Jump to content


Photo
- - - - -

Rootkit that won't go away!

rootkit

  • This topic is locked This topic is locked
2 replies to this topic

#1 vandy

vandy

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male

Posted 04 May 2012 - 03:06 PM

Hello, I am in need of help with a rootkit problem that just won't go away. Not sure if it is 0access or something else but Malwarebytes is useless against it and TDSSkiller can't seem to clean in entirely. Please help me. Here is the TDSSkiller log and Malwarebytes log:

14:50:31.0328 3580 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:50:33.0328 3580 ============================================================
14:50:33.0328 3580 Current date / time: 2012/05/04 14:50:33.0328
14:50:33.0328 3580 SystemInfo:
14:50:33.0328 3580
14:50:33.0328 3580 OS Version: 5.1.2600 ServicePack: 3.0
14:50:33.0328 3580 Product type: Workstation
14:50:33.0328 3580 ComputerName: DELL-F68667BFA2
14:50:33.0328 3580 UserName: Administrator
14:50:33.0328 3580 Windows directory: C:\WINDOWS
14:50:33.0328 3580 System windows directory: C:\WINDOWS
14:50:33.0328 3580 Processor architecture: Intel x86
14:50:33.0328 3580 Number of processors: 2
14:50:33.0328 3580 Page size: 0x1000
14:50:33.0328 3580 Boot type: Normal boot
14:50:33.0328 3580 ============================================================
14:50:35.0906 3580 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:50:35.0921 3580 Drive \Device\Harddisk1\DR2 - Size: 0x3D3D2200 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:50:35.0921 3580 ============================================================
14:50:35.0921 3580 \Device\Harddisk0\DR0:
14:50:35.0921 3580 MBR partitions:
14:50:35.0921 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
14:50:35.0921 3580 \Device\Harddisk1\DR2:
14:50:35.0921 3580 MBR partitions:
14:50:35.0921 3580 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x1E9E52
14:50:35.0921 3580 ============================================================
14:50:35.0937 3580 C: <-> \Device\Harddisk0\DR0\Partition0
14:50:35.0937 3580 ============================================================
14:50:35.0937 3580 Initialize success
14:50:35.0937 3580 ============================================================
14:50:38.0390 2508 ============================================================
14:50:38.0390 2508 Scan started
14:50:38.0390 2508 Mode: Manual;
14:50:38.0390 2508 ============================================================
14:50:39.0093 2508 Abiosdsk - ok
14:50:39.0109 2508 abp480n5 - ok
14:50:39.0156 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:50:39.0171 2508 ACPI - ok
14:50:39.0203 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:50:39.0203 2508 ACPIEC - ok
14:50:39.0265 2508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:39.0281 2508 AdobeFlashPlayerUpdateSvc - ok
14:50:39.0281 2508 adpu160m - ok
14:50:39.0312 2508 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:50:39.0328 2508 aeaudio - ok
14:50:39.0343 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:50:39.0343 2508 aec - ok
14:50:39.0468 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:50:39.0500 2508 AFD - ok
14:50:39.0765 2508 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
14:50:39.0781 2508 AffinegyService - ok
14:50:39.0796 2508 AFGMp50 - ok
14:50:39.0812 2508 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
14:50:39.0812 2508 AFGSp50 - ok
14:50:39.0812 2508 Aha154x - ok
14:50:39.0828 2508 aic78u2 - ok
14:50:39.0828 2508 aic78xx - ok
14:50:39.0859 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:50:39.0859 2508 Alerter - ok
14:50:39.0875 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:50:39.0890 2508 ALG - ok
14:50:39.0890 2508 AliIde - ok
14:50:39.0890 2508 amsint - ok
14:50:39.0921 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:50:39.0937 2508 AppMgmt - ok
14:50:39.0937 2508 asc - ok
14:50:39.0937 2508 asc3350p - ok
14:50:39.0953 2508 asc3550 - ok
14:50:39.0984 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:50:39.0984 2508 AsyncMac - ok
14:50:40.0015 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:50:40.0015 2508 atapi - ok
14:50:40.0015 2508 Atdisk - ok
14:50:40.0046 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:50:40.0046 2508 Atmarpc - ok
14:50:40.0078 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:50:40.0078 2508 AudioSrv - ok
14:50:40.0109 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:50:40.0109 2508 audstub - ok
14:50:40.0156 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:50:40.0156 2508 Beep - ok
14:50:40.0203 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:50:40.0250 2508 BITS - ok
14:50:40.0281 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:50:40.0281 2508 Browser - ok
14:50:40.0375 2508 catchme - ok
14:50:40.0421 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:50:40.0421 2508 cbidf2k - ok
14:50:40.0421 2508 cd20xrnt - ok
14:50:40.0468 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:50:40.0468 2508 Cdaudio - ok
14:50:40.0500 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:50:40.0500 2508 Cdfs - ok
14:50:40.0546 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:50:40.0546 2508 Cdrom - ok
14:50:40.0546 2508 cerc6 - ok
14:50:40.0562 2508 Changer - ok
