Jump to content

3934230198:1231650837.exe Cant Stop!


Hizzle G
 Share

Recommended Posts

  • Replies 119
  • Created
  • Last Reply

Top Posters In This Topic

Hizzle G,

 

New guidance!

 

Please remove Step1 from your Desktop, as well as the Results.txt from the Desktop and the C:\ drive, and also remove Log.txt from the Desktop.

 

We are starting fresh with this.

 

Please download Step1.exe once again.

 

Save it to your Desktop and run it by double-clicking it just once!

 

It makes a log (Result.txt) found on the Desktop.

 

Please post the new Result.txt in your reply.

 

Do not do anything else until we look at this report.

 

Thanks!

 

New guidance!

Edited by Aaflac
Link to comment
Share on other sites

Hizzle G,

 

If you are taking a break from this, it is understandable.

 

We are close to getting the patched driver and nuking the ADS file. There is an expert working on this, and Step1 is his creation. He has specifically catered it to address your problem.

 

He updated Step1, and running its latest version makes the subsequent steps shorter.

 

After a simple command in the XP Recovery Console we can identify the evasive source of the infection and remove it.

 

If you are ready to proceed, just follow the new guidance in the post above, and provide the Results.txt

 

Thanks.

Edited by Aaflac
Link to comment
Share on other sites

md tempdir0

copy "C:\Windows\System32\Drivers\ACPI.sys" tempdir0

copy "C:\Windows\System32\Drivers\AFD.sys" tempdir0

copy "C:\Windows\System32\Drivers\APPDRV.sys" tempdir0

copy "C:\Windows\System32\Drivers\atapi.sys" tempdir0

copy "C:\Windows\System32\Drivers\ati2mtag.sys" tempdir0

copy "C:\Windows\System32\Drivers\audstub.sys" tempdir0

copy "C:\Windows\System32\Drivers\bcm4sbxp.sys" tempdir0

copy "C:\Windows\System32\Drivers\Cdrom.sys" tempdir0

copy "C:\Windows\System32\Drivers\CmBatt.sys" tempdir0

copy "C:\Windows\System32\Drivers\Compbatt.sys" tempdir0

copy "C:\Windows\System32\Drivers\Disk.sys" tempdir0

copy "C:\Windows\System32\Drivers\dmio.sys" tempdir0

copy "C:\Windows\System32\Drivers\dmload.sys" tempdir0

copy "C:\Windows\System32\Drivers\FltMgr.sys" tempdir0

copy "C:\Windows\System32\Drivers\Ftdisk.sys" tempdir0

copy "C:\Windows\System32\Drivers\GEARAspiWDM.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\msgpc.sys" tempdir0

