Jump to content

Recommended Posts

Hi,

I have the problem that most people seem to be having trouble with. I am working with an xp machine and whenever I start it up it comes up with 'themed32.dll was not found' etc. It comes up with the wallpaper but no proper desktop or start menu. It won't start in any of the safe modes either. I can start task manager and I can work with any of the programmes that don't need windows. I can't connect to the internet though and I don't have access to the windows cd/dvd for the system.

Please help, Thanks.

Link to post
Share on other sites

  • Replies 149
  • Created
  • Last Reply

Top Posters In This Topic

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

I have restarted my system but nothing seems to have changed. I have some threats stored in my quarantine in MBAM. The scan I've just done came up with nothing so these must be from a scan I had done before the problem started. I was wondering if I should delete them but I didn't want to do anything before consulting you.

Link to post
Share on other sites

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

Contents of log:

2010/10/29 19:06:09.0625 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49

2010/10/29 19:06:09.0625 ================================================================================

2010/10/29 19:06:09.0625 SystemInfo:

2010/10/29 19:06:09.0625

2010/10/29 19:06:09.0625 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/29 19:06:09.0625 Product type: Workstation

2010/10/29 19:06:09.0625 ComputerName: A11518

2010/10/29 19:06:09.0625 UserName: standalone

2010/10/29 19:06:09.0625 Windows directory: C:\WINNT

2010/10/29 19:06:09.0625 System windows directory: C:\WINNT

2010/10/29 19:06:09.0625 Processor architecture: Intel x86

2010/10/29 19:06:09.0625 Number of processors: 1

2010/10/29 19:06:09.0625 Page size: 0x1000

2010/10/29 19:06:09.0625 Boot type: Normal boot

2010/10/29 19:06:09.0625 ================================================================================

2010/10/29 19:06:10.0046 Initialize success

2010/10/29 19:06:11.0453 ================================================================================

2010/10/29 19:06:11.0453 Scan started

2010/10/29 19:06:11.0453 Mode: Manual;

2010/10/29 19:06:11.0453 ================================================================================

2010/10/29 19:06:12.0812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys

2010/10/29 19:06:13.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys

2010/10/29 19:06:13.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys

2010/10/29 19:06:13.0609 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINNT\system32\DRIVERS\AegisP.sys

2010/10/29 19:06:13.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys

2010/10/29 19:06:14.0515 ALCXWDM (49899bb0ccc162fe6e2368ee93992950) C:\WINNT\system32\drivers\ALCXWDM.SYS

2010/10/29 19:06:15.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys

2010/10/29 19:06:15.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys

2010/10/29 19:06:16.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys

2010/10/29 19:06:16.0203 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys

2010/10/29 19:06:16.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys

2010/10/29 19:06:16.0625 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINNT\system32\DRIVERS\BthEnum.sys

2010/10/29 19:06:16.0796 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINNT\system32\DRIVERS\bthmodem.sys

2010/10/29 19:06:17.0000 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINNT\system32\DRIVERS\bthpan.sys

2010/10/29 19:06:17.0140 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINNT\system32\Drivers\BTHport.sys

2010/10/29 19:06:17.0390 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINNT\system32\Drivers\BTHUSB.sys

2010/10/29 19:06:17.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys

2010/10/29 19:06:17.0859 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINNT\system32\DRIVERS\CCDECODE.sys

2010/10/29 19:06:18.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys

2010/10/29 19:06:18.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys

2010/10/29 19:06:18.0546 Cdr4_2K (8c16b67896f420b2466e9e455badeda2) C:\WINNT\system32\drivers\Cdr4_2K.sys

2010/10/29 19:06:18.0843 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINNT\system32\drivers\Cdr4_xp.sys

2010/10/29 19:06:19.0000 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINNT\system32\drivers\Cdralw2k.sys

2010/10/29 19:06:19.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys

2010/10/29 19:06:19.0484 cdudf_xp (12ef582188f1898680475c5e134dd990) C:\WINNT\system32\drivers\cdudf_xp.sys

