    ============= FINISH: 7:29:47.92 ===============
     
    cspgsl,
    #2


  3. to hide this advert.

  4. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/20/2011 2:55:50 PM
    System Uptime: 6/11/2011 10:04:45 AM (21 hours ago)
    .
    Motherboard: Intel Corporation | | D915GAG
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 229 GiB total, 203.264 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 0.991 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP29: 3/14/2011 1:40:57 PM - Software Distribution Service 3.0
    RP30: 3/15/2011 1:35:54 PM - Software Distribution Service 3.0
    RP31: 3/17/2011 1:16:46 PM - Software Distribution Service 3.0
    RP32: 3/19/2011 8:54:16 AM - Software Distribution Service 3.0
    RP33: 3/20/2011 9:03:27 AM - System Checkpoint
    RP34: 3/21/2011 8:30:51 AM - Software Distribution Service 3.0
    RP35: 3/22/2011 9:10:53 AM - System Checkpoint
    RP36: 3/23/2011 7:56:55 AM - Software Distribution Service 3.0
    RP37: 3/24/2011 8:34:20 AM - System Checkpoint
    RP38: 3/24/2011 9:43:01 PM - Software Distribution Service 3.0
    RP39: 3/25/2011 7:12:06 AM - Software Distribution Service 3.0
    RP40: 3/26/2011 2:59:22 PM - Installed Recovery Software Suite Gateway
    RP41: 3/28/2011 4:12:21 PM - System Checkpoint
    RP42: 3/29/2011 4:34:30 PM - System Checkpoint
    RP43: 3/30/2011 4:37:19 PM - System Checkpoint
    RP44: 3/31/2011 5:19:18 PM - System Checkpoint
    RP45: 4/1/2011 5:37:16 PM - System Checkpoint
    RP46: 4/3/2011 12:02:03 PM - System Checkpoint
    RP47: 4/4/2011 12:58:00 PM - System Checkpoint
    RP48: 4/5/2011 4:41:24 PM - System Checkpoint
    RP49: 4/6/2011 5:28:57 PM - System Checkpoint
    RP50: 4/7/2011 6:13:12 PM - System Checkpoint
    RP51: 4/9/2011 9:08:55 AM - System Checkpoint
    RP52: 4/10/2011 9:57:01 AM - System Checkpoint
    RP53: 4/11/2011 9:57:15 AM - System Checkpoint
    RP54: 4/13/2011 9:05:47 AM - System Checkpoint
    RP55: 4/14/2011 9:06:41 AM - System Checkpoint
    RP56: 4/14/2011 11:27:42 PM - Software Distribution Service 3.0
    RP57: 4/15/2011 3:29:46 PM - Software Distribution Service 3.0
    RP58: 4/15/2011 11:16:00 PM - Software Distribution Service 3.0
    RP59: 4/16/2011 11:31:05 PM - System Checkpoint
    RP60: 4/16/2011 11:39:26 PM - Software Distribution Service 3.0
    RP61: 4/17/2011 11:06:18 PM - Software Distribution Service 3.0
    RP62: 4/18/2011 11:12:18 PM - System Checkpoint
    RP63: 4/19/2011 8:58:57 AM - Software Distribution Service 3.0
    RP64: 4/19/2011 10:56:56 PM - Software Distribution Service 3.0
    RP65: 4/20/2011 11:02:49 PM - Software Distribution Service 3.0
    RP66: 4/21/2011 11:30:57 PM - System Checkpoint
    RP67: 4/22/2011 12:01:31 AM - Software Distribution Service 3.0
    RP68: 4/22/2011 11:21:21 PM - Software Distribution Service 3.0
    RP69: 4/23/2011 10:55:33 PM - Software Distribution Service 3.0
    RP70: 4/24/2011 10:32:37 PM - Software Distribution Service 3.0
    RP71: 4/25/2011 10:56:45 PM - Software Distribution Service 3.0
    RP72: 4/26/2011 10:55:17 PM - Software Distribution Service 3.0
    RP73: 4/27/2011 8:37:51 PM - Software Distribution Service 3.0
    RP74: 4/29/2011 2:49:45 AM - Software Distribution Service 3.0
    RP75: 5/1/2011 8:49:22 AM - System Checkpoint
    RP76: 5/1/2011 10:11:56 PM - Software Distribution Service 3.0
    RP77: 5/2/2011 11:12:56 PM - Software Distribution Service 3.0
    RP78: 5/3/2011 11:03:07 PM - Software Distribution Service 3.0
    RP79: 5/4/2011 11:51:48 PM - System Checkpoint
    RP80: 5/5/2011 12:08:41 AM - Software Distribution Service 3.0
    RP81: 5/6/2011 12:10:12 AM - System Checkpoint
    RP82: 5/6/2011 3:00:14 AM - Software Distribution Service 3.0
    RP83: 5/7/2011 3:00:14 AM - Software Distribution Service 3.0
    RP84: 5/7/2011 11:31:42 PM - Software Distribution Service 3.0
    RP85: 5/8/2011 2:54:17 PM - Software Distribution Service 3.0
    RP86: 5/8/2011 10:43:46 PM - Software Distribution Service 3.0
    RP87: 5/9/2011 11:26:40 PM - Software Distribution Service 3.0
    RP88: 5/10/2011 11:34:50 PM - Software Distribution Service 3.0
    RP89: 5/11/2011 10:22:18 PM - Software Distribution Service 3.0
