DDS Log
DDS (Ver_10-12-12.02) - NTFSx86
Run by Aaron Carpenter at 18:42:01.46 on Wed 12/15/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -6:00]
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\AARONC~1.AA~\LOCALS~1\Temp\Rar$EX02.625\gmer.exe
C:\Documents and Settings\Aaron Carpenter.AARONCARPENTER\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
============= SERVICES / DRIVERS ===============
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-8-24 26120]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-8-24 20616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-13 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-4-13 192512]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-9-29 16400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-24 363344]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-8-24 122504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-24 20952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-9-29 97808]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-8-24 14216]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-9-29 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-9-29 21904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-7 11520]
S3 Wotydisop;Wotydisop; [x]
=============== Created Last 30 ================
2010-12-13 22:00:46 -------- d-----w- c:\docume~1\aaronc~1.aa~\locals~1\applic~1\PCHealth
2010-12-13 20:29:14 -------- d-----w- c:\docume~1\aaronc~1.aa~\applic~1\Malwarebytes
2010-12-13 12:32:21 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-12-13 12:28:56 38848 ----a-w- c:\windows\avastSS.scr
2010-12-13 12:28:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-13 12:01:19 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-13 12:01:15 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-13 12:01:14 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-13 12:01:10 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-13 12:01:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-13 12:01:00 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-13 11:59:58 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-12-13 11:58:59 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-12-13 11:57:58 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-12-13 11:56:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-12-13 11:55:58 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-12-13 11:54:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-13 11:53:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-12-13 11:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-12-13 11:51:57 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2010-12-13 11:50:58 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-12-13 11:49:59 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-12-13 11:48:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-12-13 11:47:59 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-12-13 11:46:59 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-13 11:45:58 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-12-13 11:44:59 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-12-13 11:43:57 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-12-13 11:42:58 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-12-13 11:41:56 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-12-13 11:40:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-12-13 11:39:59 171520 ----a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-12-13 11:38:59 131156 ----a-w- c:\windows\system32\dllcache\digidbp.dll
2010-12-13 11:37:58 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-12-13 11:36:59 36128 ----a-w- c:\windows\system32\dllcache\banshee.sys
2010-12-13 11:35:54 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-12-13 10:34:41 416 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-12-13 10:34:41 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-12-13 10:34:37 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
==================== Find3M ====================
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2060BH rev.0085002A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83FECCEC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x83728846; SUB DWORD [EBP-0x4], 0x8372812e; PUSH EDI; CALL 0xffffffffffffe10c; }
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2060BH_______________________0085002A#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83FECAEA
user & kernel MBR OK
sectors 114270343 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 18:44:24.10 ===============
DDS (Ver_10-12-12.02) - NTFSx86
Run by Aaron Carpenter at 18:42:01.46 on Wed 12/15/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -6:00]
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\AARONC~1.AA~\LOCALS~1\Temp\Rar$EX02.625\gmer.exe
C:\Documents and Settings\Aaron Carpenter.AARONCARPENTER\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
============= SERVICES / DRIVERS ===============
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-8-24 26120]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-8-24 20616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-13 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-4-13 192512]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-9-29 16400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-24 363344]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-8-24 122504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-24 20952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-9-29 97808]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-8-24 14216]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-9-29 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-9-29 21904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-7 11520]
S3 Wotydisop;Wotydisop; [x]
=============== Created Last 30 ================
2010-12-13 22:00:46 -------- d-----w- c:\docume~1\aaronc~1.aa~\locals~1\applic~1\PCHealth
2010-12-13 20:29:14 -------- d-----w- c:\docume~1\aaronc~1.aa~\applic~1\Malwarebytes
2010-12-13 12:32:21 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-12-13 12:28:56 38848 ----a-w- c:\windows\avastSS.scr
2010-12-13 12:28:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-13 12:01:19 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-13 12:01:15 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-13 12:01:14 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-13 12:01:10 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-13 12:01:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-13 12:01:00 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-13 11:59:58 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-12-13 11:58:59 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-12-13 11:57:58 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-12-13 11:56:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-12-13 11:55:58 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-12-13 11:54:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-13 11:53:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-12-13 11:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-12-13 11:51:57 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2010-12-13 11:50:58 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-12-13 11:49:59 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-12-13 11:48:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-12-13 11:47:59 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-12-13 11:46:59 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-13 11:45:58 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-12-13 11:44:59 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-12-13 11:43:57 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-12-13 11:42:58 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-12-13 11:41:56 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-12-13 11:40:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-12-13 11:39:59 171520 ----a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-12-13 11:38:59 131156 ----a-w- c:\windows\system32\dllcache\digidbp.dll
2010-12-13 11:37:58 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-12-13 11:36:59 36128 ----a-w- c:\windows\system32\dllcache\banshee.sys
2010-12-13 11:35:54 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-12-13 10:34:41 416 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-12-13 10:34:41 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-12-13 10:34:37 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
==================== Find3M ====================
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2060BH rev.0085002A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83FECCEC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x83728846; SUB DWORD [EBP-0x4], 0x8372812e; PUSH EDI; CALL 0xffffffffffffe10c; }
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2060BH_______________________0085002A#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83FECAEA
user & kernel MBR OK
sectors 114270343 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 18:44:24.10 ===============