2010/10/29 19:06:20.0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys

2010/10/29 19:06:21.0046 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys

2010/10/29 19:06:21.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\DRIVERS\dmio.sys

2010/10/29 19:06:21.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys

2010/10/29 19:06:21.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys

2010/10/29 19:06:22.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys

2010/10/29 19:06:22.0187 DVDVRRdr_xp (2558e60db696a8c6276654784cc3821a) C:\WINNT\system32\drivers\DVDVRRdr_xp.sys

2010/10/29 19:06:22.0343 dvd_2K (4834934cf2617547b60932382fe286ac) C:\WINNT\system32\drivers\dvd_2K.sys

2010/10/29 19:06:22.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys

2010/10/29 19:06:23.0015 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys

2010/10/29 19:06:23.0171 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys

2010/10/29 19:06:23.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys

2010/10/29 19:06:23.0734 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys

2010/10/29 19:06:23.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys

2010/10/29 19:06:24.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys

2010/10/29 19:06:24.0250 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys

2010/10/29 19:06:24.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys

2010/10/29 19:06:24.0671 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys

2010/10/29 19:06:25.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys

2010/10/29 19:06:25.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys

2010/10/29 19:06:25.0625 ialm (8afbda54d93d3c14fd8686bc2f2e2e18) C:\WINNT\system32\DRIVERS\ialmnt5.sys

2010/10/29 19:06:25.0859 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys

2010/10/29 19:06:26.0171 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys

2010/10/29 19:06:26.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys

2010/10/29 19:06:26.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys

2010/10/29 19:06:26.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys

2010/10/29 19:06:26.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys

2010/10/29 19:06:27.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys

2010/10/29 19:06:27.0296 IPSEC (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys

2010/10/29 19:06:27.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys

2010/10/29 19:06:27.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys

2010/10/29 19:06:28.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys

2010/10/29 19:06:28.0406 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys

2010/10/29 19:06:28.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys

2010/10/29 19:06:29.0328 mmc_2K (3e34e2f98bf936a70d513e0cfb091c78) C:\WINNT\system32\drivers\mmc_2K.sys

2010/10/29 19:06:29.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys

2010/10/29 19:06:29.0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys

2010/10/29 19:06:30.0000 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINNT\system32\drivers\MODEMCSA.sys

2010/10/29 19:06:30.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys

2010/10/29 19:06:30.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys

2010/10/29 19:06:30.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys

2010/10/29 19:06:30.0843 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINNT\system32\DRIVERS\MPE.sys

2010/10/29 19:06:31.0281 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys

2010/10/29 19:06:31.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys

2010/10/29 19:06:31.0687 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys

2010/10/29 19:06:31.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys

2010/10/29 19:06:32.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys

2010/10/29 19:06:32.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys

2010/10/29 19:06:32.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys

2010/10/29 19:06:32.0828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINNT\system32\drivers\MSTEE.sys

2010/10/29 19:06:33.0046 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINNT\system32\DRIVERS\Mtlmnt5.sys

2010/10/29 19:06:33.0281 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINNT\system32\DRIVERS\Mtlstrm.sys

2010/10/29 19:06:33.0859 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys

2010/10/29 19:06:34.0156 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINNT\system32\DRIVERS\NABTSFEC.sys

2010/10/29 19:06:34.0468 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100612.003\naveng.sys

2010/10/29 19:06:34.0765 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100612.003\navex15.sys

2010/10/29 19:06:35.0109 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys

2010/10/29 19:06:35.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys

2010/10/29 19:06:35.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys

2010/10/29 19:06:35.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys

2010/10/29 19:06:36.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINNT\system32\drivers\NDProxy.sys

2010/10/29 19:06:36.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys

2010/10/29 19:06:36.0812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys

2010/10/29 19:06:37.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys

2010/10/29 19:06:37.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys

2010/10/29 19:06:37.0531 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINNT\system32\DRIVERS\NtMtlFax.sys