    RP90: 5/12/2011 10:42:27 PM - Software Distribution Service 3.0
    RP91: 5/12/2011 11:10:18 PM - Software Distribution Service 3.0
    RP92: 5/12/2011 11:33:10 PM - Software Distribution Service 3.0
    RP93: 5/14/2011 12:08:43 AM - Software Distribution Service 3.0
    RP94: 5/14/2011 9:30:14 PM - Software Distribution Service 3.0
    RP95: 5/15/2011 10:27:36 PM - Software Distribution Service 3.0
    RP96: 5/17/2011 12:48:18 AM - Software Distribution Service 3.0
    RP97: 5/17/2011 11:12:36 PM - Software Distribution Service 3.0
    RP98: 5/18/2011 11:00:01 PM - Software Distribution Service 3.0
    RP99: 5/19/2011 10:06:26 PM - Software Distribution Service 3.0
    RP100: 5/19/2011 10:50:00 PM - Software Distribution Service 3.0
    RP101: 5/20/2011 11:28:19 PM - System Checkpoint
    RP102: 5/21/2011 1:00:40 AM - Software Distribution Service 3.0
    RP103: 5/22/2011 9:18:34 AM - Software Distribution Service 3.0
    RP104: 5/23/2011 12:05:18 AM - Software Distribution Service 3.0
    RP105: 5/23/2011 11:42:11 PM - Software Distribution Service 3.0
    RP106: 5/24/2011 9:43:24 PM - Software Distribution Service 3.0
    RP107: 5/26/2011 1:35:34 AM - Software Distribution Service 3.0
    RP108: 5/26/2011 11:54:51 PM - Software Distribution Service 3.0
    RP109: 5/28/2011 1:13:50 AM - Software Distribution Service 3.0
    RP110: 5/29/2011 12:00:15 AM - Software Distribution Service 3.0
    RP111: 5/30/2011 1:01:42 AM - Software Distribution Service 3.0
    RP112: 5/30/2011 11:14:21 PM - Software Distribution Service 3.0
    RP113: 6/1/2011 12:55:32 AM - Software Distribution Service 3.0
    RP114: 6/1/2011 10:05:09 PM - Software Distribution Service 3.0
    RP115: 6/2/2011 10:35:51 AM - Software Distribution Service 3.0
    RP116: 6/2/2011 10:37:33 PM - Software Distribution Service 3.0
    RP117: 6/3/2011 9:52:31 PM - Software Distribution Service 3.0
    RP118: 6/4/2011 10:25:06 PM - System Checkpoint
    RP119: 6/4/2011 10:49:43 PM - Software Distribution Service 3.0
    RP120: 6/5/2011 11:35:29 PM - Software Distribution Service 3.0
    RP121: 6/7/2011 12:16:01 AM - System Checkpoint
    RP122: 6/7/2011 12:56:52 AM - Software Distribution Service 3.0
    RP123: 6/8/2011 1:32:43 AM - System Checkpoint
    RP124: 6/8/2011 2:26:39 AM - Software Distribution Service 3.0
    RP125: 6/8/2011 10:59:02 PM - Software Distribution Service 3.0
    RP126: 6/9/2011 11:53:35 PM - Software Distribution Service 3.0
    RP127: 6/10/2011 11:40:12 AM - Software Distribution Service 3.0
    RP128: 6/10/2011 11:50:24 PM - Software Distribution Service 3.0
    RP129: 6/11/2011 9:46:01 AM - Installed LogMeIn
    RP130: 6/11/2011 9:58:56 AM - Revo Uninstaller's restore point - BigFix
    RP131: 6/11/2011 10:00:41 AM - Revo Uninstaller's restore point - AOL Coach Version 1.0(Build:20040229.1 en)
    RP132: 6/11/2011 10:01:16 AM - Revo Uninstaller's restore point - AOL Connectivity Services
    RP133: 6/11/2011 10:13:39 AM - Software Distribution Service 3.0
    RP134: 6/11/2011 10:39:55 AM - Installed %1 %2.
    RP135: 6/11/2011 10:42:01 AM - Software Distribution Service 3.0
    RP136: 6/11/2011 10:45:06 AM - Software Distribution Service 3.0
    RP137: 6/12/2011 3:00:17 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 2.0
    WebFldrs XP
    Windows PowerShell(TM) 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2011 11:39:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '00000011.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    6/5/2011 9:44:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '000000c0.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    6/5/2011 9:40:52 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    6/5/2011 9:40:52 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
    6/11/2011 11:45:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '00000001.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
    cspgsl,
    #3
  5. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    I find that regardless of what is attempted, a window opens advising that the process is blocked asking to Block or Unblock it
     
