Jump to content

Rootkit that won't go away!


Recommended Posts

Hello, I am in need of help with a rootkit problem that just won't go away. Not sure if it is 0access or something else but Malwarebytes is useless against it and TDSSkiller can't seem to clean in entirely. Please help me. Here is the TDSSkiller log and Malwarebytes log:

14:50:31.0328 3580 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

14:50:33.0328 3580 ============================================================

14:50:33.0328 3580 Current date / time: 2012/05/04 14:50:33.0328

14:50:33.0328 3580 SystemInfo:

14:50:33.0328 3580

14:50:33.0328 3580 OS Version: 5.1.2600 ServicePack: 3.0

14:50:33.0328 3580 Product type: Workstation

14:50:33.0328 3580 ComputerName: DELL-F68667BFA2

14:50:33.0328 3580 UserName: Administrator

14:50:33.0328 3580 Windows directory: C:\WINDOWS

14:50:33.0328 3580 System windows directory: C:\WINDOWS

14:50:33.0328 3580 Processor architecture: Intel x86

14:50:33.0328 3580 Number of processors: 2

14:50:33.0328 3580 Page size: 0x1000

14:50:33.0328 3580 Boot type: Normal boot

14:50:33.0328 3580 ============================================================

14:50:35.0906 3580 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:50:35.0921 3580 Drive \Device\Harddisk1\DR2 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:50:35.0921 3580 ============================================================

14:50:35.0921 3580 \Device\Harddisk0\DR0:

14:50:35.0921 3580 MBR partitions:

14:50:35.0921 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F

14:50:35.0921 3580 \Device\Harddisk1\DR2:

14:50:35.0921 3580 MBR partitions:

14:50:35.0921 3580 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x1E9E52

14:50:35.0921 3580 ============================================================

14:50:35.0937 3580 C: <-> \Device\Harddisk0\DR0\Partition0

14:50:35.0937 3580 ============================================================

14:50:35.0937 3580 Initialize success

14:50:35.0937 3580 ============================================================

14:50:38.0390 2508 ============================================================

14:50:38.0390 2508 Scan started

14:50:38.0390 2508 Mode: Manual;

14:50:38.0390 2508 ============================================================

14:50:39.0093 2508 Abiosdsk - ok

14:50:39.0109 2508 abp480n5 - ok

14:50:39.0156 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:50:39.0171 2508 ACPI - ok

14:50:39.0203 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:50:39.0203 2508 ACPIEC - ok

14:50:39.0265 2508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:50:39.0281 2508 AdobeFlashPlayerUpdateSvc - ok

14:50:39.0281 2508 adpu160m - ok

14:50:39.0312 2508 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

14:50:39.0328 2508 aeaudio - ok

14:50:39.0343 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:50:39.0343 2508 aec - ok

14:50:39.0468 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:50:39.0500 2508 AFD - ok

14:50:39.0765 2508 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

14:50:39.0781 2508 AffinegyService - ok

14:50:39.0796 2508 AFGMp50 - ok

14:50:39.0812 2508 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys

14:50:39.0812 2508 AFGSp50 - ok

14:50:39.0812 2508 Aha154x - ok

14:50:39.0828 2508 aic78u2 - ok

14:50:39.0828 2508 aic78xx - ok

14:50:39.0859 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

14:50:39.0859 2508 Alerter - ok

14:50:39.0875 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

14:50:39.0890 2508 ALG - ok

14:50:39.0890 2508 AliIde - ok

14:50:39.0890 2508 amsint - ok

14:50:39.0921 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

14:50:39.0937 2508 AppMgmt - ok

14:50:39.0937 2508 asc - ok

14:50:39.0937 2508 asc3350p - ok

14:50:39.0953 2508 asc3550 - ok

14:50:39.0984 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:50:39.0984 2508 AsyncMac - ok

14:50:40.0015 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:50:40.0015 2508 atapi - ok

14:50:40.0015 2508 Atdisk - ok

14:50:40.0046 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:50:40.0046 2508 Atmarpc - ok

14:50:40.0078 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

14:50:40.0078 2508 AudioSrv - ok

14:50:40.0109 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:50:40.0109 2508 audstub - ok

14:50:40.0156 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:50:40.0156 2508 Beep - ok

14:50:40.0203 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

14:50:40.0250 2508 BITS - ok

14:50:40.0281 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

14:50:40.0281 2508 Browser - ok

14:50:40.0375 2508 catchme - ok

14:50:40.0421 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:50:40.0421 2508 cbidf2k - ok