14:50:40.0578 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:50:40.0578 2508 CiSvc - ok
14:50:40.0593 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:50:40.0609 2508 ClipSrv - ok
14:50:40.0609 2508 CmdIde - ok
14:50:40.0609 2508 COMSysApp - ok
14:50:40.0625 2508 Cpqarray - ok
14:50:40.0656 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:50:40.0671 2508 CryptSvc - ok
14:50:40.0671 2508 dac2w2k - ok
14:50:40.0671 2508 dac960nt - ok
14:50:40.0734 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:50:40.0750 2508 DcomLaunch - ok
14:50:40.0796 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:50:40.0796 2508 Dhcp - ok
14:50:40.0812 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:50:40.0812 2508 Disk - ok
14:50:40.0828 2508 dmadmin - ok
14:50:40.0906 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:50:40.0921 2508 dmboot - ok
14:50:40.0968 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:50:40.0968 2508 dmio - ok
14:50:40.0984 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:50:40.0984 2508 dmload - ok
14:50:41.0015 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:50:41.0015 2508 dmserver - ok
14:50:41.0046 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:50:41.0062 2508 DMusic - ok
14:50:41.0093 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:50:41.0093 2508 Dnscache - ok
14:50:41.0140 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:50:41.0140 2508 Dot3svc - ok
14:50:41.0140 2508 dpti2o - ok
14:50:41.0171 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:50:41.0171 2508 drmkaud - ok
14:50:41.0218 2508 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:50:41.0218 2508 E100B - ok
14:50:41.0250 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:50:41.0250 2508 EapHost - ok
14:50:41.0265 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:50:41.0265 2508 ERSvc - ok
14:50:41.0312 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:50:41.0343 2508 Eventlog - ok
14:50:41.0406 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:50:41.0406 2508 EventSystem - ok
14:50:41.0468 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:50:41.0468 2508 Fastfat - ok
14:50:41.0515 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:41.0531 2508 FastUserSwitchingCompatibility - ok
14:50:41.0578 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:50:41.0578 2508 Fdc - ok
14:50:41.0578 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:50:41.0578 2508 Fips - ok
14:50:41.0625 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:50:41.0625 2508 Flpydisk - ok
14:50:41.0656 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:50:41.0671 2508 FltMgr - ok
14:50:41.0703 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:50:41.0703 2508 Fs_Rec - ok
14:50:41.0734 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:50:41.0734 2508 Ftdisk - ok
14:50:41.0750 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:50:41.0750 2508 Gpc - ok
14:50:41.0828 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:50:41.0828 2508 helpsvc - ok
14:50:41.0859 2508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:50:41.0859 2508 HidServ - ok
14:50:41.0906 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:50:41.0906 2508 hidusb - ok
14:50:41.0937 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:50:41.0937 2508 hkmsvc - ok
14:50:41.0937 2508 hpn - ok
14:50:42.0000 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:50:42.0000 2508 HTTP - ok
14:50:42.0046 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:50:42.0046 2508 HTTPFilter - ok
14:50:42.0046 2508 i2omgmt - ok
14:50:42.0062 2508 i2omp - ok
14:50:42.0093 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:50:42.0093 2508 i8042prt - ok
14:50:42.0171 2508 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:50:42.0187 2508 ialm - ok
14:50:42.0234 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:50:42.0234 2508 Imapi - ok
14:50:42.0265 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:50:42.0281 2508 ImapiService - ok
14:50:42.0296 2508 ini910u - ok
14:50:42.0312 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:50:42.0312 2508 IntelIde - ok
14:50:42.0359 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:50:42.0359 2508 intelppm - ok
14:50:42.0437 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:50:42.0437 2508 Ip6Fw - ok
14:50:42.0468 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:50:42.0468 2508 IpFilterDriver - ok
14:50:42.0484 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:50:42.0484 2508 IpInIp - ok
14:50:42.0500 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:50:42.0515 2508 IpNat - ok
14:50:42.0562 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:50:42.0562 2508 IPSec - ok
14:50:42.0609 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:50:42.0609 2508 IRENUM - ok
14:50:42.0656 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:50:42.0656 2508 isapnp - ok
14:50:42.0734 2508 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
14:50:42.0750 2508 JavaQuickStarterService - ok
14:50:42.0796 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:50:42.0796 2508 Kbdclass - ok
14:50:42.0828 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:50:42.0828 2508 kbdhid - ok