    cspgsl,
    #4
  6. 2011/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #5
  7. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Thanks Broni - nothing has change yet. Still cannot run MBam

    2011/06/12 13:14:59.0505 2304 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/12 13:15:00.0036 2304 ================================================================================
    2011/06/12 13:15:00.0036 2304 SystemInfo:
    2011/06/12 13:15:00.0036 2304
    2011/06/12 13:15:00.0036 2304 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/12 13:15:00.0036 2304 Product type: Workstation
    2011/06/12 13:15:00.0036 2304 ComputerName: YOUR-2E61B29445
    2011/06/12 13:15:00.0036 2304 UserName: Owner
    2011/06/12 13:15:00.0036 2304 Windows directory: C:\WINDOWS
    2011/06/12 13:15:00.0036 2304 System windows directory: C:\WINDOWS
    2011/06/12 13:15:00.0036 2304 Processor architecture: Intel x86
    2011/06/12 13:15:00.0036 2304 Number of processors: 2
    2011/06/12 13:15:00.0036 2304 Page size: 0x1000
    2011/06/12 13:15:00.0036 2304 Boot type: Normal boot
    2011/06/12 13:15:00.0036 2304 ================================================================================
    2011/06/12 13:15:01.0427 2304 Initialize success
    2011/06/12 13:15:12.0427 1860 ================================================================================
    2011/06/12 13:15:12.0427 1860 Scan started
    2011/06/12 13:15:12.0427 1860 Mode: Manual;
    2011/06/12 13:15:12.0427 1860 ================================================================================
    2011/06/12 13:15:13.0161 1860 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/06/12 13:15:13.0208 1860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/12 13:15:13.0255 1860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/12 13:15:13.0271 1860 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/06/12 13:15:13.0317 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/12 13:15:13.0364 1860 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/12 13:15:13.0396 1860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/06/12 13:15:13.0427 1860 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/06/12 13:15:13.0458 1860 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/06/12 13:15:13.0489 1860 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/06/12 13:15:13.0521 1860 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/06/12 13:15:13.0552 1860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/06/12 13:15:13.0583 1860 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/06/12 13:15:13.0614 1860 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/06/12 13:15:13.0646 1860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/06/12 13:15:13.0692 1860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/12 13:15:13.0724 1860 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/06/12 13:15:13.0755 1860 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/06/12 13:15:13.0786 1860 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/06/12 13:15:13.0833 1860 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/06/12 13:15:13.0896 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/12 13:15:13.0927 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/12 13:15:14.0021 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/12 13:15:14.0036 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/12 13:15:14.0083 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/12 13:15:14.0130 1860 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/06/12 13:15:14.0161 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/12 13:15:14.0177 1860 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/06/12 13:15:14.0208 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/12 13:15:14.0239 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/12 13:15:14.0286 1860 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2011/06/12 13:15:14.0317 1860 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2011/06/12 13:15:14.0349 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/12 13:15:14.0427 1860 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/06/12 13:15:14.0474 1860 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/06/12 13:15:14.0521 1860 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/06/12 13:15:14.0536 1860 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/06/12 13:15:14.0599 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/12 13:15:14.0677 1860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/12 13:15:14.0724 1860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/12 13:15:14.0755 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/12 13:15:14.0786 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/12 13:15:14.0833 1860 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/06/12 13:15:14.0864 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/12 13:15:14.0927 1860 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/06/12 13:15:14.0989 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/12 13:15:15.0036 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/12 13:15:15.0067 1860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/12 13:15:15.0099 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/12 13:15:15.0130 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/12 13:15:15.0146 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/12 13:15:15.0177 1860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/12 13:15:15.0224 1860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/12 13:15:15.0255 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/12 13:15:15.0302 1860 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/06/12 13:15:15.0333 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/12 13:15:15.0380 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/12 13:15:15.0396 1860 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/06/12 13:15:15.0474 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/12 13:15:15.0505 1860 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/06/12 13:15:15.0536 1860 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/06/12 13:15:15.0567 1860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/12 13:15:15.0630 1860 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/06/12 13:15:15.0677 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/12 13:15:15.0724 1860 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/06/12 13:15:15.0864 1860 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/12 13:15:15.0942 1860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/06/12 13:15:15.0989 1860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/12 13:15:16.0036 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/12 13:15:16.0067 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/12 13:15:16.0099 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/12 13:15:16.0130 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/12 13:15:16.0161 1860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/12 13:15:16.0208 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/12 13:15:16.0224 1860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/12 13:15:16.0286 1860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/12 13:15:16.0317 1860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/06/12 13:15:16.0349 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/12 13:15:16.0396 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/12 13:15:16.0583 1860 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2011/06/12 13:15:16.0646 1860 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2011/06/12 13:15:16.0692 1860 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2011/06/12 13:15:16.0755 1860 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/06/12 13:15:16.0802 1860 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/06/12 13:15:16.0849 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/12 13:15:16.0896 1860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/12 13:15:16.0927 1860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/12 13:15:16.0989 1860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/12 13:15:17.0021 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/12 13:15:17.0052 1860 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/06/12 13:15:17.0083 1860 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/06/12 13:15:17.0114 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/12 13:15:17.0192 1860 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/12 13:15:17.0271 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/12 13:15:17.0317 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/12 13:15:17.0349 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/12 13:15:17.0380 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/12 13:15:17.0427 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/12 13:15:17.0458 1860 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/12 13:15:17.0505 1860 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
