Inactive Broni...need your help on removing the virus with message "The maximum number of secr

Status
Not open for further replies.
F

fish

I was following your post from several months ago but yall never came up with a conclusion. I have the exact virus reported from Jimmy with the message "The maximum number of secrets that may be stored in a single system has been exceeded. The length and number of secrets is limited to satisfy US State Dept. export restrictions"
I downloaded and ran TDS SKILLER and then ran ROOTKIT UNHOOKER but thats as far as yall got. Can you help finish to get rid of this virus.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
OK, below is log from ROOTKIT

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF5549000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xED852000 C:\WINDOWS\system32\drivers\sthda.sys 1216512 bytes (IDT, Inc., IDT PC Audio)
0xF7384000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xED655000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEFA7B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xED782000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7BB4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD623000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7C34000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEFAD9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xED626000 C:\WINDOWS\System32\Drivers\dump_Si3114r5.sys 192512 bytes
0xF7460000 Si3114r5.sys 192512 bytes (Silicon Image, Inc, SATA SoftRAID 5 miniport driver)
0xF74FD000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7D89000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7357000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF54E1000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 180224 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xB7230000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xED6C5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF550D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xED734000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74A7000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xED75C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7D3D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xED82E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF54BD000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF540A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xED712000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xED6F0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7428000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74CD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF733D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF748F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7448000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7411000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEFB1A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF752B000 87886180.sys 90112 bytes
0xB7A73000 C:\WINDOWS\system32\DRIVERS\UB1394.SYS 90112 bytes (Unibrain S.A., FireAPI® 1394 Class Driver (XP))
0xB773E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF54A9000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5535000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xED7DB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7A89000 C:\WINDOWS\system32\DRIVERS\ubohci.sys 77824 bytes (Unibrain S.A., UBOHCI WDM Miniport Driver (XP))
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF74EC000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEFB09000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEFC21000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7742000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7652000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7752000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEFDBB000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xEFE0B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7792000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7CBD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEFDFB000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7662000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF76A2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF5E88000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7682000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
!!!!!!!!!!!Hidden driver: 0xF76F2000 .netbt 49152 bytes
0xF7812000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
!!!!!!!!!!!Hidden driver: 0xB7375000 3086720096 45056 bytes
0xEFC51000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7762000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7672000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77F2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7642000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEFE2B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB7CFD000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xEFE3B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB72BB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7692000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEFC11000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7732000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7822000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEFDAB000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7712000 C:\WINDOWS\system32\DRIVERS\SMBios.sys 36864 bytes (Intel Corporation, Intel(R) System Management BIOS Driver)
0xB7B64000 C:\WINDOWS\system32\DRIVERS\ubumapi.sys 36864 bytes (Unibrain S.A., FireAPI® User Mode Support (XP))
0xEFDCB000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79CA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF795A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7972000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79AA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7922000 C:\WINDOWS\system32\drivers\osaio.sys 28672 bytes (Avocent/OSA Technologies Inc., OSA I/O Port Driver)
0xF78C2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7982000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF2886000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF79BA000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF798A000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7992000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79D2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7952000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79B2000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A0A000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xF288E000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF799A000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF285E000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF79C2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78CA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF796A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D2000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF797A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7962000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF287E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF3169000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xF316D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF3175000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7FAA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B36000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB7B0C000 C:\WINDOWS\System32\Drivers\Stltrk2k.SYS 16384 bytes (SCM Microsystems Inc., Support Driver for WINNT Based Applications)
0xB7AFC000 C:\WINDOWS\system32\DRIVERS\ubsbm.sys 16384 bytes (Unibrain S.A., FireAPI® Serial Bus Manager (XP))
0xF7A52000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6BE5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEFB35000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEFB31000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7D69000 C:\WINDOWS\system32\drivers\OsaFsLoc.sys 12288 bytes (OSA Technologies, Filesystem Lock driver)
0xEFD09000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A56000 SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xF7A56000 SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xEFB55000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B84000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B46000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B82000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B42000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B86000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B74000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0xF7BCE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B88000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BD6000 C:\WINDOWS\system32\drivers\SIODRV.SYS 8192 bytes (Intel Corporation, SuperIO Driver for Windows NT(R))
0xF7B6E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B80000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B44000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C62000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D0D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF26C1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C0A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7CC2000 C:\WINDOWS\system32\drivers\symlcbrd.sys 4096 bytes
0x86372140 unknown_irp_handler 3776 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [netbt.sys]
0x86377E95 Unknown thread object [ ETHREAD 0x86BB5230 ] TID: 980, 600 bytes
0x86377E95 Unknown thread object [ ETHREAD 0x86BB5658 ] TID: 984, 600 bytes
0xB73799B5 Unknown thread object [ ETHREAD 0x86349868 ] TID: 3116, 600 bytes
0xB73799B5 Unknown thread object [ ETHREAD 0x86268A38 ] TID: 3120, 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
Sorry, "putting the cart before the horse"