14:50:42.0859 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:50:42.0859 2508 kmixer - ok
14:50:42.0906 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:50:42.0906 2508 KSecDD - ok
14:50:42.0968 2508 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:50:42.0968 2508 LanmanServer - ok
14:50:43.0015 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:50:43.0031 2508 lanmanworkstation - ok
14:50:43.0031 2508 lbrtfdc - ok
14:50:43.0078 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:50:43.0078 2508 LmHosts - ok
14:50:43.0156 2508 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
14:50:43.0171 2508 McciCMService - ok
14:50:43.0203 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:50:43.0203 2508 Messenger - ok
14:50:43.0234 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:50:43.0234 2508 mnmdd - ok
14:50:43.0281 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:50:43.0281 2508 mnmsrvc - ok
14:50:43.0328 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:50:43.0328 2508 Modem - ok
14:50:43.0375 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:50:43.0375 2508 Mouclass - ok
14:50:43.0406 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:50:43.0406 2508 mouhid - ok
14:50:43.0406 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:50:43.0406 2508 MountMgr - ok
14:50:43.0421 2508 mraid35x - ok
14:50:43.0421 2508 MREMPR5 - ok
14:50:43.0437 2508 MRENDIS5 - ok
14:50:43.0437 2508 MRESP50 - ok
14:50:43.0453 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:50:43.0453 2508 MRxDAV - ok
14:50:43.0484 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:50:43.0484 2508 MSDTC - ok
14:50:43.0531 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:50:43.0531 2508 Msfs - ok
14:50:43.0531 2508 MSIServer - ok
14:50:43.0593 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:50:43.0593 2508 MSKSSRV - ok
14:50:43.0609 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:50:43.0609 2508 MSPCLOCK - ok
14:50:43.0625 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:50:43.0625 2508 MSPQM - ok
14:50:43.0656 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:50:43.0656 2508 mssmbios - ok
14:50:43.0687 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:50:43.0703 2508 Mup - ok
14:50:43.0750 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:50:43.0765 2508 napagent - ok
14:50:43.0796 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:50:43.0796 2508 NDIS - ok
14:50:43.0843 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:50:43.0843 2508 NdisTapi - ok
14:50:43.0875 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:50:43.0875 2508 Ndisuio - ok
14:50:43.0921 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:50:43.0921 2508 NdisWan - ok
14:50:43.0968 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:50:43.0968 2508 NDProxy - ok
14:50:44.0015 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:50:44.0015 2508 NetBIOS - ok
14:50:44.0031 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:50:44.0031 2508 NetBT - ok
14:50:44.0078 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:44.0093 2508 NetDDE - ok
14:50:44.0093 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:44.0093 2508 NetDDEdsdm - ok
14:50:44.0125 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:44.0125 2508 Netlogon - ok
14:50:44.0171 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:50:44.0187 2508 Netman - ok
14:50:44.0234 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:50:44.0250 2508 Nla - ok
14:50:44.0296 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:50:44.0296 2508 Npfs - ok
14:50:44.0359 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:50:44.0375 2508 Ntfs - ok
14:50:44.0375 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:44.0390 2508 NtLmSsp - ok
14:50:44.0453 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:50:44.0468 2508 NtmsSvc - ok
14:50:44.0500 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:50:44.0500 2508 Null - ok
14:50:44.0546 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:50:44.0546 2508 NwlnkFlt - ok
14:50:44.0578 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:50:44.0578 2508 NwlnkFwd - ok
14:50:44.0640 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:50:44.0640 2508 Parport - ok
14:50:44.0671 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:50:44.0687 2508 PartMgr - ok
14:50:44.0718 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:50:44.0718 2508 ParVdm - ok
14:50:44.0750 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:50:44.0750 2508 PCI - ok
14:50:44.0750 2508 PCIDump - ok
14:50:44.0750 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:50:44.0765 2508 PCIIde - ok
14:50:44.0781 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:50:44.0796 2508 Pcmcia - ok
14:50:44.0796 2508 PDCOMP - ok
14:50:44.0796 2508 PDFRAME - ok
14:50:44.0812 2508 PDRELI - ok
14:50:44.0812 2508 PDRFRAME - ok
14:50:44.0828 2508 perc2 - ok
14:50:44.0828 2508 perc2hib - ok
14:50:44.0890 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:50:44.0890 2508 PlugPlay - ok
14:50:44.0890 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:44.0890 2508 PolicyAgent - ok
14:50:44.0937 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:50:44.0937 2508 PptpMiniport - ok