2010/10/29 19:06:37.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys

2010/10/29 19:06:37.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys

2010/10/29 19:06:37.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys

2010/10/29 19:06:38.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys

2010/10/29 19:06:38.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys

2010/10/29 19:06:38.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys

2010/10/29 19:06:38.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys

2010/10/29 19:06:39.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys

2010/10/29 19:06:39.0265 Pcmcia (7af1893a254deccaa6e73385e2d0e6a0) C:\WINNT\system32\DRIVERS\pcmcia.sys

2010/10/29 19:06:39.0265 Suspicious file (Forged): C:\WINNT\system32\DRIVERS\pcmcia.sys. Real md5: 7af1893a254deccaa6e73385e2d0e6a0, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1

2010/10/29 19:06:39.0312 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/10/29 19:06:40.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys

2010/10/29 19:06:40.0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys

2010/10/29 19:06:40.0453 pwd_2k (9a207ca02f1395e06b953c228458e7b8) C:\WINNT\system32\drivers\pwd_2k.sys

2010/10/29 19:06:40.0625 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINNT\system32\Drivers\PxHelp20.sys

2010/10/29 19:06:41.0484 RapportKELL (915b82d664cd38743a59b3a3524a5d3a) C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys

2010/10/29 19:06:41.0593 RapportPG (25f126fdd8df81a71ff518c914055cd8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2010/10/29 19:06:41.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys

2010/10/29 19:06:41.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys

2010/10/29 19:06:42.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys

2010/10/29 19:06:42.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys

2010/10/29 19:06:42.0781 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys

2010/10/29 19:06:43.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys

2010/10/29 19:06:43.0250 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys

2010/10/29 19:06:43.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys

2010/10/29 19:06:43.0718 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINNT\system32\DRIVERS\RecAgent.sys

2010/10/29 19:06:43.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys

2010/10/29 19:06:44.0109 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINNT\system32\DRIVERS\rfcomm.sys

2010/10/29 19:06:44.0359 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINNT\system32\DRIVERS\rt73.sys

2010/10/29 19:06:44.0531 rtl8139 (6beea3c367342f4b459828868fa4ad9d) C:\WINNT\system32\DRIVERS\R8139n5.SYS

2010/10/29 19:06:44.0750 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/10/29 19:06:44.0828 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/10/29 19:06:45.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys

2010/10/29 19:06:45.0421 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys

2010/10/29 19:06:45.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys

2010/10/29 19:06:45.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys

2010/10/29 19:06:46.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINNT\system32\DRIVERS\SLIP.sys

2010/10/29 19:06:46.0562 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINNT\system32\DRIVERS\slntamr.sys

2010/10/29 19:06:46.0734 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINNT\system32\DRIVERS\Slnthal.sys

2010/10/29 19:06:46.0937 SlWdmSup (3b4a3b282f62fe5d75127d22b26909ed) C:\WINNT\system32\DRIVERS\SlWdmSup.sys

2010/10/29 19:06:47.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys

2010/10/29 19:06:47.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys

2010/10/29 19:06:47.0640 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINNT\system32\DRIVERS\srv.sys

2010/10/29 19:06:47.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINNT\system32\DRIVERS\StreamIP.sys

2010/10/29 19:06:48.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys

2010/10/29 19:06:48.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys

2010/10/29 19:06:48.0359 swvcgxpo (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINNT\system32\drivers\gsmlem.sys

2010/10/29 19:06:49.0000 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/29 19:06:49.0234 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINNT\System32\Drivers\SYMREDRV.SYS

2010/10/29 19:06:49.0437 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINNT\System32\Drivers\SYMTDI.SYS

2010/10/29 19:06:49.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys

2010/10/29 19:06:50.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys

2010/10/29 19:06:50.0250 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys

2010/10/29 19:06:50.0390 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys

2010/10/29 19:06:50.0562 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys

2010/10/29 19:06:51.0187 UdfReadr_xp (f9e26676e818a7c5cd8f1517b67268d9) C:\WINNT\system32\drivers\UdfReadr_xp.sys