14:50:40.0421 2508 cd20xrnt - ok

14:50:40.0468 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:50:40.0468 2508 Cdaudio - ok

14:50:40.0500 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:50:40.0500 2508 Cdfs - ok

14:50:40.0546 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:50:40.0546 2508 Cdrom - ok

14:50:40.0546 2508 cerc6 - ok

14:50:40.0562 2508 Changer - ok

14:50:40.0578 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

14:50:40.0578 2508 CiSvc - ok

14:50:40.0593 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

14:50:40.0609 2508 ClipSrv - ok

14:50:40.0609 2508 CmdIde - ok

14:50:40.0609 2508 COMSysApp - ok

14:50:40.0625 2508 Cpqarray - ok

14:50:40.0656 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

14:50:40.0671 2508 CryptSvc - ok

14:50:40.0671 2508 dac2w2k - ok

14:50:40.0671 2508 dac960nt - ok

14:50:40.0734 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

14:50:40.0750 2508 DcomLaunch - ok

14:50:40.0796 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

14:50:40.0796 2508 Dhcp - ok

14:50:40.0812 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:50:40.0812 2508 Disk - ok

14:50:40.0828 2508 dmadmin - ok

14:50:40.0906 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:50:40.0921 2508 dmboot - ok

14:50:40.0968 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:50:40.0968 2508 dmio - ok

14:50:40.0984 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:50:40.0984 2508 dmload - ok

14:50:41.0015 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

14:50:41.0015 2508 dmserver - ok

14:50:41.0046 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:50:41.0062 2508 DMusic - ok

14:50:41.0093 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

14:50:41.0093 2508 Dnscache - ok

14:50:41.0140 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

14:50:41.0140 2508 Dot3svc - ok

14:50:41.0140 2508 dpti2o - ok

14:50:41.0171 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:50:41.0171 2508 drmkaud - ok

14:50:41.0218 2508 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

14:50:41.0218 2508 E100B - ok

14:50:41.0250 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

14:50:41.0250 2508 EapHost - ok

14:50:41.0265 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

14:50:41.0265 2508 ERSvc - ok

14:50:41.0312 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:50:41.0343 2508 Eventlog - ok

14:50:41.0406 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

14:50:41.0406 2508 EventSystem - ok

14:50:41.0468 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:50:41.0468 2508 Fastfat - ok

14:50:41.0515 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:50:41.0531 2508 FastUserSwitchingCompatibility - ok

14:50:41.0578 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:50:41.0578 2508 Fdc - ok

14:50:41.0578 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:50:41.0578 2508 Fips - ok

14:50:41.0625 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:50:41.0625 2508 Flpydisk - ok

14:50:41.0656 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:50:41.0671 2508 FltMgr - ok

14:50:41.0703 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:50:41.0703 2508 Fs_Rec - ok

14:50:41.0734 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:50:41.0734 2508 Ftdisk - ok

14:50:41.0750 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:50:41.0750 2508 Gpc - ok

14:50:41.0828 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:50:41.0828 2508 helpsvc - ok

14:50:41.0859 2508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

14:50:41.0859 2508 HidServ - ok

14:50:41.0906 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:50:41.0906 2508 hidusb - ok

14:50:41.0937 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

14:50:41.0937 2508 hkmsvc - ok

14:50:41.0937 2508 hpn - ok

14:50:42.0000 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:50:42.0000 2508 HTTP - ok

14:50:42.0046 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

14:50:42.0046 2508 HTTPFilter - ok

14:50:42.0046 2508 i2omgmt - ok

14:50:42.0062 2508 i2omp - ok

14:50:42.0093 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

14:50:42.0093 2508 i8042prt - ok

14:50:42.0171 2508 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

14:50:42.0187 2508 ialm - ok

14:50:42.0234 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:50:42.0234 2508 Imapi - ok

14:50:42.0265 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

14:50:42.0281 2508 ImapiService - ok

14:50:42.0296 2508 ini910u - ok

14:50:42.0312 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:50:42.0312 2508 IntelIde - ok

14:50:42.0359 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:50:42.0359 2508 intelppm - ok

14:50:42.0437 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:50:42.0437 2508 Ip6Fw - ok

14:50:42.0468 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:50:42.0468 2508 IpFilterDriver - ok

14:50:42.0484 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:50:42.0484 2508 IpInIp - ok

14:50:42.0500 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:50:42.0515 2508 IpNat - ok

14:50:42.0562 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:50:42.0562 2508 IPSec - ok

14:50:42.0609 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:50:42.0609 2508 IRENUM - ok