14:50:44.0937 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:44.0937 2508 ProtectedStorage - ok
14:50:44.0953 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:50:44.0953 2508 PSched - ok
14:50:45.0000 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:50:45.0000 2508 Ptilink - ok
14:50:45.0000 2508 ql1080 - ok
14:50:45.0015 2508 Ql10wnt - ok
14:50:45.0015 2508 ql12160 - ok
14:50:45.0015 2508 ql1240 - ok
14:50:45.0031 2508 ql1280 - ok
14:50:45.0046 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:50:45.0046 2508 RasAcd - ok
14:50:45.0078 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:50:45.0078 2508 RasAuto - ok
14:50:45.0109 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:50:45.0109 2508 Rasl2tp - ok
14:50:45.0140 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:50:45.0140 2508 RasMan - ok
14:50:45.0156 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:50:45.0171 2508 RasPppoe - ok
14:50:45.0171 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:50:45.0171 2508 Raspti - ok
14:50:45.0218 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:50:45.0234 2508 Rdbss - ok
14:50:45.0234 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:50:45.0234 2508 RDPCDD - ok
14:50:45.0281 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:50:45.0296 2508 rdpdr - ok
14:50:45.0359 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:50:45.0359 2508 RDPWD - ok
14:50:45.0406 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:50:45.0421 2508 RDSessMgr - ok
14:50:45.0453 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:50:45.0453 2508 redbook - ok
14:50:45.0484 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:50:45.0500 2508 RemoteAccess - ok
14:50:45.0531 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:50:45.0531 2508 RemoteRegistry - ok
14:50:45.0562 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:50:45.0562 2508 RpcLocator - ok
14:50:45.0640 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:50:45.0656 2508 RpcSs - ok
14:50:45.0687 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:50:45.0703 2508 RSVP - ok
14:50:45.0734 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:45.0734 2508 SamSs - ok
14:50:45.0781 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:50:45.0781 2508 SCardSvr - ok
14:50:45.0828 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:50:45.0843 2508 Schedule - ok
14:50:45.0843 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:50:45.0859 2508 Secdrv - ok
14:50:45.0890 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:50:45.0890 2508 seclogon - ok
14:50:45.0906 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:50:45.0906 2508 SENS - ok
14:50:45.0953 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:50:45.0953 2508 serenum - ok
14:50:45.0953 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:50:45.0953 2508 Serial - ok
14:50:45.0968 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:50:45.0968 2508 Sfloppy - ok
14:50:46.0031 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:50:46.0046 2508 SharedAccess - ok
14:50:46.0078 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:46.0078 2508 ShellHWDetection - ok
14:50:46.0078 2508 Simbad - ok
14:50:46.0140 2508 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
14:50:46.0171 2508 smwdm - ok
14:50:46.0171 2508 Sparrow - ok
14:50:46.0187 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:50:46.0187 2508 splitter - ok
14:50:46.0234 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:50:46.0234 2508 Spooler - ok
14:50:46.0281 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:50:46.0281 2508 sr - ok
14:50:46.0296 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:50:46.0312 2508 srservice - ok
14:50:46.0359 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:50:46.0375 2508 Srv - ok
14:50:46.0421 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:50:46.0421 2508 SSDPSRV - ok
14:50:46.0484 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:50:46.0500 2508 stisvc - ok
14:50:46.0546 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:50:46.0546 2508 swenum - ok
14:50:46.0593 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:50:46.0593 2508 swmidi - ok
14:50:46.0609 2508 SwPrv - ok
14:50:46.0609 2508 symc810 - ok
14:50:46.0625 2508 symc8xx - ok
14:50:46.0625 2508 sym_hi - ok
14:50:46.0640 2508 sym_u3 - ok
14:50:46.0671 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:50:46.0671 2508 sysaudio - ok
14:50:46.0703 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:50:46.0718 2508 SysmonLog - ok
14:50:46.0765 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:50:46.0781 2508 TapiSrv - ok
14:50:46.0843 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:50:46.0859 2508 Tcpip - ok
14:50:46.0906 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:50:46.0906 2508 TDPIPE - ok
14:50:46.0921 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:50:46.0921 2508 TDTCP - ok
14:50:46.0937 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:50:46.0937 2508 TermDD - ok
14:50:46.0984 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:50:47.0000 2508 TermService - ok
14:50:47.0031 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:47.0046 2508 Themes - ok