copy "C:\Windows\System32\Drivers\HDAudBus.sys" tempdir0

copy "C:\Windows\System32\Drivers\HidUsb.sys" tempdir0

copy "C:\Windows\System32\Drivers\HSFHWAZL.sys" tempdir0

copy "C:\Windows\System32\Drivers\HSF_DPV.sys" tempdir0

copy "C:\Windows\System32\Drivers\HTTP.sys" tempdir0

copy "C:\Windows\System32\Drivers\i8042prt.sys" tempdir0

copy "C:\Windows\System32\Drivers\Imapi.sys" tempdir0

copy "C:\Windows\System32\Drivers\intelppm.sys" tempdir0

copy "C:\Windows\System32\Drivers\IpNat.sys" tempdir0

copy "C:\Windows\System32\Drivers\IPSec.sys" tempdir0

copy "C:\Windows\System32\Drivers\isapnp.sys" tempdir0

copy "C:\Windows\System32\Drivers\Kbdclass.sys" tempdir0

copy "C:\Windows\System32\Drivers\kbdhid.sys" tempdir0

copy "C:\Windows\System32\Drivers\kmixer.sys" tempdir0

copy "C:\Windows\System32\Drivers\mdmxsdk.sys" tempdir0

copy "C:\Windows\System32\Drivers\Mouclass.sys" tempdir0

copy "C:\Windows\System32\Drivers\mouhid.sys" tempdir0

copy "C:\Windows\System32\Drivers\MRxDAV.sys" tempdir0

copy "C:\Windows\System32\Drivers\MRxSmb.sys" tempdir0

copy "C:\Windows\System32\Drivers\mssmbios.sys" tempdir0

copy "C:\Windows\System32\Drivers\NdisTapi.sys" tempdir0

copy "C:\Windows\System32\Drivers\Ndisuio.sys" tempdir0

copy "C:\Windows\System32\Drivers\NdisWan.sys" tempdir0

copy "C:\Windows\System32\Drivers\NetBIOS.sys" tempdir0

copy "C:\Windows\System32\Drivers\NetBT.sys" tempdir0

copy "C:\Windows\System32\Drivers\NETwLx32.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\NWADIenum.sys" tempdir0

copy "C:\Windows\System32\Drivers\ohci1394.sys" tempdir0

copy "C:\Windows\System32\Drivers\PCI.sys" tempdir0

copy "C:\Windows\System32\Drivers\PCIIde.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\raspptp.sys" tempdir0

copy "C:\Windows\System32\Drivers\PSched.sys" tempdir0

copy "C:\Windows\System32\Drivers\Ptilink.sys" tempdir0

copy "C:\Windows\System32\Drivers\RasAcd.sys" tempdir0

copy "C:\Windows\System32\Drivers\Rasl2tp.sys" tempdir0

copy "C:\Windows\System32\Drivers\RasPppoe.sys" tempdir0

copy "C:\Windows\System32\Drivers\Raspti.sys" tempdir0

copy "C:\Windows\System32\Drivers\Rdbss.sys" tempdir0

copy "C:\Windows\System32\Drivers\RDPCDD.sys" tempdir0

copy "C:\Windows\System32\Drivers\rdpdr.sys" tempdir0

copy "C:\Windows\System32\Drivers\redbook.sys" tempdir0

copy "C:\Windows\System32\Drivers\rimmptsk.sys" tempdir0

copy "C:\Windows\System32\Drivers\rimsptsk.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\RimSerial.sys" tempdir0

copy "C:\Windows\System32\Drivers\risdptsk.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\rixdptsk.sys" tempdir0

copy "C:\Windows\System32\Drivers\RootMdm.sys" tempdir0

copy "C:\Windows\System32\Drivers\s24trans.sys" tempdir0

copy "C:\Windows\System32\Drivers\sbaphd.sys" tempdir0

copy "C:\Windows\System32\Drivers\sbapifs.sys" tempdir0

copy "C:\Windows\System32\Drivers\sr.sys" tempdir0

copy "C:\Windows\System32\Drivers\Srv.sys" tempdir0

copy "C:\Windows\System32\Drivers\STHDA.sys" tempdir0

copy "C:\Windows\System32\Drivers\swenum.sys" tempdir0

copy "C:\Windows\System32\Drivers\SynTP.sys" tempdir0

copy "C:\Windows\System32\Drivers\sysaudio.sys" tempdir0

copy "C:\Windows\System32\Drivers\Tcpip.sys" tempdir0

copy "C:\Windows\System32\Drivers\TermDD.sys" tempdir0

copy "C:\Windows\System32\Drivers\tosporte.sys" tempdir0

copy "C:\Windows\System32\Drivers\Tosrfcom.sys" tempdir0

copy "C:\Windows\System32\Drivers\Update.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbccgp.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbehci.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbhub.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbprint.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbscan.sys" tempdir0

copy "C:\Windows\System32\Drivers\usbuhci.sys" tempdir0

copy "C:\Windows\System32\drivers\vga.sys" tempdir0

copy "C:\Windows\System32\Drivers\Wanarp.sys" tempdir0

copy "C:\Windows\System32\Drivers\wdmaud.sys" tempdir0

copy "C:\Windows\System32\DRIVERS\HSF_CNXT.sys" tempdir0

copy "C:\Windows\System32\Drivers\WmiAcpi.sys" tempdir0

copy "C:\Windows\System32\Drivers\WS2IFSL.sys" tempdir0

 

attrib -r 3934230198

attrib -h 3934230198

attrib -s 3934230198

del 3934230198

rd 3934230198

dir c:\windows\system32\drivers

Link to comment
Share on other sites

No problem Hizzle G.