    2011/06/12 13:15:17.0552 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/12 13:15:17.0583 1860 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/12 13:15:17.0614 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/12 13:15:17.0630 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/12 13:15:17.0677 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/12 13:15:17.0708 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/12 13:15:17.0755 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/12 13:15:17.0802 1860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/06/12 13:15:17.0849 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/12 13:15:17.0896 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/12 13:15:17.0942 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/12 13:15:18.0317 1860 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/06/12 13:15:18.0599 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/12 13:15:18.0630 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/12 13:15:18.0661 1860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/06/12 13:15:18.0677 1860 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2011/06/12 13:15:18.0708 1860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/06/12 13:15:18.0755 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/12 13:15:18.0802 1860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/12 13:15:18.0817 1860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/12 13:15:18.0896 1860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/12 13:15:18.0958 1860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/12 13:15:19.0083 1860 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/06/12 13:15:19.0114 1860 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/06/12 13:15:19.0192 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/12 13:15:19.0239 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/12 13:15:19.0286 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/12 13:15:19.0302 1860 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/12 13:15:19.0333 1860 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/06/12 13:15:19.0364 1860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/06/12 13:15:19.0380 1860 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/06/12 13:15:19.0411 1860 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/06/12 13:15:19.0442 1860 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/06/12 13:15:19.0474 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/12 13:15:19.0505 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/12 13:15:19.0552 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/12 13:15:19.0567 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/12 13:15:19.0614 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/12 13:15:19.0630 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/12 13:15:19.0677 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/12 13:15:19.0739 1860 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/12 13:15:19.0786 1860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/12 13:15:19.0911 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/12 13:15:19.0958 1860 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/12 13:15:20.0036 1860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/12 13:15:20.0083 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/12 13:15:20.0177 1860 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/06/12 13:15:20.0208 1860 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/06/12 13:15:20.0255 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/12 13:15:20.0286 1860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/12 13:15:20.0364 1860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/12 13:15:20.0458 1860 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    2011/06/12 13:15:20.0489 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/12 13:15:20.0536 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/12 13:15:20.0583 1860 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/06/12 13:15:20.0614 1860 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/06/12 13:15:20.0646 1860 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/06/12 13:15:20.0677 1860 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/06/12 13:15:20.0724 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/12 13:15:20.0802 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/12 13:15:20.0833 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/12 13:15:20.0864 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/12 13:15:20.0911 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/12 13:15:20.0958 1860 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/06/12 13:15:21.0036 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/12 13:15:21.0067 1860 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/06/12 13:15:21.0146 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/12 13:15:21.0224 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/12 13:15:21.0255 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/12 13:15:21.0286 1860 usbhub (854f5d94ab479667cfd9c54a95d9588e) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/12 13:15:21.0302 1860 usbhub - detected Rootkit.Win32.ZAccess.c (0)
    2011/06/12 13:15:21.0349 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/12 13:15:21.0411 1860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/12 13:15:21.0442 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/12 13:15:21.0474 1860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/12 13:15:21.0474 1860 Suspicious service (NoAccess): vbmae541
    2011/06/12 13:15:21.0505 1860 vbmae541 (fdb000344f0580d573681ae1d5faecfe) C:\WINDOWS\system32\drivers\vbmae541.sys
    2011/06/12 13:15:21.0505 1860 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmae541.sys. md5: fdb000344f0580d573681ae1d5faecfe
    2011/06/12 13:15:21.0521 1860 vbmae541 - detected LockedService.Multi.Generic (1)
    2011/06/12 13:15:21.0567 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/12 13:15:21.0583 1860 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/06/12 13:15:21.0614 1860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/06/12 13:15:21.0646 1860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/12 13:15:21.0708 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/12 13:15:21.0802 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/12 13:15:21.0974 1860 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
    2011/06/12 13:15:21.0974 1860 ================================================================================
    2011/06/12 13:15:21.0974 1860 Scan finished
    2011/06/12 13:15:21.0974 1860 ================================================================================
    2011/06/12 13:15:22.0021 3968 Detected object count: 2
    2011/06/12 13:15:22.0021 3968 Actual detected object count: 2
    2011/06/12 13:15:43.0364 3968 usbhub (854f5d94ab479667cfd9c54a95d9588e) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/12 13:15:44.0271 3968 Backup copy found, using it..
    2011/06/12 13:15:44.0286 3968 C:\WINDOWS\system32\DRIVERS\usbhub.sys - will be cured after reboot
    2011/06/12 13:15:44.0286 3968 Rootkit.Win32.ZAccess.c(usbhub) - User select action: Cure
    2011/06/12 13:15:44.0286 3968 LockedService.Multi.Generic(vbmae541) - User select action: Skip
    2011/06/12 13:15:52.0099 0164 Deinitialize success
     