14:50:47.0078 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:50:47.0078 2508 TlntSvr - ok
14:50:47.0078 2508 TosIde - ok
14:50:47.0125 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:50:47.0125 2508 TrkWks - ok
14:50:47.0140 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:50:47.0140 2508 Udfs - ok
14:50:47.0140 2508 ultra - ok
14:50:47.0203 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:50:47.0218 2508 Update - ok
14:50:47.0265 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:50:47.0281 2508 upnphost - ok
14:50:47.0296 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:50:47.0296 2508 UPS - ok
14:50:47.0343 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:50:47.0343 2508 usbccgp - ok
14:50:47.0390 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:50:47.0390 2508 usbehci - ok
14:50:47.0437 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:50:47.0437 2508 usbhub - ok
14:50:47.0484 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:50:47.0484 2508 USBSTOR - ok
14:50:47.0515 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:50:47.0515 2508 usbuhci - ok
14:50:47.0515 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:50:47.0531 2508 VgaSave - ok
14:50:47.0531 2508 ViaIde - ok
14:50:47.0562 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:50:47.0562 2508 VolSnap - ok
14:50:47.0625 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:50:47.0671 2508 VSS - ok
14:50:47.0718 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:50:47.0734 2508 W32Time - ok
14:50:47.0765 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:50:47.0781 2508 Wanarp - ok
14:50:47.0781 2508 WDICA - ok
14:50:47.0828 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:50:47.0828 2508 wdmaud - ok
14:50:47.0843 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:50:47.0843 2508 WebClient - ok
14:50:47.0921 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:50:47.0921 2508 winmgmt - ok
14:50:47.0968 2508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:50:47.0968 2508 WmdmPmSN - ok
14:50:48.0031 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:50:48.0062 2508 Wmi - ok
14:50:48.0109 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:50:48.0109 2508 WmiApSrv - ok
14:50:48.0265 2508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:50:48.0281 2508 WMPNetworkSvc - ok
14:50:48.0343 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:50:48.0343 2508 WS2IFSL - ok
14:50:48.0390 2508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:50:48.0390 2508 wscsvc - ok
14:50:48.0437 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:50:48.0437 2508 wuauserv - ok
14:50:48.0484 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:50:48.0484 2508 WudfPf - ok
14:50:48.0515 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:50:48.0515 2508 WudfRd - ok
14:50:48.0546 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:50:48.0546 2508 WudfSvc - ok
14:50:48.0625 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:50:48.0656 2508 WZCSVC - ok
14:50:48.0687 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:50:48.0703 2508 xmlprov - ok
14:50:48.0796 2508 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:50:48.0812 2508 YahooAUService - ok
14:50:48.0843 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:50:49.0062 2508 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
14:50:49.0062 2508 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
14:50:49.0062 2508 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
14:51:02.0406 2508 \Device\Harddisk1\DR2 - ok
14:51:02.0421 2508 Boot (0x1200) (3bd81cf09614750ef348b6d1e704e296) \Device\Harddisk0\DR0\Partition0
14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - infected
14:51:02.0421 2508 \Device\Harddisk0\DR0\Partition0 - detected Rootkit.Boot.Cidox.b (0)
14:51:02.0421 2508 Boot (0x1200) (a6658a23e6d69224c6aae2da45606274) \Device\Harddisk1\DR2\Partition0
14:51:02.0437 2508 \Device\Harddisk1\DR2\Partition0 - ok
14:51:02.0437 2508 ============================================================
14:51:02.0437 2508 Scan finished
14:51:02.0437 2508 ============================================================
14:51:02.0437 1484 Detected object count: 2
14:51:02.0437 1484 Actual detected object count: 2
14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
14:51:50.0953 1484 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
14:51:50.0984 1484 \Device\Harddisk0\DR0\Partition0 - copied to quarantine
14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 - ok
14:51:51.0000 1484 \Device\Harddisk0\DR0\Partition0 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
14:57:09.0578 2524 Deinitialize success


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.04.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DELL-F68667BFA2 [administrator]
5/4/2012 2:57:49 PM
mbam-log-2012-05-04 (14-57-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176224
Time elapsed: 4 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,228 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 May 2012 - 04:06 PM

Welcome to the forum.....please don't run any other tools!!!

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 May 2012 - 10:25 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users