 

If you would have mentioned your circumstances, would have told you not to spend time looking.

There is an alternative.

 

Need to prepare some instructions on what we need to do next, etc., since there is no XP CD, but that is fine.

 

Will be back with you a little later tonight, though. Have to go out for a while.

Link to comment
Share on other sites

Hizzle G,

 

For what we are going to do next, you need a computer that has a CD burner, and you also need a blank CD.

You may want to read this infor first, and if you have any questions, do not hesitate to ask.

 

When you are ready, do the following...

 

Download ARCDC from Artellos

The Automated Recovery CD Creator (ARCDC) is a tool designed to create your own Recovery Console CD.

 

Select: Latest EXE Download

 

Double click ARCDC.exe

 

Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 and SP3

 

You will be prompted with a Terms of Use by Microsoft, please accept.

 

You will see a few DOS screens flash by, this is normal.

 

Next you will be able to choose to add extra files. Select the Default Files.

 

The last window will allow you to burn a disk using BurnCDCC

 

The ISO (image) you need to burn is located on your Desktop.

 

~~~~

Note 1: You need to burn the ISO (image) to a CD, which is not the same as just copying it to a CD.

Please use the BurnCDCC program and follow its instructions.

~~~~

 

Now, insert the CD you just created into the CDROM drive, and restart the computer.

You will see: "Press any key to boot from CD..." So, press a key.

 

~~~~

Note 2: If your PC does not boot from the CD, you need to change the boot order as follows:

 

Restart your PC

 

As soon as you get a screen, press the Setup key. This is usually F2, on Dell. (On some machines the key can also be a different one. The setup key, should be stated on the initial screen when you boot.)

 

Once you enter the computer's BIOS (Setup), use the arrow keys and tab key to move between elements.

Press ‘Enter’ to select an item and change.

 

Navigate to the tab where you can set the boot order.

It should be called Boot or Boot order

The tab should show your current boot order.

 

If the CD-drive is not at the top, please navigate to the CDROM drive entry with the arrows. Then, move the CDROM to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the Help, so that you can find them easily.

 

Once the CD-drive is on top of the boot order, navigate to 'Exit' and select: 'Exit saving changes'.

~~~~

 

Your PC should now boot from the CD.

 

When the Welcome to Setup’ screen appears, press ‘R’to start the Recovery Console.

 

When prompted to choose a Windows installation, type ‘1’ and press: Enter (Assuming you have only one Windows installation.)

 

When you are prompted, type the Administrator password. If you do not have an administrator password, leave blank, and just press: Enter

 

 

Now, a command prompt opens, and you will be at:

 

C:\WINDOWS>

 

For now, type in: Exit

 

Press: Enter

 

Post back if you are successful in bringing up the Recovery Console.

 

If so, we will proceed.

Edited by Aaflac
Link to comment
Share on other sites

Hizzle G,

 

Or am I suppose to do this on another PC?

 

Looks as if there is not much choice.

 

If you do not have another PC, is there someone that can let you have access to theirs, so you can get the CD burned?

Link to comment
Share on other sites

Hizzle G,

 

If you cannot use your your own computer, you can use any computer to download the Automated Recovery CD Creator (ARCDC) and burn/create a CD with the Recovery Console on it.

 

Just follow these instructions:

 

Download ARCDC from Artellos

The Automated Recovery CD Creator (ARCDC) is a tool designed to create your own Recovery Console CD.

 

Select: Latest EXE Download

 

Double click ARCDC.exe

 

Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 and SP3

 

You will be prompted with a Terms of Use by Microsoft, please accept.

 

You will see a few DOS screens flash by, this is normal.

 

Next you will be able to choose to add extra files. Select the Default Files.