    cspgsl,
    #6
  8. 2011/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".
     
    broni,
    #7
  9. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB724F000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
    0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
    0xB408D000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 2301952 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB7DC3000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB3E5B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB70A7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB3F8E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB3571000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xB301D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB713A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB7F64000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB3759000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB7D96000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB27AB000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB3EF3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB7213000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB3F66000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB401A000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0xB7F0E000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB71C9000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xB3F40000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB3E37000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB4069000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB71EF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB7192000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB3F1E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB7E79000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB7F34000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB7D7C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB7EDE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB3E1F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB7EF6000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xB7E50000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB717B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB7F92000 04442378.sys 86016 bytes
    0xB31C6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB71B5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xB723B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB3FE7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB7E67000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB7F53000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB716A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB2E3D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xB81C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xB8118000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xB8198000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xB8138000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xB8298000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xB8248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xB81D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB33C1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB8258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xB81A8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xB80F8000 C:\WINDOWS\System32\Drivers\vbmae541.SYS 57344 bytes
    0xB8168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xB8128000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xB8178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB8208000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xB81B8000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 45056 bytes (Roxio, CDR4 CD and DVD Burning Helper Driver)
    0xB82A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xB8148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xB8188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB3651000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
    0xB8238000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB8228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    !!!!!!!!!!!Hidden driver: 0xB2C55000 3014433956 36864 bytes
    0xB2E7D000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xB8158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xB8158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xB82E8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB8108000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xB8218000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xB8268000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB8278000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xB8338000 C:\WINDOWS\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0xB8360000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xB8488000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xB8498000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 28672 bytes (Roxio, CDRAL for Windows 2000 Kernel Driver)
    0xB8340000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xB8408000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)
    0xB8348000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xB84A0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xB8490000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xB83D0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xB8480000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xB8350000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBD61F000 C:\WINDOWS\System32\lmimirr.dll 20480 bytes (LogMeIn, Inc., LogMeIn Mirror Driver)
    0xB8358000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xB83A8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xB8398000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xB83C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xB84B0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xB8370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB7C84000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB3ECF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xB85A0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB4055000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB63C7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB8568000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xB63C3000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB7CA4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB7CB8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB85C6000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
    0xB8656000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xB85B6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xB8660000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xB8654000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBD624000 C:\WINDOWS\System32\lmimirr2.dll 8192 bytes (LogMeIn, Inc., LogMeIn Video Helper)
    0xB8658000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xB85C4000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xB85F6000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
    0xB865A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xB85EA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xB85F2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xB870A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xB868F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xB8707000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
    0xB8732000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x89F5B109 unknown_irp_handler 3831 bytes
    0xB80DD134 unknown_irp_handler 3788 bytes
    ==============================================
    >Stealth
    ==============================================
    WARNING: File locked for read access [C:\WINDOWS\system32\drivers\vbmae541.sys]
    0xB80DDCEA Unknown thread object [ ETHREAD 0x89DB3020 ] TID: 1000, 600 bytes
    0xB80DDCEA Unknown thread object [ ETHREAD 0x89D89B78 ] TID: 1004, 600 bytes
    0xB2C595B0 Unknown thread object [ ETHREAD 0x89ABB5E0 ] TID: 3248, 600 bytes
    0xB2C595B0 Unknown thread object [ ETHREAD 0x89BA8020 ] TID: 3252, 600 bytes
    WARNING: Virus alike driver modification [ipsec.sys]
     