I downloaded GMER and began the scan but it disappeared and can't find where the program is running to copy the log files.
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
13:25:24.0671 3664 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
13:25:25.0843 3664 ============================================================
13:25:25.0843 3664 Current date / time: 2011/10/20 13:25:25.0843
13:25:25.0843 3664 SystemInfo:
13:25:25.0843 3664
13:25:25.0843 3664 OS Version: 5.1.2600 ServicePack: 3.0
13:25:25.0843 3664 Product type: Workstation
13:25:25.0843 3664 ComputerName: SGUINN
13:25:25.0843 3664 UserName: Scott Guinn
13:25:25.0843 3664 Windows directory: C:\WINDOWS
13:25:25.0843 3664 System windows directory: C:\WINDOWS
13:25:25.0843 3664 Processor architecture: Intel x86
13:25:25.0843 3664 Number of processors: 2
13:25:25.0843 3664 Page size: 0x1000
13:25:25.0843 3664 Boot type: Normal boot
13:25:25.0843 3664 ============================================================
13:25:27.0015 3664 Initialize success
13:25:46.0906 0752 ============================================================
13:25:46.0906 0752 Scan started
13:25:46.0906 0752 Mode: Manual;
13:25:46.0906 0752 ============================================================
13:25:47.0062 0752 6b9d4615 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\356949355:2489498090.exe
13:25:48.0765 0752 Suspicious file (Hidden): C:\WINDOWS\356949355:2489498090.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
13:25:48.0765 0752 6b9d4615 ( HiddenFile.Multi.Generic ) - warning
13:25:48.0765 0752 6b9d4615 - detected HiddenFile.Multi.Generic (1)
13:25:48.0796 0752 Abiosdsk - ok
13:25:48.0843 0752 abp480n5 - ok
13:25:48.0906 0752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:25:48.0906 0752 ACPI - ok
13:25:48.0937 0752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:25:48.0953 0752 ACPIEC - ok
13:25:48.0953 0752 adpu160m - ok
13:25:49.0000 0752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:25:49.0000 0752 aec - ok
13:25:49.0046 0752 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:25:49.0046 0752 AegisP - ok
13:25:49.0078 0752 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
13:25:49.0078 0752 AFD - ok
13:25:49.0093 0752 Aha154x - ok
13:25:49.0109 0752 aic78u2 - ok
13:25:49.0125 0752 aic78xx - ok
13:25:49.0140 0752 AliIde - ok
13:25:49.0156 0752 amsint - ok
13:25:49.0203 0752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:25:49.0203 0752 Arp1394 - ok
13:25:49.0203 0752 asc - ok
13:25:49.0218 0752 asc3350p - ok
13:25:49.0234 0752 asc3550 - ok
13:25:49.0265 0752 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
13:25:49.0265 0752 ASPI32 - ok
13:25:49.0296 0752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:25:49.0296 0752 AsyncMac - ok
13:25:49.0328 0752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:25:49.0328 0752 atapi - ok
13:25:49.0359 0752 Atdisk - ok
13:25:49.0390 0752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:25:49.0390 0752 Atmarpc - ok
13:25:49.0437 0752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:25:49.0437 0752 audstub - ok
13:25:49.0468 0752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:25:49.0468 0752 Beep - ok
13:25:49.0531 0752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:25:49.0531 0752 cbidf2k - ok
13:25:49.0578 0752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:25:49.0578 0752 CCDECODE - ok
13:25:49.0593 0752 cd20xrnt - ok
13:25:49.0609 0752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:25:49.0609 0752 Cdaudio - ok
13:25:49.0640 0752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:25:49.0640 0752 Cdfs - ok
13:25:49.0671 0752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:25:49.0671 0752 Cdrom - ok
13:25:49.0687 0752 Changer - ok
13:25:49.0703 0752 CmdIde - ok
13:25:49.0718 0752 Cpqarray - ok
13:25:49.0750 0752 dac2w2k - ok
13:25:49.0765 0752 dac960nt - ok
13:25:49.0781 0752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:25:49.0781 0752 Disk - ok
13:25:49.0828 0752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:25:49.0843 0752 dmboot - ok
13:25:49.0859 0752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
13:25:49.0875 0752 dmio - ok
13:25:49.0890 0752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:25:49.0890 0752 dmload - ok
13:25:49.0937 0752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:25:49.0937 0752 DMusic - ok
13:25:49.0953 0752 dpti2o - ok
13:25:49.0984 0752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:25:49.0984 0752 drmkaud - ok