14:50:42.0656 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:50:42.0656 2508 isapnp - ok

14:50:42.0734 2508 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe

14:50:42.0750 2508 JavaQuickStarterService - ok

14:50:42.0796 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:50:42.0796 2508 Kbdclass - ok

14:50:42.0828 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:50:42.0828 2508 kbdhid - ok

14:50:42.0859 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:50:42.0859 2508 kmixer - ok

14:50:42.0906 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:50:42.0906 2508 KSecDD - ok

14:50:42.0968 2508 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

14:50:42.0968 2508 LanmanServer - ok

14:50:43.0015 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

14:50:43.0031 2508 lanmanworkstation - ok

14:50:43.0031 2508 lbrtfdc - ok

14:50:43.0078 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

14:50:43.0078 2508 LmHosts - ok

14:50:43.0156 2508 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe

14:50:43.0171 2508 McciCMService - ok

14:50:43.0203 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

14:50:43.0203 2508 Messenger - ok

14:50:43.0234 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:50:43.0234 2508 mnmdd - ok

14:50:43.0281 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

14:50:43.0281 2508 mnmsrvc - ok

14:50:43.0328 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:50:43.0328 2508 Modem - ok

14:50:43.0375 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:50:43.0375 2508 Mouclass - ok

14:50:43.0406 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:50:43.0406 2508 mouhid - ok

14:50:43.0406 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:50:43.0406 2508 MountMgr - ok

14:50:43.0421 2508 mraid35x - ok

14:50:43.0421 2508 MREMPR5 - ok

14:50:43.0437 2508 MRENDIS5 - ok

14:50:43.0437 2508 MRESP50 - ok

14:50:43.0453 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:50:43.0453 2508 MRxDAV - ok

14:50:43.0484 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

14:50:43.0484 2508 MSDTC - ok

14:50:43.0531 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:50:43.0531 2508 Msfs - ok

14:50:43.0531 2508 MSIServer - ok

14:50:43.0593 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:50:43.0593 2508 MSKSSRV - ok

14:50:43.0609 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:50:43.0609 2508 MSPCLOCK - ok

14:50:43.0625 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:50:43.0625 2508 MSPQM - ok

14:50:43.0656 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:50:43.0656 2508 mssmbios - ok

14:50:43.0687 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:50:43.0703 2508 Mup - ok

14:50:43.0750 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

14:50:43.0765 2508 napagent - ok

14:50:43.0796 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:50:43.0796 2508 NDIS - ok

14:50:43.0843 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:50:43.0843 2508 NdisTapi - ok

14:50:43.0875 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:50:43.0875 2508 Ndisuio - ok

14:50:43.0921 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:50:43.0921 2508 NdisWan - ok

14:50:43.0968 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:50:43.0968 2508 NDProxy - ok

14:50:44.0015 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:50:44.0015 2508 NetBIOS - ok

14:50:44.0031 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:50:44.0031 2508 NetBT - ok

14:50:44.0078 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:50:44.0093 2508 NetDDE - ok

14:50:44.0093 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:50:44.0093 2508 NetDDEdsdm - ok

14:50:44.0125 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:50:44.0125 2508 Netlogon - ok

14:50:44.0171 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

14:50:44.0187 2508 Netman - ok

14:50:44.0234 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

14:50:44.0250 2508 Nla - ok

14:50:44.0296 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:50:44.0296 2508 Npfs - ok

14:50:44.0359 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:50:44.0375 2508 Ntfs - ok

14:50:44.0375 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:50:44.0390 2508 NtLmSsp - ok

14:50:44.0453 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

14:50:44.0468 2508 NtmsSvc - ok

14:50:44.0500 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:50:44.0500 2508 Null - ok

14:50:44.0546 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:50:44.0546 2508 NwlnkFlt - ok

14:50:44.0578 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:50:44.0578 2508 NwlnkFwd - ok

14:50:44.0640 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:50:44.0640 2508 Parport - ok

14:50:44.0671 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:50:44.0687 2508 PartMgr - ok

14:50:44.0718 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:50:44.0718 2508 ParVdm - ok

14:50:44.0750 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:50:44.0750 2508 PCI - ok

14:50:44.0750 2508 PCIDump - ok

14:50:44.0750 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:50:44.0765 2508 PCIIde - ok

14:50:44.0781 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:50:44.0796 2508 Pcmcia - ok