 

The last window will allow you to burn a disk using BurnCDCC

 

The ISO (image) you need to burn is located on your Desktop.

 

~~~~

Note 1: You need to burn the ISO (image) to a CD, which is not the same as just copying it to a CD.

Please use the BurnCDCC program and follow its instructions.

~~~~

Edited by Aaflac
Link to comment
Share on other sites

Hizzle G,

 

You are in luck!!

 

A tool has just been released to bypass the need for the Recovery Console.

 

Please do the following:

 

Step 1:

 

Download DummyCreator.zip and unzip it.

  • Right-click and select: Extract all…
  • Follow the prompts to extract
  • Open the new folder that appears on the Desktop
  • Double-click DummyCreator/DummyMaker to run the tool.
  • Now, copy/paste the following into the box:

     

    C:\Windows\3934230198

  • Press the Create button.

     

    Save the content of the Result.txt to your Desktop, to post along with the report of the next tool.

 

Step 2:

 

Important: Restart the computer.

 

 

Step 3:

 

Please remove any previous download of TDSSKiller and download the latest version TDSSKiller.zip:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Right-click and select: Extract all

Follow the prompts to extract

 

Open the new folder that appears on the Desktop

Double-click TDSSKiller to run the tool.

 

Now click: Start Scan

 

If Malicious objects are found, please DO NOT allow the tool to Cure

Click the arrow next to 'Cure' and select: Skip

 

Click 'Continue'

 

Reboot if needed, (but let us know).

 

Click on Report, and a text file opens.

 

A log is also produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

 

 

Please post the following in your reply:

**The Result.txt from DummyCreator

**The TDSSKiller report

**Whether TDSSKiller needed a reboot

 

 

Thanks.

Link to comment
Share on other sites

Hizzle G,

 

If you decided to throw the computer out the window, get a new computer, or, format and install Windows XP Pro again, please give an update.

 

If you are no longer in need of malware removal assistance, I will not continue to check on this topic.

 

Thanks.

Edited by Aaflac
Link to comment
Share on other sites

2011/08/28 14:16:14.0609 2168 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/28 14:16:16.0609 2168 ================================================================================

2011/08/28 14:16:16.0609 2168 SystemInfo:

2011/08/28 14:16:16.0609 2168

2011/08/28 14:16:16.0609 2168 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/28 14:16:16.0609 2168 Product type: Workstation

2011/08/28 14:16:16.0609 2168 ComputerName: CHUCK-6037839B1

2011/08/28 14:16:16.0609 2168 UserName: chuck

2011/08/28 14:16:16.0609 2168 Windows directory: C:\WINDOWS

2011/08/28 14:16:16.0609 2168 System windows directory: C:\WINDOWS

2011/08/28 14:16:16.0609 2168 Processor architecture: Intel x86

2011/08/28 14:16:16.0609 2168 Number of processors: 2

2011/08/28 14:16:16.0609 2168 Page size: 0x1000

2011/08/28 14:16:16.0609 2168 Boot type: Normal boot

2011/08/28 14:16:16.0609 2168 ================================================================================

2011/08/28 14:16:17.0734 2168 Initialize success

2011/08/28 14:16:22.0453 0992 ================================================================================

2011/08/28 14:16:22.0453 0992 Scan started

2011/08/28 14:16:22.0453 0992 Mode: Manual;

2011/08/28 14:16:22.0453 0992 ================================================================================

2011/08/28 14:16:24.0812 0992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/28 14:16:24.0859 0992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/28 14:16:24.0921 0992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/08/28 14:16:24.0968 0992 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/08/28 14:16:25.0125 0992 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/08/28 14:16:25.0187 0992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/28 14:16:25.0296 0992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/28 14:16:25.0312 0992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/28 14:16:25.0546 0992 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/08/28 14:16:25.0609 0992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/28 14:16:25.0671 0992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/28 14:16:25.0765 0992 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/08/28 14:16:25.0812 0992 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys

2011/08/28 14:16:25.0859 0992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/28 14:16:25.0921 0992 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/08/28 14:16:25.0968 0992 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/08/28 14:16:26.0031 0992 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/08/28 14:16:26.0093 0992 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/08/28 14:16:26.0140 0992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/28 14:16:26.0187 0992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/28 14:16:26.0234 0992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/28 14:16:26.0265 0992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/28 14:16:26.0343 0992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/28 14:16:26.0390 0992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/28 14:16:26.0531 0992 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

2011/08/28 14:16:26.0625 0992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/28 14:16:26.0671 0992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/28 14:16:26.0703 0992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/28 14:16:26.0734 0992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/28 14:16:26.0765 0992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/28 14:16:26.0828 0992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/28 14:16:26.0890 0992 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

2011/08/28 14:16:26.0937 0992 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

2011/08/28 14:16:27.0000 0992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/28 14:16:27.0046 0992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/08/28 14:16:27.0078 0992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/28 14:16:27.0093 0992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/28 14:16:27.0140 0992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/28 14:16:27.0171 0992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/28 14:16:27.0203 0992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/28 14:16:27.0250 0992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/28 14:16:27.0296 0992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/28 14:16:27.0328 0992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/28 14:16:27.0359 0992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/28 14:16:27.0468 0992 HSFHWAZL (4de608a118365fd2671ece7a0f99f55b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/08/28 14:16:27.0500 0992 HSF_DPV (f6511b1525b689218c1428feb7ab48d0) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/08/28 14:16:27.0562 0992 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/08/28 14:16:27.0625 0992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/28 14:16:27.0812 0992 i8042prt (eebf46e9c81d4ccd5c0610c00e81bed2) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/28 14:16:27.0812 0992 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: eebf46e9c81d4ccd5c0610c00e81bed2, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30

2011/08/28 14:16:27.0812 0992 i8042prt - detected Rootkit.Win32.ZAccess.f (0)

2011/08/28 14:16:27.0843 0992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/28 14:16:28.0000 0992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/28 14:16:28.0109 0992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/28 14:16:28.0171 0992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/28 14:16:28.0250 0992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/28 14:16:28.0390 0992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/28 14:16:28.0515 0992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/28 14:16:28.0609 0992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/28 14:16:28.0718 0992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/28 14:16:28.0781 0992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/28 14:16:28.0859 0992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/08/28 14:16:28.0937 0992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/28 14:16:29.0000 0992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/28 14:16:29.0140 0992 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/08/28 14:16:29.0218 0992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/28 14:16:29.0281 0992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/28 14:16:29.0406 0992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/28 14:16:29.0500 0992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/28 14:16:29.0546 0992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/28 14:16:29.0656 0992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/28 14:16:29.0765 0992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/28 14:16:29.0906 0992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/28 14:16:29.0937 0992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/28 14:16:30.0015 0992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/28 14:16:30.0062 0992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/28 14:16:30.0109 0992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/28 14:16:30.0156 0992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/28 14:16:30.0203 0992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/28 14:16:30.0250 0992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/28 14:16:30.0281 0992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/28 14:16:30.0312 0992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/28 14:16:30.0343 0992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/28 14:16:30.0375 0992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/28 14:16:30.0406 0992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/28 14:16:30.0546 0992 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2011/08/28 14:16:30.0796 0992 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys

2011/08/28 14:16:30.0968 0992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/28 14:16:31.0031 0992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/28 14:16:31.0093 0992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/28 14:16:31.0156 0992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/28 14:16:31.0203 0992 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