13:25:50.0031 0752 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:25:50.0046 0752 e1express - ok
13:25:50.0078 0752 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
13:25:50.0078 0752 ENTECH - ok
13:25:50.0125 0752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:25:50.0125 0752 Fastfat - ok
13:25:50.0140 0752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:25:50.0140 0752 Fdc - ok
13:25:50.0171 0752 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:25:50.0171 0752 FilterService - ok
13:25:50.0203 0752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:25:50.0203 0752 Fips - ok
13:25:50.0218 0752 fixustor - ok
13:25:50.0250 0752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:25:50.0250 0752 Flpydisk - ok
13:25:50.0281 0752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:25:50.0281 0752 FltMgr - ok
13:25:50.0328 0752 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
13:25:50.0328 0752 FlyUsb - ok
13:25:50.0359 0752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:25:50.0359 0752 Fs_Rec - ok
13:25:50.0375 0752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:25:50.0375 0752 Ftdisk - ok
13:25:50.0421 0752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:25:50.0421 0752 GEARAspiWDM - ok
13:25:50.0453 0752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:25:50.0453 0752 Gpc - ok
13:25:50.0484 0752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:25:50.0484 0752 HDAudBus - ok
13:25:50.0531 0752 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:25:50.0531 0752 hidusb - ok
13:25:50.0546 0752 hpn - ok
13:25:50.0593 0752 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:25:50.0593 0752 HPZid412 - ok
13:25:50.0625 0752 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:25:50.0625 0752 HPZipr12 - ok
13:25:50.0640 0752 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:25:50.0640 0752 HPZius12 - ok
13:25:50.0671 0752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:25:50.0671 0752 HTTP - ok
13:25:50.0687 0752 i2omgmt - ok
13:25:50.0703 0752 i2omp - ok
13:25:50.0734 0752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:25:50.0734 0752 i8042prt - ok
13:25:50.0750 0752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:25:50.0750 0752 Imapi - ok
13:25:50.0765 0752 ini910u - ok
13:25:50.0781 0752 IntelIde - ok
13:25:50.0828 0752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:25:50.0828 0752 intelppm - ok
13:25:50.0859 0752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:25:50.0859 0752 Ip6Fw - ok
13:25:50.0906 0752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:25:50.0906 0752 IpFilterDriver - ok
13:25:50.0953 0752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:25:50.0953 0752 IpInIp - ok
13:25:50.0984 0752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:25:50.0984 0752 IpNat - ok
13:25:51.0000 0752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:25:51.0000 0752 IPSec - ok
13:25:51.0031 0752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:25:51.0031 0752 IRENUM - ok
13:25:51.0046 0752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:25:51.0046 0752 isapnp - ok
13:25:51.0078 0752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:25:51.0078 0752 Kbdclass - ok
13:25:51.0093 0752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:25:51.0093 0752 kbdhid - ok
13:25:51.0125 0752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:25:51.0125 0752 kmixer - ok
13:25:51.0156 0752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:25:51.0156 0752 KSecDD - ok
13:25:51.0187 0752 lbrtfdc - ok
13:25:51.0281 0752 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:25:51.0312 0752 lvpopflt - ok
13:25:51.0359 0752 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
13:25:51.0359 0752 LVPr2Mon - ok
13:25:51.0406 0752 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:25:51.0406 0752 LVRS - ok
13:25:51.0453 0752 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
13:25:51.0453 0752 LVUSBSta - ok
13:25:51.0640 0752 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:25:51.0843 0752 LVUVC - ok
13:25:51.0875 0752 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:25:51.0875 0752 MBAMSwissArmy - ok
13:25:51.0921 0752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:25:51.0921 0752 mnmdd - ok
13:25:51.0968 0752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:25:51.0968 0752 Modem - ok
13:25:51.0984 0752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:25:51.0984 0752 Mouclass - ok
13:25:52.0015 0752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:25:52.0015 0752 mouhid - ok