2010/10/29 19:06:51.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys

2010/10/29 19:06:51.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys

2010/10/29 19:06:52.0093 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINNT\system32\Drivers\usbaapl.sys

2010/10/29 19:06:52.0343 usbaudio (e919708db44ed8543a7c017953148330) C:\WINNT\system32\drivers\usbaudio.sys

2010/10/29 19:06:52.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys

2010/10/29 19:06:52.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys

2010/10/29 19:06:53.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys

2010/10/29 19:06:53.0343 usbhub20 (b0205d19ba25ca654810d0aed04496a8) C:\WINNT\system32\DRIVERS\usbhub20.sys

2010/10/29 19:06:53.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys

2010/10/29 19:06:53.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys

2010/10/29 19:06:54.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS

2010/10/29 19:06:54.0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys

2010/10/29 19:06:54.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys

2010/10/29 19:06:54.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys

2010/10/29 19:06:55.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys

2010/10/29 19:06:55.0453 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINNT\system32\DRIVERS\wceusbsh.sys

2010/10/29 19:06:55.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys

2010/10/29 19:06:56.0171 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINNT\system32\DRIVERS\wpdusb.sys

2010/10/29 19:06:56.0593 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS

2010/10/29 19:06:56.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys

2010/10/29 19:06:57.0000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys

2010/10/29 19:06:57.0265 {5C8B2B62-A385-11d5-A78B-00104B672758} (69e2337bebf476d4c783b956e2a3e34e) C:\WINNT\system32\drivers\A311.sys

2010/10/29 19:06:57.0421 {5C8B2B65-A385-11d5-A78B-00104B672758} (d51176fd2df58b60fd0201bbe04c1201) C:\WINNT\system32\drivers\A310.sys

2010/10/29 19:06:57.0562 {6080A529-897E-4629-A488-ABA0C29B635E} (9cc9bf9961726eeabb9ee70b80a7741f) C:\WINNT\system32\drivers\ialmsbw.sys

2010/10/29 19:06:57.0812 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9e23f50a94da9d2958465853c0b9cde6) C:\WINNT\system32\drivers\ialmkchw.sys

2010/10/29 19:06:58.0250 ================================================================================

2010/10/29 19:06:58.0250 Scan finished

2010/10/29 19:06:58.0250 ================================================================================

2010/10/29 19:06:58.0343 Detected object count: 1

2010/10/29 19:07:13.0156 Pcmcia (7af1893a254deccaa6e73385e2d0e6a0) C:\WINNT\system32\DRIVERS\pcmcia.sys

2010/10/29 19:07:13.0156 Suspicious file (Forged): C:\WINNT\system32\DRIVERS\pcmcia.sys. Real md5: 7af1893a254deccaa6e73385e2d0e6a0, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1

2010/10/29 19:07:14.0265 Backup copy found, using it..

2010/10/29 19:07:14.0359 C:\WINNT\system32\DRIVERS\pcmcia.sys - will be cured after reboot

2010/10/29 19:07:14.0359 Rootkit.Win32.TDSS.tdl3(Pcmcia) - User select action: Cure

2010/10/29 19:07:19.0468 Deinitialize success

Link to post
Share on other sites

The DRIVERS\pcmcia.sys is your network card driver

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    pcmcia.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Is this it:

SystemLook 04.09.10 by jpshortstuff

Log created at 20:06 on 29/10/2010 by standalone

Administrator - Elevation successful

========== filefind ==========

Searching for "pcmcia.sys"

C:\WINNT\$NtServicePackUninstall$\pcmcia.sys -----c- 119936 bytes [09:15 20/12/2008] [12:00 04/08/2004] 82A087207DECEC8456FBE8537947D579

C:\WINNT\ServicePackFiles\i386\pcmcia.sys ------- 120192 bytes [10:47 05/08/2008] [18:36 13/04/2008] 9E89EF60E9EE05E3F2EEF2DA7397F1C1

C:\WINNT\system32\drivers\pcmcia.sys --a---- 120192 bytes [12:00 04/08/2004] [18:08 29/10/2010] 9E89EF60E9EE05E3F2EEF2DA7397F1C1

-= EOF =-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.