Mookie Brown Posted October 20, 2010 ID:330565 Share Posted October 20, 2010 LDTate, thank you for your instructions. I followed them and below is my log:2010/10/20 16:01:38.0191 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:592010/10/20 16:01:38.0191 ================================================================================2010/10/20 16:01:38.0191 SystemInfo:2010/10/20 16:01:38.0191 2010/10/20 16:01:38.0191 OS Version: 5.1.2600 ServicePack: 3.02010/10/20 16:01:38.0191 Product type: Workstation2010/10/20 16:01:38.0191 ComputerName: MCCIL162010/10/20 16:01:38.0191 UserName: jestenson2010/10/20 16:01:38.0191 Windows directory: C:\WINDOWS2010/10/20 16:01:38.0191 System windows directory: C:\WINDOWS2010/10/20 16:01:38.0191 Processor architecture: Intel x862010/10/20 16:01:38.0191 Number of processors: 22010/10/20 16:01:38.0191 Page size: 0x10002010/10/20 16:01:38.0191 Boot type: Normal boot2010/10/20 16:01:38.0191 ================================================================================2010/10/20 16:01:39.0034 Initialize success2010/10/20 16:01:42.0659 ================================================================================2010/10/20 16:01:42.0659 Scan started2010/10/20 16:01:42.0659 Mode: Manual;2010/10/20 16:01:42.0659 ================================================================================2010/10/20 16:01:44.0613 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2010/10/20 16:01:44.0878 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/10/20 16:01:45.0081 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys2010/10/20 16:01:45.0175 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2010/10/20 16:01:45.0253 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/10/20 16:01:45.0331 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/10/20 16:01:45.0425 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/10/20 16:01:45.0566 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2010/10/20 16:01:45.0613 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2010/10/20 16:01:45.0644 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2010/10/20 16:01:45.0691 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2010/10/20 16:01:45.0769 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2010/10/20 16:01:45.0784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2010/10/20 16:01:45.0831 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2010/10/20 16:01:45.0847 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2010/10/20 16:01:45.0941 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS2010/10/20 16:01:45.0988 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/10/20 16:01:46.0050 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2010/10/20 16:01:46.0113 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2010/10/20 16:01:46.0144 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2010/10/20 16:01:46.0175 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/10/20 16:01:46.0222 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/10/20 16:01:46.0269 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/10/20 16:01:46.0347 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys2010/10/20 16:01:46.0425 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/10/20 16:01:46.0456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/10/20 16:01:46.0550 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys2010/10/20 16:01:46.0675 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys2010/10/20 16:01:46.0738 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2010/10/20 16:01:46.0753 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/10/20 16:01:46.0816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2010/10/20 16:01:46.0863 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/10/20 16:01:46.0925 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/10/20 16:01:46.0972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/10/20 16:01:47.0050 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys2010/10/20 16:01:47.0113 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2010/10/20 16:01:47.0206 CnxtHdAudService (d93f3d5a627306b869e83ed035626992) C:\WINDOWS\system32\drivers\CHDAU32.sys2010/10/20 16:01:47.0269 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys2010/10/20 16:01:47.0300 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2010/10/20 16:01:47.0331 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2010/10/20 16:01:47.0363 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2010/10/20 16:01:47.0394 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/10/20 16:01:47.0456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/10/20 16:01:47.0519 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/10/20 16:01:47.0535 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/10/20 16:01:47.0613 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/10/20 16:01:47.0628 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2010/10/20 16:01:47.0675 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/10/20 16:01:47.0706 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys2010/10/20 16:01:47.0863 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys2010/10/20 16:01:47.0956 EraserUtilDrv11010 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys2010/10/20 16:01:48.0019 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/10/20 16:01:48.0081 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys2010/10/20 16:01:48.0113 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/10/20 16:01:48.0144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys2010/10/20 16:01:48.0191 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2010/10/20 16:01:48.0253 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/10/20 16:01:48.0285 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/10/20 16:01:48.0347 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys2010/10/20 16:01:48.0363 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/10/20 16:01:48.0394 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2010/10/20 16:01:48.0456 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys2010/10/20 16:01:48.0535 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/10/20 16:01:48.0581 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2010/10/20 16:01:48.0644 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2010/10/20 16:01:48.0660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2010/10/20 16:01:48.0706 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2010/10/20 16:01:48.0753 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys2010/10/20 16:01:48.0831 