13:25:52.0046 0752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:25:52.0046 0752 MountMgr - ok
13:25:52.0062 0752 mraid35x - ok
13:25:52.0093 0752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:25:52.0093 0752 MRxDAV - ok
13:25:52.0125 0752 MRxSmb (31f81b9da501be5596042df6c0ffdb2d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:25:52.0125 0752 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 31f81b9da501be5596042df6c0ffdb2d, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
13:25:52.0125 0752 MRxSmb ( Rootkit.Win32.ZAccess.e ) - infected
13:25:52.0125 0752 MRxSmb - detected Rootkit.Win32.ZAccess.e (0)
13:25:52.0156 0752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:25:52.0156 0752 Msfs - ok
13:25:52.0187 0752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:25:52.0187 0752 MSKSSRV - ok
13:25:52.0203 0752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:25:52.0203 0752 MSPCLOCK - ok
13:25:52.0234 0752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:25:52.0234 0752 MSPQM - ok
13:25:52.0265 0752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:25:52.0265 0752 mssmbios - ok
13:25:52.0296 0752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:25:52.0296 0752 MSTEE - ok
13:25:52.0328 0752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:25:52.0328 0752 Mup - ok
13:25:52.0375 0752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:25:52.0375 0752 NABTSFEC - ok
13:25:52.0406 0752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:25:52.0406 0752 NDIS - ok
13:25:52.0437 0752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:25:52.0437 0752 NdisIP - ok
13:25:52.0468 0752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:25:52.0468 0752 NdisTapi - ok
13:25:52.0500 0752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:25:52.0500 0752 Ndisuio - ok
13:25:52.0515 0752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:25:52.0515 0752 NdisWan - ok
13:25:52.0546 0752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:25:52.0546 0752 NDProxy - ok
13:25:52.0562 0752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:25:52.0562 0752 NetBIOS - ok
13:25:52.0593 0752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:25:52.0593 0752 NetBT - ok
13:25:52.0625 0752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:25:52.0625 0752 NIC1394 - ok
13:25:52.0640 0752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:25:52.0640 0752 Npfs - ok
13:25:52.0687 0752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:25:52.0687 0752 Ntfs - ok
13:25:52.0734 0752 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:25:52.0734 0752 NTIDrvr - ok
13:25:52.0765 0752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:25:52.0765 0752 Null - ok
13:25:53.0062 0752 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:25:53.0265 0752 nv - ok
13:25:53.0328 0752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:25:53.0328 0752 NwlnkFlt - ok
13:25:53.0375 0752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:25:53.0375 0752 NwlnkFwd - ok
13:25:53.0437 0752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:25:53.0437 0752 ohci1394 - ok
13:25:53.0468 0752 OsaFsLoc (1933b17550d3e64c5d189df39f2e38e6) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
13:25:53.0468 0752 OsaFsLoc - ok
13:25:53.0484 0752 osaio (b270a30ae97524e7edb5eca7b2afb846) C:\WINDOWS\system32\drivers\osaio.sys
13:25:53.0484 0752 osaio - ok
13:25:53.0515 0752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:25:53.0515 0752 Parport - ok
13:25:53.0531 0752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:25:53.0531 0752 PartMgr - ok
13:25:53.0578 0752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:25:53.0593 0752 ParVdm - ok
13:25:53.0609 0752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:25:53.0609 0752 PCI - ok
13:25:53.0625 0752 PCIDump - ok
13:25:53.0656 0752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:25:53.0656 0752 PCIIde - ok
13:25:53.0687 0752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:25:53.0687 0752 Pcmcia - ok
13:25:53.0703 0752 PDCOMP - ok
13:25:53.0718 0752 PDFRAME - ok
13:25:53.0734 0752 PDRELI - ok
13:25:53.0750 0752 PDRFRAME - ok
13:25:53.0765 0752 perc2 - ok
13:25:53.0781 0752 perc2hib - ok
13:25:53.0843 0752 PnkBstrK (eb8ac5da62f526dbb8731ac7661c89e8) C:\WINDOWS\system32\drivers\PnkBstrK.sys
13:25:53.0843 0752 PnkBstrK - ok
13:25:53.0859 0752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:25:53.0859 0752 PptpMiniport - ok
13:25:53.0890 0752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:25:53.0890 0752 PSched - ok