    cspgsl,
    #8
  10. 2011/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Combofix runs but does not disconnect the computer from the internet nor does it produce a report.
    The last line in the scan process says something to the effect of Output Folder c:\32788R22FWJFW - when I click on that icon on the C drive in My Computer is opens a new subset of the folder tree. If I click on the same icon in the sub set I get a new subset of the tree

    I ran RKILL but it had no effect on CF success

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Owner on 06/12/2011 at 14:02:49.
    Processes terminated by Rkill or while it was running:
    \\.\globalroot\Device\svchost.exe\svchost.exe
    C:\Documents and Settings\Owner\Desktop\rkill\rkill.exe
    Rkill completed on 06/12/2011 at 14:02:51.
     
    cspgsl,
    #10
  12. 2011/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure why you're clicking on anything.
    You should let Combofix run undisturbed.

    If it gets stuck, re-read my instructions, starting at:
     
    broni,
    #11
  13. 2011/06/12
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Thanks.

    I didn't click anything, I watched the scan run but then the window closes and there is no report. As I saw it run, I was under the impression that it worked however, as I say, the machine was still online (as per the network connection icon in the system tray) and there was no report.

    I only tried RKILL as a resort after reading your alternate instructions.

    I have to leave for the afternoon but will try your alternate suggestions tomorrow and repost.
     
    cspgsl,
    #12
  14. 2011/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try to restart computer and Combofix log may pop-up.
    If not, re-run it.
     
    broni,
    #13
  15. 2011/06/13
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Back again.

    I downloaded a fresh copy of combofix then started in safe mode. Ran RKILL as per instructions then ComboFix - still no combofix log.



    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 06/13/2011 at 16:52:37.
    Operating System: Microsoft Windows XP

    Processes terminated by Rkill or while it was running:

    \\.\globalroot\Device\svchost.exe\svchost.exe
    C:\WINDOWS\system32\verclsid.exe

    Rkill completed on 06/13/2011 at 16:52:41.
     
    cspgsl,
    #14
  16. 2011/06/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, re-run TDSSKiller.
     