14:50:44.0796 2508 PDCOMP - ok

14:50:44.0796 2508 PDFRAME - ok

14:50:44.0812 2508 PDRELI - ok

14:50:44.0812 2508 PDRFRAME - ok

14:50:44.0828 2508 perc2 - ok

14:50:44.0828 2508 perc2hib - ok

14:50:44.0890 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:50:44.0890 2508 PlugPlay - ok

14:50:44.0890 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:50:44.0890 2508 PolicyAgent - ok

14:50:44.0937 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:50:44.0937 2508 PptpMiniport - ok

14:50:44.0937 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:50:44.0937 2508 ProtectedStorage - ok

14:50:44.0953 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:50:44.0953 2508 PSched - ok

14:50:45.0000 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:50:45.0000 2508 Ptilink - ok

14:50:45.0000 2508 ql1080 - ok

14:50:45.0015 2508 Ql10wnt - ok

14:50:45.0015 2508 ql12160 - ok

14:50:45.0015 2508 ql1240 - ok

14:50:45.0031 2508 ql1280 - ok

14:50:45.0046 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:50:45.0046 2508 RasAcd - ok

14:50:45.0078 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

14:50:45.0078 2508 RasAuto - ok

14:50:45.0109 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:50:45.0109 2508 Rasl2tp - ok

14:50:45.0140 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

14:50:45.0140 2508 RasMan - ok

14:50:45.0156 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:50:45.0171 2508 RasPppoe - ok

14:50:45.0171 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:50:45.0171 2508 Raspti - ok

14:50:45.0218 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:50:45.0234 2508 Rdbss - ok

14:50:45.0234 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:50:45.0234 2508 RDPCDD - ok

14:50:45.0281 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:50:45.0296 2508 rdpdr - ok

14:50:45.0359 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

14:50:45.0359 2508 RDPWD - ok

14:50:45.0406 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

14:50:45.0421 2508 RDSessMgr - ok

14:50:45.0453 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:50:45.0453 2508 redbook - ok

14:50:45.0484 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

14:50:45.0500 2508 RemoteAccess - ok

14:50:45.0531 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

14:50:45.0531 2508 RemoteRegistry - ok

14:50:45.0562 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

14:50:45.0562 2508 RpcLocator - ok

14:50:45.0640 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

14:50:45.0656 2508 RpcSs - ok

14:50:45.0687 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

14:50:45.0703 2508 RSVP - ok

14:50:45.0734 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:50:45.0734 2508 SamSs - ok

14:50:45.0781 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

14:50:45.0781 2508 SCardSvr - ok

14:50:45.0828 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

14:50:45.0843 2508 Schedule - ok

14:50:45.0843 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:50:45.0859 2508 Secdrv - ok

14:50:45.0890 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

14:50:45.0890 2508 seclogon - ok

14:50:45.0906 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

14:50:45.0906 2508 SENS - ok

14:50:45.0953 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:50:45.0953 2508 serenum - ok

14:50:45.0953 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:50:45.0953 2508 Serial - ok

14:50:45.0968 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:50:45.0968 2508 Sfloppy - ok

14:50:46.0031 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

14:50:46.0046 2508 SharedAccess - ok

14:50:46.0078 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:50:46.0078 2508 ShellHWDetection - ok

14:50:46.0078 2508 Simbad - ok

14:50:46.0140 2508 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys

14:50:46.0171 2508 smwdm - ok

14:50:46.0171 2508 Sparrow - ok

14:50:46.0187 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:50:46.0187 2508 splitter - ok

14:50:46.0234 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

14:50:46.0234 2508 Spooler - ok

14:50:46.0281 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:50:46.0281 2508 sr - ok

14:50:46.0296 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

14:50:46.0312 2508 srservice - ok

14:50:46.0359 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:50:46.0375 2508 Srv - ok

14:50:46.0421 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

14:50:46.0421 2508 SSDPSRV - ok

14:50:46.0484 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

14:50:46.0500 2508 stisvc - ok

14:50:46.0546 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:50:46.0546 2508 swenum - ok

14:50:46.0593 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:50:46.0593 2508 swmidi - ok

14:50:46.0609 2508 SwPrv - ok

14:50:46.0609 2508 symc810 - ok

14:50:46.0625 2508 symc8xx - ok

14:50:46.0625 2508 sym_hi - ok

14:50:46.0640 2508 sym_u3 - ok

14:50:46.0671 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:50:46.0671 2508 sysaudio - ok

14:50:46.0703 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

14:50:46.0718 2508 SysmonLog - ok

14:50:46.0765 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

14:50:46.0781 2508 TapiSrv - ok

14:50:46.0843 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:50:46.0859 2508 Tcpip - ok