13:25:53.0921 0752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:25:53.0937 0752 Ptilink - ok
13:25:53.0968 0752 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:25:53.0968 0752 PxHelp20 - ok
13:25:53.0984 0752 ql1080 - ok
13:25:54.0000 0752 Ql10wnt - ok
13:25:54.0015 0752 ql12160 - ok
13:25:54.0031 0752 ql1240 - ok
13:25:54.0046 0752 ql1280 - ok
13:25:54.0078 0752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:25:54.0078 0752 RasAcd - ok
13:25:54.0093 0752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:25:54.0093 0752 Rasl2tp - ok
13:25:54.0109 0752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:25:54.0109 0752 RasPppoe - ok
13:25:54.0125 0752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:25:54.0125 0752 Raspti - ok
13:25:54.0156 0752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:25:54.0156 0752 Rdbss - ok
13:25:54.0171 0752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:25:54.0171 0752 RDPCDD - ok
13:25:54.0187 0752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:25:54.0203 0752 rdpdr - ok
13:25:54.0234 0752 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:25:54.0234 0752 RDPWD - ok
13:25:54.0265 0752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:25:54.0265 0752 redbook - ok
13:25:54.0296 0752 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:25:54.0296 0752 RimVSerPort - ok
13:25:54.0343 0752 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:25:54.0359 0752 RTL8192su - ok
13:25:54.0406 0752 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:25:54.0406 0752 SASDIFSV - ok
13:25:54.0437 0752 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:25:54.0437 0752 SASENUM - ok
13:25:54.0484 0752 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:25:54.0484 0752 SASKUTIL - ok
13:25:54.0531 0752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:25:54.0531 0752 Secdrv - ok
13:25:54.0578 0752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:25:54.0578 0752 serenum - ok
13:25:54.0593 0752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:25:54.0593 0752 Serial - ok
13:25:54.0625 0752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:25:54.0625 0752 Sfloppy - ok
13:25:54.0671 0752 sfng32 (3ce805e0e752f1febd52ac4899f5febf) C:\WINDOWS\system32\drivers\sfng32.sys
13:25:54.0671 0752 sfng32 - ok
13:25:54.0718 0752 Si3114r5 (92e8f42e73477390059b381577887bb0) C:\WINDOWS\system32\drivers\Si3114r5.sys
13:25:54.0718 0752 Si3114r5 - ok
13:25:54.0750 0752 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
13:25:54.0750 0752 SiFilter - ok
13:25:54.0765 0752 Simbad - ok
13:25:54.0812 0752 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
13:25:54.0812 0752 SIODRV - ok
13:25:54.0828 0752 SiWinAcc (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\drivers\SiWinAcc.sys
13:25:54.0828 0752 SiWinAcc - ok
13:25:54.0875 0752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:25:54.0875 0752 SLIP - ok
13:25:54.0890 0752 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
13:25:54.0890 0752 SMBios - ok
13:25:54.0921 0752 smbusp (8c1a8ad2dfe2cfe9f7ae1cee14773b18) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
13:25:54.0921 0752 smbusp - ok
13:25:54.0937 0752 Sparrow - ok
13:25:54.0968 0752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:25:54.0968 0752 splitter - ok
13:25:55.0000 0752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:25:55.0000 0752 sr - ok
13:25:55.0046 0752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:25:55.0062 0752 Srv - ok
13:25:55.0125 0752 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
13:25:55.0125 0752 STHDA - ok
13:25:55.0171 0752 Stltrk2k (31a9fea9ffafce0f2d1d712cfd6af568) C:\WINDOWS\system32\drivers\Stltrk2k.sys
13:25:55.0171 0752 Stltrk2k - ok
13:25:55.0203 0752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:25:55.0203 0752 streamip - ok
13:25:55.0234 0752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:25:55.0234 0752 swenum - ok
13:25:55.0265 0752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:25:55.0265 0752 swmidi - ok
13:25:55.0281 0752 symc810 - ok
13:25:55.0296 0752 symc8xx - ok
13:25:55.0328 0752 symlcbrd (993c0cb4bedddebf7254191ec8a3f67e) C:\WINDOWS\system32\drivers\symlcbrd.sys
13:25:55.0328 0752 symlcbrd - ok
13:25:55.0343 0752 sym_hi - ok
13:25:55.0359 0752 sym_u3 - ok
13:25:55.0375 0752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:25:55.0375 0752 sysaudio - ok
13:25:55.0421 0752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:25:55.0437 0752 Tcpip - ok
13:25:55.0453 0752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:25:55.0453 0752 TDPIPE - ok
13:25:55.0484 0752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:25:55.0484 0752 TDTCP - ok
13:25:55.0531 0752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:25:55.0531 0752 TermDD - ok
13:25:55.0546 0752 TosIde - ok
13:25:55.0609 0752 ubohci (9dd333fa5746c222bbb58ab704c78ba5) C:\WINDOWS\system32\DRIVERS\ubohci.sys
13:25:55.0609 0752 ubohci - ok
13:25:55.0625 0752 ubsbm (1bd61b9ac6756c58fd88fc74dcf1bd85) C:\WINDOWS\system32\DRIVERS\ubsbm.sys
13:25:55.0625 0752 ubsbm - ok
13:25:55.0640 0752 ubumapi (64461004a7e6a59f222b45d74a164556) C:\WINDOWS\system32\DRIVERS\ubumapi.sys
13:25:55.0640 0752 ubumapi - ok
13:25:55.0671 0752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:25:55.0671 0752 Udfs - ok
13:25:55.0718 0752 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\WINDOWS\system32\Drivers\usbicp.sys
13:25:55.0718 0752 uisp - ok
13:25:55.0734 0752 ultra - ok
13:25:55.0781 0752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:25:55.0781 0752 Update - ok
13:25:55.0828 0752 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:25:55.0828 0752 USBAAPL - ok
13:25:55.0875 0752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:25:55.0875 0752 usbaudio - ok
13:25:55.0906 0752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:25:55.0906 0752 usbccgp - ok
13:25:55.0937 0752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:25:55.0953 0752 usbehci - ok
13:25:55.0984 0752 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys
13:25:55.0984 0752 UsbFltr - ok
13:25:56.0015 0752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:25:56.0015 0752 usbhub - ok
13:25:56.0046 0752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:25:56.0046 0752 usbprint - ok
13:25:56.0062 0752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:25:56.0062 0752 usbscan - ok
13:25:56.0093 0752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:25:56.0093 0752 USBSTOR - ok
13:25:56.0125 0752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:25:56.0125 0752 usbuhci - ok
13:25:56.0156 0752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:25:56.0156 0752 VgaSave - ok
13:25:56.0171 0752 ViaIde - ok
13:25:56.0203 0752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:25:56.0203 0752 VolSnap - ok
13:25:56.0296 0752 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
13:25:56.0343 0752 VX6000 - ok
13:25:56.0375 0752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:25:56.0375 0752 Wanarp - ok
13:25:56.0390 0752 WDICA - ok
13:25:56.0421 0752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:25:56.0421 0752 wdmaud - ok
13:25:56.0484 0752 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:25:56.0484 0752 WpdUsb - ok
13:25:56.0515 0752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:25:56.0515 0752 WS2IFSL - ok
13:25:56.0546 0752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:25:56.0546 0752 WSTCODEC - ok
13:25:56.0593 0752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:25:56.0781 0752 \Device\Harddisk0\DR0 - ok
13:25:56.0781 0752 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
13:25:56.0828 0752 \Device\Harddisk5\DR6 - ok
13:25:56.0828 0752 Boot (0x1200) (21326ac5cf2fe0c509e32f47993f8dee) \Device\Harddisk0\DR0\Partition0
13:25:56.0828 0752 \Device\Harddisk0\DR0\Partition0 - ok
13:25:56.0828 0752 Boot (0x1200) (954edee5462e8381246eeb41aa333ab1) \Device\Harddisk5\DR6\Partition0
13:25:56.0843 0752 \Device\Harddisk5\DR6\Partition0 - ok
13:25:56.0843 0752 ============================================================
13:25:56.0843 0752 Scan finished
13:25:56.0843 0752 ============================================================
13:25:56.0843 0492 Detected object count: 2
13:25:56.0843 0492 Actual detected object count: 2
13:26:03.0203 0492 6b9d4615 ( HiddenFile.Multi.Generic ) - skipped by user
13:26:03.0203 0492 6b9d4615 ( HiddenFile.Multi.Generic ) - User select action: Skip
13:26:03.0484 0492 Backup copy found, using it..
13:26:03.0500 0492 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
13:26:03.0500 0492 MRxSmb ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
 
Ooops....it looks like email notification missed me.

Please post fresh RKUnhooker log.
 
Status
Not open for further replies.

Similar threads

midian182
WhatsApp fights fake news by limiting the number of times you can forward a message
Replies
0
Views
756
Ivan Franco
  • Locked
The best password managers
2
Replies
39
Views
8K
ttrtilley
T
M
Inactive RootKit virus -- need help removing!!
2
Replies
26
Views
13K
Jay Pfoutz
Jay Pfoutz

Latest posts

Back