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys2010/10/20 16:01:48.0941 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys2010/10/20 16:01:49.0019 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2010/10/20 16:01:49.0066 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2010/10/20 16:01:49.0144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/10/20 16:01:49.0269 ialm (9708071758f388c0ce529b7cb2d04fb2) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys2010/10/20 16:01:49.0472 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: 9708071758f388c0ce529b7cb2d04fb2, Fake md5: f339b2e3a3f63cc14077d614a56a967b2010/10/20 16:01:49.0488 ialm - detected Forged file (1)2010/10/20 16:01:49.0550 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys2010/10/20 16:01:49.0613 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys2010/10/20 16:01:49.0675 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys2010/10/20 16:01:49.0722 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/10/20 16:01:49.0769 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2010/10/20 16:01:49.0800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/10/20 16:01:49.0847 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/10/20 16:01:49.0878 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2010/10/20 16:01:49.0910 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/10/20 16:01:49.0925 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/10/20 16:01:49.0972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/10/20 16:01:50.0003 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/10/20 16:01:50.0019 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/10/20 16:01:50.0050 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/10/20 16:01:50.0113 KAPFA (d4c8c5525e478335cca41b30045dec01) C:\WINDOWS\system32\drivers\KAPFA.SYS2010/10/20 16:01:50.0160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/10/20 16:01:50.0222 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2010/10/20 16:01:50.0300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/10/20 16:01:50.0347 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys2010/10/20 16:01:50.0410 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys2010/10/20 16:01:50.0472 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/10/20 16:01:50.0519 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/10/20 16:01:50.0566 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/10/20 16:01:50.0628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/10/20 16:01:50.0691 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2010/10/20 16:01:50.0722 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/10/20 16:01:50.0800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2010/10/20 16:01:50.0847 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/10/20 16:01:50.0925 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/10/20 16:01:51.0003 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/10/20 16:01:51.0066 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/10/20 16:01:51.0128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/10/20 16:01:51.0160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/10/20 16:01:51.0222 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/10/20 16:01:51.0253 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/10/20 16:01:51.0425 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101019.004\naveng.sys2010/10/20 16:01:51.0472 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101019.004\navex15.sys2010/10/20 16:01:51.0519 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/10/20 16:01:51.0566 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/10/20 16:01:51.0581 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/10/20 16:01:51.0613 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/10/20 16:01:51.0644 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/10/20 16:01:51.0675 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/10/20 16:01:51.0706 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/10/20 16:01:51.0910 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys2010/10/20 16:01:52.0035 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/10/20 16:01:52.0050 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/10/20 16:01:52.0128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/10/20 16:01:52.0191 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/10/20 16:01:52.0238 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/10/20 16:01:52.0269 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/10/20 16:01:52.0285 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/10/20 16:01:52.0331 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys2010/10/20 16:01:52.0363 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/10/20 16:01:52.0394 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/10/20 16:01:52.0425 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/10/20 16:01:52.0472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/10/20 16:01:52.0488 Pcmcia (7b25f3947e2df0fe6750e2da034ce42f) C:\WINDOWS\system32\DRIVERS\pcmcia.sys2010/10/20 16:01:52.0488 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: 7b25f3947e2df0fe6750e2da034ce42f, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c12010/10/20 16:01:52.0503 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)2010/10/20 16:01:52.0613 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2010/10/20 16:01:52.0644 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2010/10/20 16:01:52.0706 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys2010/10/20 16:01:52.0753 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/10/20 16:01:52.0800 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys2010/10/20 16:01:52.0831 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/10/20 16:01:52.0847 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/10/20 16:01:52.0910 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys2010/10/20 16:01:52.0956 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2010/10/20 16:01:53.0003 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2010/10/20 16:01:53.0050 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2010/10/20 16:01:53.0081 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2010/10/20 16:01:53.0097 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2010/10/20 16:01:53.0144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/10/20 16:01:53.0175 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/10/20 16:01:53.0206 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/10/20 16:01:53.0222 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/10/20 