    broni,
    #15
  17. 2011/06/14
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    2011/06/13 17:24:14.0093 2232 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/13 17:24:14.0781 2232 ================================================================================
    2011/06/13 17:24:14.0781 2232 SystemInfo:
    2011/06/13 17:24:14.0781 2232
    2011/06/13 17:24:14.0781 2232 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/13 17:24:14.0781 2232 Product type: Workstation
    2011/06/13 17:24:14.0781 2232 ComputerName: YOUR-2E61B29445
    2011/06/13 17:24:14.0781 2232 UserName: Owner
    2011/06/13 17:24:14.0781 2232 Windows directory: C:\WINDOWS
    2011/06/13 17:24:14.0781 2232 System windows directory: C:\WINDOWS
    2011/06/13 17:24:14.0781 2232 Processor architecture: Intel x86
    2011/06/13 17:24:14.0781 2232 Number of processors: 2
    2011/06/13 17:24:14.0781 2232 Page size: 0x1000
    2011/06/13 17:24:14.0781 2232 Boot type: Normal boot
    2011/06/13 17:24:14.0781 2232 ================================================================================
    2011/06/13 17:24:16.0203 2232 Initialize success
    2011/06/13 17:24:20.0921 1860 ================================================================================
    2011/06/13 17:24:20.0921 1860 Scan started
    2011/06/13 17:24:20.0921 1860 Mode: Manual;
    2011/06/13 17:24:20.0921 1860 ================================================================================
    2011/06/13 17:24:22.0109 1860 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/06/13 17:24:22.0156 1860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/13 17:24:22.0203 1860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/13 17:24:22.0234 1860 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/06/13 17:24:22.0265 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/13 17:24:22.0328 1860 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/13 17:24:22.0343 1860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/06/13 17:24:22.0375 1860 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/06/13 17:24:22.0406 1860 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/06/13 17:24:22.0437 1860 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/06/13 17:24:22.0468 1860 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/06/13 17:24:22.0515 1860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/06/13 17:24:22.0546 1860 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/06/13 17:24:22.0562 1860 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/06/13 17:24:22.0593 1860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/06/13 17:24:22.0640 1860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/13 17:24:22.0671 1860 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/06/13 17:24:22.0687 1860 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/06/13 17:24:22.0718 1860 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/06/13 17:24:22.0781 1860 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/06/13 17:24:22.0843 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/13 17:24:22.0875 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/13 17:24:22.0953 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/13 17:24:22.0984 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/13 17:24:23.0031 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/13 17:24:23.0078 1860 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/06/13 17:24:23.0109 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/13 17:24:23.0140 1860 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/06/13 17:24:23.0187 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/13 17:24:23.0203 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/13 17:24:23.0250 1860 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2011/06/13 17:24:23.0296 1860 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2011/06/13 17:24:23.0312 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/13 17:24:23.0390 1860 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/06/13 17:24:23.0453 1860 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/06/13 17:24:23.0500 1860 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/06/13 17:24:23.0531 1860 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/06/13 17:24:23.0578 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/13 17:24:23.0640 1860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/13 17:24:23.0703 1860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/13 17:24:23.0734 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/13 17:24:23.0796 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/13 17:24:23.0843 1860 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/06/13 17:24:23.0875 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/13 17:24:23.0937 1860 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/06/13 17:24:24.0015 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/13 17:24:24.0062 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/13 17:24:24.0093 1860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/13 17:24:24.0125 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/13 17:24:24.0156 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/13 17:24:24.0187 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/13 17:24:24.0218 1860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/13 17:24:24.0281 1860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/13 17:24:24.0296 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/13 17:24:24.0359 1860 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/06/13 17:24:24.0390 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/13 17:24:24.0453 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/13 17:24:24.0484 1860 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/06/13 17:24:24.0546 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/13 17:24:24.0593 1860 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/06/13 17:24:24.0625 1860 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/06/13 17:24:24.0656 1860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/13 17:24:24.0734 1860 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/06/13 17:24:24.0781 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/13 17:24:24.0828 1860 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/06/13 17:24:24.0968 1860 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/13 17:24:25.0031 1860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/06/13 17:24:25.0062 1860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/13 17:24:25.0109 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/13 17:24:25.0140 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/13 17:24:25.0171 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/13 17:24:25.0218 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/13 17:24:25.0250 1860 IPSec (becc04604fbbd632941e80d4c4780f9b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/13 17:24:25.0250 1860 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: becc04604fbbd632941e80d4c4780f9b, Fake md5: 23c74d75e36e7158768dd63d92789a91
    2011/06/13 17:24:25.0265 1860 IPSec - detected Rootkit.Win32.ZAccess.c (0)
    2011/06/13 17:24:25.0296 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/13 17:24:25.0328 1860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/13 17:24:25.0390 1860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/13 17:24:25.0406 1860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/06/13 17:24:25.0453 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/13 17:24:25.0484 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/13 17:24:25.0687 1860 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2011/06/13 17:24:25.0750 1860 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2011/06/13 17:24:25.0828 1860 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2011/06/13 17:24:25.0890 1860 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/06/13 17:24:25.0937 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/13 17:24:25.0984 1860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/13 17:24:26.0031 1860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/13 17:24:26.0078 1860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/13 17:24:26.0109 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/13 17:24:26.0140 1860 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/06/13 17:24:26.0171 1860 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/06/13 17:24:26.0203 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/13 17:24:26.0265 1860 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/13 17:24:26.0312 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/13 17:24:26.0359 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/13 17:24:26.0390 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/13 17:24:26.0437 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/13 17:24:26.0468 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/13 17:24:26.0500 1860 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/13 17:24:26.0546 1860 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