14:50:46.0906 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:50:46.0906 2508 TDPIPE - ok

14:50:46.0921 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:50:46.0921 2508 TDTCP - ok

14:50:46.0937 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:50:46.0937 2508 TermDD - ok

14:50:46.0984 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

14:50:47.0000 2508 TermService - ok

14:50:47.0031 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:50:47.0046 2508 Themes - ok

14:50:47.0078 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

14:50:47.0078 2508 TlntSvr - ok

14:50:47.0078 2508 TosIde - ok

14:50:47.0125 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

14:50:47.0125 2508 TrkWks - ok

14:50:47.0140 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:50:47.0140 2508 Udfs - ok

14:50:47.0140 2508 ultra - ok

14:50:47.0203 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:50:47.0218 2508 Update - ok

14:50:47.0265 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

14:50:47.0281 2508 upnphost - ok

14:50:47.0296 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

14:50:47.0296 2508 UPS - ok

14:50:47.0343 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:50:47.0343 2508 usbccgp - ok

14:50:47.0390 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:50:47.0390 2508 usbehci - ok

14:50:47.0437 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:50:47.0437 2508 usbhub - ok

14:50:47.0484 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:50:47.0484 2508 USBSTOR - ok

14:50:47.0515 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:50:47.0515 2508 usbuhci - ok

14:50:47.0515 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:50:47.0531 2508 VgaSave - ok

14:50:47.0531 2508 ViaIde - ok

14:50:47.0562 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:50:47.0562 2508 VolSnap - ok

14:50:47.0625 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

14:50:47.0671 2508 VSS - ok

14:50:47.0718 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

14:50:47.0734 2508 W32Time - ok

14:50:47.0765 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:50:47.0781 2508 Wanarp - ok

14:50:47.0781 2508 WDICA - ok

14:50:47.0828 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:50:47.0828 2508 wdmaud - ok

14:50:47.0843 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

14:50:47.0843 2508 WebClient - ok

14:50:47.0921 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

14:50:47.0921 2508 winmgmt - ok

14:50:47.0968 2508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

14:50:47.0968 2508 WmdmPmSN - ok

14:50:48.0031 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

14:50:48.0062 2508 Wmi - ok

14:50:48.0109 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:50:48.0109 2508 WmiApSrv - ok

14:50:48.0265 2508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

14:50:48.0281 2508 WMPNetworkSvc - ok

14:50:48.0343 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:50:48.0343 2508 WS2IFSL - ok

14:50:48.0390 2508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

14:50:48.0390 2508 wscsvc - ok

14:50:48.0437 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

14:50:48.0437 2508 wuauserv - ok

14:50:48.0484 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:50:48.0484 2508 WudfPf - ok

14:50:48.0515 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:50:48.0515 2508 WudfRd - ok

14:50:48.0546 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

14:50:48.0546 2508 WudfSvc - ok

14:50:48.0625 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

14:50:48.0656 2508 WZCSVC - ok

14:50:48.0687 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

14:50:48.0703 2508 xmlprov - ok

14:50:48.0796 2508 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

14:50:48.0812 2508 YahooAUService - ok

14:50:48.0843 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:50:49.0062 2508 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning

14:50:49.0062 2508 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)

14:50:49.0062 2508 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2

14:51:02.0406 2508 \Device\Harddisk1\DR2 - ok

14:51:02.0421 2508 Boot (0x1200) (3bd81cf09614750ef348b6d1e704e296) \Device\Harddisk0\DR0\Partition0

14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - infected

14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 - detected Rootkit.Boot.Cidox.b (0)

14:51:02.0421 2508 Boot (0x1200) (a6658a23e6d69224c6aae2da45606274) \Device\Harddisk1\DR2\Partition0

14:51:02.0437 2508 \Device\Harddisk1\DR2\Partition0 - ok

14:51:02.0437 2508 ============================================================

14:51:02.0437 2508 Scan finished

14:51:02.0437 2508 ============================================================

14:51:02.0437 1484 Detected object count: 2

14:51:02.0437 1484 Actual detected object count: 2

14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user

14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

14:51:50.0984 1484 \Device\Harddisk0\DR0\Partition0 - copied to quarantine

14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot

14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 - ok

14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - User select action: Cure

14:57:09.0578 2524 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.04.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: DELL-F68667BFA2 [administrator]

5/4/2012 2:57:49 PM

mbam-log-2012-05-04 (14-57-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 176224

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Welcome to the forum.....please don't run any other tools!!!

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.