2011/08/28 14:16:31.0250 0992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/28 14:16:31.0281 0992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/28 14:16:31.0296 0992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/28 14:16:31.0343 0992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/08/28 14:16:31.0359 0992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/28 14:16:31.0406 0992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/28 14:16:31.0453 0992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/28 14:16:31.0515 0992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/28 14:16:31.0546 0992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/28 14:16:31.0765 0992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/28 14:16:31.0796 0992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/28 14:16:31.0812 0992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/28 14:16:31.0937 0992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/28 14:16:31.0984 0992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/28 14:16:32.0015 0992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/28 14:16:32.0031 0992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/28 14:16:32.0062 0992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/28 14:16:32.0093 0992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/28 14:16:32.0125 0992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/28 14:16:32.0187 0992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/28 14:16:32.0234 0992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/28 14:16:32.0296 0992 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/08/28 14:16:32.0343 0992 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/08/28 14:16:32.0390 0992 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/08/28 14:16:32.0421 0992 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/08/28 14:16:32.0453 0992 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINDOWS\system32\DRIVERS\risdptsk.sys

2011/08/28 14:16:32.0484 0992 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/08/28 14:16:32.0546 0992 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/08/28 14:16:32.0609 0992 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/08/28 14:16:32.0656 0992 sbaphd (8fe075898df6b206d0a5cf0feb581b5e) C:\WINDOWS\system32\drivers\sbaphd.sys

2011/08/28 14:16:32.0703 0992 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\WINDOWS\system32\drivers\sbapifs.sys

2011/08/28 14:16:32.0781 0992 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/08/28 14:16:32.0921 0992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/28 14:16:33.0015 0992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/08/28 14:16:33.0093 0992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/28 14:16:33.0203 0992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/28 14:16:33.0234 0992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/28 14:16:33.0281 0992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/28 14:16:33.0390 0992 STHDA (6e1e8aa28683758a524778554be2f285) C:\WINDOWS\system32\drivers\sthda.sys

2011/08/28 14:16:33.0421 0992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/28 14:16:33.0453 0992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/28 14:16:33.0515 0992 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\WINDOWS\system32\DRIVERS\swmsflt.sys

2011/08/28 14:16:33.0593 0992 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys

2011/08/28 14:16:33.0640 0992 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

2011/08/28 14:16:33.0781 0992 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/08/28 14:16:33.0828 0992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/28 14:16:33.0906 0992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/28 14:16:33.0968 0992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/28 14:16:34.0000 0992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/28 14:16:34.0031 0992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/28 14:16:34.0093 0992 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2011/08/28 14:16:34.0140 0992 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/08/28 14:16:34.0203 0992 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/08/28 14:16:34.0218 0992 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/08/28 14:16:34.0250 0992 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/08/28 14:16:34.0281 0992 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/08/28 14:16:34.0296 0992 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/08/28 14:16:34.0328 0992 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2011/08/28 14:16:34.0375 0992 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/08/28 14:16:34.0421 0992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/28 14:16:34.0562 0992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/28 14:16:34.0671 0992 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/08/28 14:16:34.0718 0992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/08/28 14:16:34.0765 0992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/28 14:16:34.0812 0992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/28 14:16:34.0875 0992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/28 14:16:34.0906 0992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/28 14:16:34.0921 0992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/28 14:16:34.0968 0992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/28 14:16:35.0015 0992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/28 14:16:35.0031 0992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/08/28 14:16:35.0078 0992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/28 14:16:35.0140 0992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/28 14:16:35.0203 0992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/28 14:16:35.0265 0992 winachsf (ea643e1f001ffd58ef9f28277dc4a1ea) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/08/28 14:16:35.0343 0992 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/08/28 14:16:35.0406 0992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/08/28 14:16:35.0484 0992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/28 14:16:35.0515 0992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/28 14:16:35.0593 0992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/28 14:16:35.0765 0992 Boot (0x1200) (01b25196ebc5c009a08435373802f6e4) \Device\Harddisk0\DR0\Partition0

2011/08/28 14:16:35.0765 0992 ================================================================================

2011/08/28 14:16:35.0765 0992 Scan finished

2011/08/28 14:16:35.0765 0992 ================================================================================

2011/08/28 14:16:35.0781 4032 Detected object count: 1

2011/08/28 14:16:35.0781 4032 Actual detected object count: 1

2011/08/28 14:16:47.0203 4032 Rootkit.Win32.ZAccess.f(i8042prt) - User select action: Skip

2011/08/28 14:17:57.0875 2852 Deinitialize success

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...