    2011/06/13 17:24:26.0593 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/13 17:24:26.0609 1860 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/13 17:24:26.0656 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/13 17:24:26.0687 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/13 17:24:26.0750 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/13 17:24:26.0765 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/13 17:24:26.0812 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/13 17:24:26.0890 1860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/06/13 17:24:26.0921 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/13 17:24:26.0968 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/13 17:24:27.0015 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/13 17:24:27.0375 1860 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/06/13 17:24:27.0640 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/13 17:24:27.0671 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/13 17:24:27.0718 1860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/06/13 17:24:27.0734 1860 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2011/06/13 17:24:27.0781 1860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/06/13 17:24:27.0828 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/13 17:24:27.0875 1860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/13 17:24:27.0890 1860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/13 17:24:27.0968 1860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/13 17:24:28.0031 1860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/13 17:24:28.0156 1860 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/06/13 17:24:28.0187 1860 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/06/13 17:24:28.0265 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/13 17:24:28.0312 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/13 17:24:28.0359 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/13 17:24:28.0375 1860 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/13 17:24:28.0406 1860 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/06/13 17:24:28.0437 1860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/06/13 17:24:28.0468 1860 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/06/13 17:24:28.0500 1860 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/06/13 17:24:28.0515 1860 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/06/13 17:24:28.0562 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/13 17:24:28.0593 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/13 17:24:28.0640 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/13 17:24:28.0671 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/13 17:24:28.0734 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/13 17:24:28.0750 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/13 17:24:28.0812 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/13 17:24:28.0875 1860 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/13 17:24:28.0906 1860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/13 17:24:29.0031 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/13 17:24:29.0062 1860 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/13 17:24:29.0109 1860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/13 17:24:29.0125 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/13 17:24:29.0218 1860 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/06/13 17:24:29.0265 1860 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/06/13 17:24:29.0296 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/13 17:24:29.0328 1860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/13 17:24:29.0421 1860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/13 17:24:29.0531 1860 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
    2011/06/13 17:24:29.0578 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/13 17:24:29.0609 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/13 17:24:29.0656 1860 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/06/13 17:24:29.0687 1860 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/06/13 17:24:29.0718 1860 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/06/13 17:24:29.0750 1860 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/06/13 17:24:29.0796 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/13 17:24:29.0875 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/13 17:24:29.0921 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/13 17:24:29.0953 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/13 17:24:30.0000 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/13 17:24:30.0046 1860 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/06/13 17:24:30.0109 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/13 17:24:30.0125 1860 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/06/13 17:24:30.0203 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/13 17:24:30.0296 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/13 17:24:30.0328 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/13 17:24:30.0359 1860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/13 17:24:30.0406 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/13 17:24:30.0468 1860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/13 17:24:30.0500 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/13 17:24:30.0531 1860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/13 17:24:30.0546 1860 Suspicious service (NoAccess): vbmae541
    2011/06/13 17:24:30.0578 1860 vbmae541 (fdb000344f0580d573681ae1d5faecfe) C:\WINDOWS\system32\drivers\vbmae541.sys
    2011/06/13 17:24:30.0578 1860 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmae541.sys. md5: fdb000344f0580d573681ae1d5faecfe
    2011/06/13 17:24:30.0593 1860 vbmae541 - detected LockedService.Multi.Generic (1)
    2011/06/13 17:24:30.0625 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/13 17:24:30.0656 1860 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/06/13 17:24:30.0687 1860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/06/13 17:24:30.0718 1860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/13 17:24:30.0781 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/13 17:24:30.0875 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/13 17:24:31.0046 1860 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
    2011/06/13 17:24:31.0062 1860 ================================================================================
    2011/06/13 17:24:31.0062 1860 Scan finished
    2011/06/13 17:24:31.0062 1860 ================================================================================
    2011/06/13 17:24:31.0093 1300 Detected object count: 2
    2011/06/13 17:24:31.0093 1300 Actual detected object count: 2
    2011/06/13 17:25:59.0500 1300 IPSec (becc04604fbbd632941e80d4c4780f9b) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/13 17:25:59.0500 1300 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: becc04604fbbd632941e80d4c4780f9b, Fake md5: 23c74d75e36e7158768dd63d92789a91
    2011/06/13 17:26:01.0468 1300 Backup copy found, using it..
    2011/06/13 17:26:01.0468 1300 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot
    2011/06/13 17:26:01.0468 1300 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure
    2011/06/13 17:26:01.0468 1300 LockedService.Multi.Generic(vbmae541) - User select action: Skip
    2011/06/13 17:26:07.0031 2244 Deinitialize success
     
    cspgsl,
    #16
  18. 2011/06/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, re-run it one more time.
     
    broni,
    #17
  19. 2011/06/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #18
  20. 2011/06/19
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Sorry, yes, I should have posted. User is away for the weekend. Will get back to them tomorrow
     
    cspgsl,
    #19
  21. 2011/06/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...