16:01:53.0253 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/10/20 16:01:53.0300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/10/20 16:01:53.0331 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/10/20 16:01:53.0378 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/10/20 16:01:53.0425 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/20 16:01:53.0488 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys2010/10/20 16:01:53.0535 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys2010/10/20 16:01:53.0566 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys2010/10/20 16:01:53.0628 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys2010/10/20 16:01:53.0769 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys2010/10/20 16:01:53.0800 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys2010/10/20 16:01:53.0847 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys2010/10/20 16:01:53.0894 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/10/20 16:01:53.0941 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/10/20 16:01:53.0972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/10/20 16:01:54.0019 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys2010/10/20 16:01:54.0035 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys2010/10/20 16:01:54.0066 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/10/20 16:01:54.0144 Shockprf (2108fc5934843e5f346a715e71fa79f9) C:\WINDOWS\system32\DRIVERS\Apsx86.sys2010/10/20 16:01:54.0191 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2010/10/20 16:01:54.0253 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2010/10/20 16:01:54.0363 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys2010/10/20 16:01:54.0441 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/10/20 16:01:54.0503 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/10/20 16:01:54.0550 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys2010/10/20 16:01:54.0628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/10/20 16:01:54.0660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/10/20 16:01:54.0707 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2010/10/20 16:01:54.0753 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2010/10/20 16:01:54.0878 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS2010/10/20 16:01:54.0957 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS2010/10/20 16:01:55.0019 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2010/10/20 16:01:55.0050 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2010/10/20 16:01:55.0113 SynTP (22a3c56e19d665d34f763dd8ce5060ab) C:\WINDOWS\system32\DRIVERS\SynTP.sys2010/10/20 16:01:55.0191 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/10/20 16:01:55.0253 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/10/20 16:01:55.0316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/10/20 16:01:55.0363 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/10/20 16:01:55.0394 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/10/20 16:01:55.0425 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2010/10/20 16:01:55.0488 TPDIGIMN (1282722cf2cc5a88a606b8022d0f8b7e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys2010/10/20 16:01:55.0550 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys2010/10/20 16:01:55.0613 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys2010/10/20 16:01:55.0675 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys2010/10/20 16:01:55.0769 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS2010/10/20 16:01:55.0816 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys2010/10/20 16:01:55.0863 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys2010/10/20 16:01:55.0894 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/10/20 16:01:55.0957 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2010/10/20 16:01:55.0988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/10/20 16:01:56.0050 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys2010/10/20 16:01:56.0113 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/10/20 16:01:56.0144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/10/20 16:01:56.0175 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/10/20 16:01:56.0238 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/10/20 16:01:56.0316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/10/20 16:01:56.0378 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/10/20 16:01:56.0425 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/10/20 16:01:56.0472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/10/20 16:01:56.0550 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2010/10/20 16:01:56.0582 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/10/20 16:01:56.0628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/10/20 16:01:56.0707 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/10/20 16:01:56.0769 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys2010/10/20 16:01:56.0878 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/10/20 16:01:56.0957 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/10/20 16:01:57.0050 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys2010/10/20 16:01:57.0128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/20 16:01:57.0175 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/10/20 16:01:57.0238 ================================================================================2010/10/20 16:01:57.0238 Scan finished2010/10/20 16:01:57.0238 ================================================================================2010/10/20 16:01:57.0238 Detected object count: 22010/10/20 16:02:28.0848 Forged file(ialm) - User select action: Skip2010/10/20 16:02:29.0067 Pcmcia (7b25f3947e2df0fe6750e2da034ce42f) C:\WINDOWS\system32\DRIVERS\pcmcia.sys2010/10/20 16:02:29.0067 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: 7b25f3947e2df0fe6750e2da034ce42f, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c12010/10/20 16:02:36.0926 Backup copy found, using it..2010/10/20 16:02:36.0973 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - will be cured after reboot2010/10/20 16:02:36.0973 Rootkit.Win32.TDSS.tdl3(Pcmcia) - User select action: Cure2010/10/20 16:02:59.0583 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted October 21, 2010 ID:331042 Share Posted October 21, 2010 Can you run MBAM and post the results?Please don't attach the scan results, use Copy/PasteAlso please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
LDTate Posted October 25, 2010 ID:333720 Share Posted October 25, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts