« previous next »
Pages: 1 [2]

Author Topic: Spy Sweeper finding self replicating virus  (Read 1476 times)

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Spy Sweeper finding self replicating virus
« Reply #20 on: November 18, 2010, 02:53:47 AM »
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3977216 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.64 )
0xF666A000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3661824 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.64 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2063744 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2063744 bytes
0x804D7000 RAW 2063744 bytes
0x804D7000 WMIxWDM 2063744 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF4127000 C:\WINDOWS\system32\drivers\sthda.sys 1134592 bytes (SigmaTel, Inc., NDRC)
0xF3FF2000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xF7282000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF3CE8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF3E4F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB89E2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6558000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xF3E07000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF65C8000 C:\WINDOWS\system32\DRIVERS\rtl8185.sys 294912 bytes (Realtek Semiconductor Corporation                           , Realtek RTL8185 NDIS5.1 miniport driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8B01000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3CAC000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF6521000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF643D000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF6471000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF64CA000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7441000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7255000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7358000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB8B92000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF3D57000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7D06000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF3DA4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73CD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF65A3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF1A63000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6610000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6633000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF3D82000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4105000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF3DE6000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CF000 ACPI_HAL 131968 bytes
0x806CF000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7338000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73F3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7412000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF723A000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7384000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF739D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF1A23000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73B5000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF730F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF64B3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB904C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6656000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3EA7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7326000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7430000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF64A2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8EB6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF720A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7580000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7710000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF722A000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75F0000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75C0000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF7720000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF7590000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7740000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7650000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7760000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7770000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF71DA000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7630000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7620000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7790000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76C0000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76D0000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF76A0000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF76B0000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF7730000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7670000 sisagp.sys 45056 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7680000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xB7EB6000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB8D8E000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF77C0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7610000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75E0000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF77B0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7690000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF7640000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF719A000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7570000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77A0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF71BA000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8E86000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF721A000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF7660000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF75D0000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7600000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF71CA000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78E8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7930000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7820000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7830000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7808000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7918000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7858000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7850000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7828000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF78A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7838000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7840000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF78B0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78B8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78C0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7920000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7860000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF7848000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7818000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7810000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7928000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78D0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7800000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78A0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7938000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7994000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79A4000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7988000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF79AC000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF714A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7990000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF799C000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF79A8000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF712A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB99F9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF714E000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF7998000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF798C000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF79A0000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7980000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7984000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF3CA8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7146000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7156000 C:\WINDOWS\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0xF7172000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A74000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A8A000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF7ABC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A80000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A7C000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7A7E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A8C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7ABA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AB8000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A76000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A70000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7ABE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A82000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7AC0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AAE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A78000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7AAC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A7A000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C76000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B5E000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7B62000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7C31000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B63000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B39000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [nvtcp.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [mhndrv.sys]
WARNING: Virus alike driver modification [nvsmu.sys]
WARNING: Virus alike driver modification [AGRSM.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [sthda.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [AVGIDSDriver.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [nvnetbus.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [bcm42rly.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [SynTP.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [RTSTOR.sys]
WARNING: Virus alike driver modification [nvsnpu.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [avgldx86.sys]
WARNING: Virus alike driver modification [Tmfilter.sys]
WARNING: Virus alike driver modification [AVGIDSEH.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [avgrkx86.sys]
WARNING: Virus alike driver modification [AVGIDSShim.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [rtl8185.sys]
WARNING: Virus alike driver modification [avgtdix.sys]
WARNING: Virus alike driver modification [AVGIDSFilter.sys]
WARNING: Virus alike driver modification [nvnrm.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [wanatw4.sys]
WARNING: Virus alike driver modification [NVENETFD.sys]
WARNING: Virus alike driver modification [avgmfx86.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [AmdK8.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [HPZid412.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [asctrm.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [mqac.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP812\A0148283.gdb
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002AF68, Type: Inline - RelativeJump 0x80501F68-->80501F75 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006A86A, Type: Inline - RelativeJump 0x8054186A-->80541871 [ntkrnlpa.exe]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spy Sweeper finding self replicating virus
« Reply #21 on: November 18, 2010, 10:23:23 AM »
a double check, can you do the following please
  • Download [color="#0000FF"]TDSSKiller[/color] and save it to your Desktop.
       
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
       
  • If an infected file is detected, the default action will be Cure, click on Continue.
       
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

       
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

       
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
       
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Also, download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Spy Sweeper finding self replicating virus
« Reply #22 on: November 18, 2010, 02:49:41 PM »
2010/11/18 13:47:29.0171   TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/18 13:47:29.0171   ================================================================================
2010/11/18 13:47:29.0171   SystemInfo:
2010/11/18 13:47:29.0171   
2010/11/18 13:47:29.0171   OS Version: 5.1.2600 ServicePack: 2.0
2010/11/18 13:47:29.0171   Product type: Workstation
2010/11/18 13:47:29.0171   ComputerName: YOUR-45F4F212AB
2010/11/18 13:47:29.0187   UserName: Owner
2010/11/18 13:47:29.0187   Windows directory: C:\WINDOWS
2010/11/18 13:47:29.0187   System windows directory: C:\WINDOWS
2010/11/18 13:47:29.0187   Processor architecture: Intel x86
2010/11/18 13:47:29.0187   Number of processors: 1
2010/11/18 13:47:29.0250   Page size: 0x1000
2010/11/18 13:47:29.0250   Boot type: Normal boot
2010/11/18 13:47:29.0250   ================================================================================
2010/11/18 13:47:34.0281   Initialize success
2010/11/18 13:47:47.0875   ================================================================================
2010/11/18 13:47:47.0875   Scan started
2010/11/18 13:47:47.0875   Mode: Manual;
2010/11/18 13:47:47.0875   ================================================================================
2010/11/18 13:47:50.0828   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/18 13:47:51.0375   ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/18 13:47:51.0781   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/18 13:47:52.0015   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/18 13:47:52.0093   aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/18 13:47:52.0281   AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/18 13:47:52.0437   AgereSoftModem  (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/18 13:47:52.0765   agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/18 13:47:52.0859   agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/18 13:47:52.0968   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/18 13:47:53.0171   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/18 13:47:53.0296   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/18 13:47:53.0484   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/18 13:47:53.0703   alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/18 13:47:53.0765   amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/18 13:47:53.0921   AmdK8           (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/11/18 13:47:54.0109   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/18 13:47:54.0218   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/18 13:47:54.0328   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/18 13:47:54.0593   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/18 13:47:54.0671   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/18 13:47:54.0781   ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/18 13:47:55.0031   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/18 13:47:55.0218   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/18 13:47:55.0312   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/18 13:47:55.0593   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/18 13:47:55.0687   AVGIDSDriver    (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/18 13:47:55.0734   AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/18 13:47:55.0796   AVGIDSFilter    (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/18 13:47:55.0828   AVGIDSShim      (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/18 13:47:55.0906   Avgldx86        (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/18 13:47:56.0078   Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/18 13:47:56.0140   Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/18 13:47:56.0187   Avgtdix         (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/18 13:47:56.0265   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/18 13:47:56.0687   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/18 13:47:56.0781   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/18 13:47:56.0796   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/18 13:47:56.0859   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/18 13:47:56.0953   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/18 13:47:57.0218   Cdr4_xp         (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/18 13:47:57.0328   Cdralw2k        (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/18 13:47:57.0437   Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/18 13:47:57.0656   CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/18 13:47:57.0750   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/18 13:47:57.0796   Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/18 13:47:57.0859   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/18 13:47:57.0937   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/18 13:47:58.0171   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/18 13:47:58.0265   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/18 13:47:58.0390   dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/18 13:47:58.0687   dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/18 13:47:58.0765   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/18 13:47:58.0937   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/18 13:47:59.0171   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/18 13:47:59.0296   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/18 13:47:59.0406   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/18 13:47:59.0671   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/18 13:47:59.0875   Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/18 13:47:59.0984   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/18 13:48:00.0062   FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/18 13:48:00.0343   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/18 13:48:00.0390   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/18 13:48:00.0531   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/18 13:48:00.0609   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/18 13:48:00.0906   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/18 13:48:01.0078   HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/18 13:48:01.0312   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/18 13:48:01.0390   HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/18 13:48:01.0500   HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/18 13:48:01.0703   HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/18 13:48:01.0812   HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/18 13:48:02.0140   i2omgmt         (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/18 13:48:02.0218   i2omp           (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/18 13:48:02.0312   i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/18 13:48:02.0390   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/18 13:48:02.0453   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/18 13:48:02.0828   IntelIde        (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/18 13:48:02.0921   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/18 13:48:03.0000   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/18 13:48:03.0046   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/18 13:48:03.0250   IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/18 13:48:03.0375   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/18 13:48:03.0453   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/18 13:48:03.0671   isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/18 13:48:03.0765   Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/18 13:48:03.0828   kbdhid          (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/18 13:48:03.0875   kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/18 13:48:03.0921   KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/18 13:48:04.0187   MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/18 13:48:04.0250   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/18 13:48:04.0359   Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/18 13:48:04.0562   Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/18 13:48:04.0687   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/18 13:48:04.0812   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/18 13:48:05.0046   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/18 13:48:05.0156   MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/18 13:48:05.0265   MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/18 13:48:05.0515   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/18 13:48:05.0625   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/18 13:48:05.0703   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/18 13:48:05.0921   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/18 13:48:06.0015   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/18 13:48:06.0078   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/18 13:48:06.0140   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/18 13:48:06.0203   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/18 13:48:06.0453   Ndisuio         (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/18 13:48:06.0578   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/18 13:48:06.0656   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/18 13:48:06.0859   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/18 13:48:06.0953   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/18 13:48:07.0109   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/18 13:48:07.0328   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/18 13:48:07.0390   Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/18 13:48:07.0515   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/18 13:48:07.0718   nv              (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/18 13:48:08.0078   NVENETFD        (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/18 13:48:08.0156   nvnetbus        (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/18 13:48:08.0281   nvsmu           (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/11/18 13:48:08.0484   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/18 13:48:08.0593   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/18 13:48:08.0687   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/18 13:48:08.0937   Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/18 13:48:09.0062   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/18 13:48:09.0156   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/18 13:48:09.0421   PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/18 13:48:09.0562   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/18 13:48:09.0640   Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/18 13:48:09.0812   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/18 13:48:10.0125   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/18 13:48:10.0234   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/18 13:48:10.0328   Processor       (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/18 13:48:10.0421   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/18 13:48:10.0687   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/18 13:48:10.0765   PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/18 13:48:10.0843   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/18 13:48:10.0906   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/18 13:48:11.0125   ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/18 13:48:11.0187   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/18 13:48:11.0250   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/18 13:48:11.0312   QV2KUX          (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2010/11/18 13:48:11.0390   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/18 13:48:11.0625   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/18 13:48:11.0765   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/18 13:48:11.0875   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/18 13:48:12.0109   Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/18 13:48:12.0218   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/18 13:48:12.0296   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/18 13:48:12.0359   RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/18 13:48:12.0562   redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/18 13:48:12.0656   rtl8185         (2479368dae88512c69664413102f8426) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/11/18 13:48:12.0734   RTSTOR          (acb0cc2db56f831a5dcd515f21eb3b36) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2010/11/18 13:48:12.0859   sdbus           (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/18 13:48:13.0078   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/18 13:48:13.0156   Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/18 13:48:13.0281   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/18 13:48:13.0375   sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/18 13:48:13.0609   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/18 13:48:13.0687   splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/18 13:48:13.0765   sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/18 13:48:13.0875   Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/18 13:48:14.0187   STHDA           (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
2010/11/18 13:48:14.0296   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/18 13:48:14.0328   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/18 13:48:14.0578   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/18 13:48:14.0656   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/18 13:48:14.0734   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/18 13:48:14.0765   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/18 13:48:14.0843   SynTP           (4f9cd4efcc55c76a39452dbb0579f5fc) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/18 13:48:15.0109   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/18 13:48:15.0187   Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/18 13:48:15.0328   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/18 13:48:15.0546   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/18 13:48:15.0640   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/18 13:48:15.0781   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/18 13:48:16.0062   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/18 13:48:16.0156   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/18 13:48:16.0250   Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/18 13:48:16.0484   USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/18 13:48:16.0656   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/18 13:48:16.0843   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/18 13:48:17.0015   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/18 13:48:17.0265   usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/18 13:48:17.0359   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/18 13:48:17.0453   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/18 13:48:17.0687   usbstor         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/18 13:48:17.0796   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/18 13:48:17.0875   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/18 13:48:17.0921   viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/18 13:48:18.0328   ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/18 13:48:18.0421   VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/18 13:48:18.0484   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/18 13:48:18.0578   wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/18 13:48:18.0828   wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/18 13:48:19.0046   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/18 13:48:19.0156   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/18 13:48:19.0296   ================================================================================
2010/11/18 13:48:19.0296   Scan finished
2010/11/18 13:48:19.0296   ================================================================================
Logged

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Spy Sweeper finding self replicating virus
« Reply #23 on: November 18, 2010, 02:53:14 PM »
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 2 (build 2600)
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 175):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806CF000 \WINDOWS\system32\hal.dll
  0xF7A70000 \WINDOWS\system32\KDCOM.DLL
  0xF7980000 \WINDOWS\system32\BOOTVID.dll
  0xF7441000 ACPI.sys
  0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7430000 pci.sys
  0xF7570000 isapnp.sys
  0xF7580000 ohci1394.sys
  0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7984000 compbatt.sys
  0xF7988000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xF7B38000 pciide.sys
  0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7A74000 aliide.sys
  0xF7A76000 intelide.sys
  0xF7A78000 toside.sys
  0xF7A7A000 viaide.sys
  0xF7A7C000 cmdide.sys
  0xF7412000 pcmcia.sys
  0xF75A0000 MountMgr.sys
  0xF73F3000 ftdisk.sys
  0xF7A7E000 dmload.sys
  0xF73CD000 dmio.sys
  0xF798C000 ACPIEC.sys
  0xF7B39000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
  0xF77F8000 PartMgr.sys
  0xF75B0000 VolSnap.sys
  0xF7990000 cpqarray.sys
  0xF73B5000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF739D000 atapi.sys
  0xF7994000 aha154x.sys
  0xF7800000 sparrow.sys
  0xF7998000 symc810.sys
  0xF75C0000 aic78xx.sys
  0xF799C000 dac960nt.sys
  0xF75D0000 ql10wnt.sys
  0xF79A0000 amsint.sys
  0xF7808000 asc.sys
  0xF79A4000 asc3550.sys
  0xF7810000 mraid35x.sys
  0xF7818000 i2omp.sys
  0xF79A8000 ini910u.sys
  0xF75E0000 ql1240.sys
  0xF75F0000 aic78u2.sys
  0xF7820000 symc8xx.sys
  0xF7828000 sym_hi.sys
  0xF7830000 sym_u3.sys
  0xF7838000 ABP480N5.SYS
  0xF7840000 asc3350p.sys
  0xF7A80000 cd20xrnt.sys
  0xF7600000 ultra.sys
  0xF7384000 adpu160m.sys
  0xF7848000 dpti2o.sys
  0xF7610000 ql1080.sys
  0xF7620000 ql1280.sys
  0xF7630000 ql12160.sys
  0xF7850000 perc2.sys
  0xF7A82000 perc2hib.sys
  0xF7858000 hpn.sys
  0xF79AC000 cbidf2k.sys
  0xF7358000 dac2w2k.sys
  0xF7640000 disk.sys
  0xF7650000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7338000 fltMgr.sys
  0xF7326000 sr.sys
  0xF7660000 PxHelp20.sys
  0xF730F000 KSecDD.sys
  0xF7282000 Ntfs.sys
  0xF7255000 NDIS.sys
  0xF7670000 sisagp.sys
  0xF7680000 viaagp.sys
  0xF723A000 Mup.sys
  0xF7860000 avgrkx86.sys
  0xF7690000 AVGIDSEH.Sys
  0xF76A0000 alim1541.sys
  0xF76B0000 amdagp.sys
  0xF76C0000 agp440.sys
  0xF76D0000 agpCPQ.sys
  0xF7750000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF59CE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF59BA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF713A000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0xF7978000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF5997000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7878000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF5DDC000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF5DCC000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF5DBC000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF5974000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7880000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xF592C000 \SystemRoot\system32\DRIVERS\rtl8185.sys
  0xF5907000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF7132000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xF58BC000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xF5885000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xF712E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xF5DAC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7888000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF5856000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0xF7ABC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7890000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7C57000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF5D9C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF712A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF583F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF5D8C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF5D7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7898000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF582E000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF5D6C000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF78A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF57FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF5D5C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7ABE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF57C9000 \SystemRoot\system32\DRIVERS\update.sys
  0xF63F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF5D4C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7760000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7770000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xF34C3000 \SystemRoot\system32\drivers\sthda.sys
  0xF34A1000 \SystemRoot\system32\drivers\portcls.sys
  0xF7780000 \SystemRoot\system32\drivers\drmk.sys
  0xF338E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF78C0000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7ACE000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF77A0000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
  0xF7B3E000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
  0xF7B42000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
  0xF7AD2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7B43000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AD4000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF78F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF78F8000 \SystemRoot\System32\drivers\vga.sys
  0xF7AD6000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AD8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7900000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7908000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7A54000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF32C9000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF3271000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3229000 \SystemRoot\system32\DRIVERS\avgtdix.sys
  0xF3208000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF77B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF31E0000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF31BE000 \SystemRoot\System32\drivers\afd.sys
  0xF77C0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF30F3000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF3084000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF77E0000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF3048000 \SystemRoot\system32\DRIVERS\avgldx86.sys
  0xF0C8B000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF0C4B000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AFE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7166000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF7968000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7C4A000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xBA5A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB9BBB000 \SystemRoot\system32\drivers\wdmaud.sys
  0xF315E000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF2113000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB8D45000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7AF8000 \SystemRoot\System32\Drivers\ASCTRM.SYS
  0xB9A65000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
  0xB8BEC000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB8AF5000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB8A45000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
  0xB88C5000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
  0xB7CD9000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
       0 System Idle Process
       4 System
     736 C:\WINDOWS\system32\smss.exe
     792 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
     968 csrss.exe
    1012 C:\WINDOWS\system32\winlogon.exe
    1064 C:\WINDOWS\system32\services.exe
    1076 C:\WINDOWS\system32\lsass.exe
    1252 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    1340 C:\WINDOWS\system32\svchost.exe
    1408 svchost.exe
    1496 svchost.exe
    1824 C:\WINDOWS\system32\spoolsv.exe
     372 C:\WINDOWS\explorer.exe
     608 C:\WINDOWS\AGRSMMSG.exe
     652 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     664 C:\Program Files\DriveIcon\DriveIcon.exe
     672 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
     840 C:\Program Files\iTunes\iTunesHelper.exe
     932 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
     940 C:\Program Files\AVG\AVG10\avgtray.exe
     964 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1452 C:\WINDOWS\system32\ctfmon.exe
    1236 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    1552 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    1788 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    1124 svchost.exe
     168 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
     236 C:\Program Files\AVG\AVG10\avgwdsvc.exe
     188 C:\Program Files\Bonjour\mDNSResponder.exe
     316 C:\WINDOWS\system32\svchost.exe
    1660 C:\WINDOWS\system32\svchost.exe
     600 C:\WINDOWS\system32\nvsvc32.exe
     384 C:\WINDOWS\system32\svchost.exe
     760 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     620 svchost.exe
    1424 C:\WINDOWS\system32\svchost.exe
    1472 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    1912 mcrdsvc.exe
    2080 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    2340 C:\Program Files\Canon\CAL\CALMAIN.exe
    2436 C:\Program Files\AVG\AVG10\avgnsx.exe
    2464 C:\Program Files\AVG\AVG10\avgemcx.exe
    2772 C:\WINDOWS\system32\wuauclt.exe
    3500 C:\Program Files\iPod\bin\iPodService.exe
    3888 alg.exe
    4036 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    1992 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    1024 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3124 C:\WINDOWS\system32\svchost.exe
    4024 C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    2296 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    2320 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    2284 C:\Documents and Settings\Owner.YOUR-45F4F212AB\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52486400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: HTS421280H9AT00, Rev: HA3OA70S

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Gateway MBR code detected
            SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


Done!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spy Sweeper finding self replicating virus
« Reply #24 on: November 18, 2010, 03:36:39 PM »
Looks good, you can manually delete MBRCheck.exe,tdsskiller and RkUnhookerLE
Go to START>>RUN>>Copy and paste the next command then hit OK

[color="#FF0000"]ComboFix /uninstall[/color]

This will uninstall ComboFix and it's components

Let's get Adobe Reader, Adobe Flash, and Java updated and Secured

First, close down all browser windows
Access your Add/Remove Programs
If you didn't intentionally install

Viewpoint Media Player, uninstall it
NEXT:

Leave your browser windows closed, uninstall both
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 3

To ensure we have rid you of all parts of Java
download JavaRa and unzip it to your desktop.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
Remove Useless JRE Files
      Remove Startup Entry

   
  • Click Go then ok to all the prompts
Then, Adobe Reader is outdated
uninstall Adobe Reader 9.1 from Add/Remove programs

Finally, To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Double-click on the file you've downloaded to uninstall Flash.
4. You can delete the uninstaller from desktop

Double  click on OTL.exe and Run it
  • Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [Reboot]

  • Then click the [color="#FF0000"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted

Let's get your software updated
[color="blue"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) .
  • Save the Windows OFFLINE installer to desktop
  • Double click on the installer to run it
  • Follow the prompts, UNTICK the option to install Google toolbar or similiar
You can delete the installer after successful install
Note: Java installs a Java Quick Starter service that is not required to run properly
Your option to disable it
Open the Java icon in Windows Control Panel
Open the ADVANCED tab>>Miscellaneous
Untick "Java Quick Starter"
Apply and OK it

Let's update Adobe Flash
Go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

let's get Adobe Reader updated
Go to the following link
http://get.adobe.com/reader/

UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar
Download/install the latest version of Adobe Reader

When completed the above steps
Can you post a fresh Hijackthis log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Spy Sweeper finding self replicating virus
« Reply #25 on: November 18, 2010, 06:25:20 PM »
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:40 PM, on 11/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DriveIcon\DriveIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 037FBE65 - Unknown owner - C:\WINDOWS\system32\037FBE65.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10168 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spy Sweeper finding self replicating virus
« Reply #26 on: November 18, 2010, 06:36:59 PM »
It looks like a new file/entry appeared
Can you open OTL.exe and put a tick next to "Lop Check" and "Purity Check"
Click "Run Scan"

Post the new log that opens when it's done

In addition:
Go to this link
http://www.virustotal.com/

Use the browse button and navigate to this file on your hard disk
C:\WINDOWS\system32\037FBE65.exe <--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Or just post the link to the results page
« Last Edit: November 18, 2010, 06:38:04 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »