suphysis
2009-08-30, 20:43
Hello,
I believe I have a malware rootkit in my computer. It's detected by AVG Anti-rootkit, Gmer, and RootRepeal. I've tried to get rid of it but it re-spawns under a randomly different name.
RootAlyze finds nothing. Malwarebytes' Anti-Malware, SUPERAntiSpyware, SpyBit S&D, and Kaspersky Online find nothing.
RootRepeal Finds hidden drivers. As soon as I press the "Hidden services" tab my computer reboots, same when I try to wipe the hidden driver in question.
Yesterday I did the ComboFix thing. It successfully (supposedly) detected and fixed some problems, but today I've detected this malware.
Below is the log file of HJT and Gmer.
Thanks for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:25 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ig?hl=es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.es/ig?hl=es
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll/gn_menu2.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.iberia.com/ibcomv3/content/COMUN/FLASH/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Administrador de Google Desktop 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b9bcbad22336) (gupdate1c9b9bcbad22336) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)
--
End of file - 8758 bytes
GMER 1.0.15.15077 [pdfe9dzy (gmer).exe] - http://www.gmer.net
Rootkit scan 2009-08-30 18:57:04
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwCreateProcess [0xB326AC1C]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwCreateProcessEx [0xB326AC36]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwOpenKey [0xB326AC6A]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwTerminateProcess [0xB326AC50]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9F508AC 5 Bytes JMP 8A45B1C8
? System32\Drivers\aokzycwi.SYS The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AA1E1E8
Device \Driver\usbohci \Device\USBPDO-0 8A45A1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AA8C1E8
Device \Driver\usbehci \Device\USBPDO-1 8A44E1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{04C5E1F6-DB42-41F0-A0DC-B0DAEA8AA7EF} 8A1811E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA211E8
Device \Driver\Cdrom \Device\CdRom0 8A264790
Device \Driver\Cdrom \Device\CdRom1 8A264790
Device \Driver\PCI_NTPNP8862 \Device\00000068 sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1811E8
Device \Driver\NetBT \Device\NetbiosSmb 8A1811E8
Device \Driver\usbohci \Device\USBFDO-0 8A45A1E8
Device \Driver\usbehci \Device\USBFDO-1 8A44E1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0D54B0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0D54B0
Device \Driver\Ftdisk \Device\FtControl 8AA211E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EB4F7566-F404-40D3-AADD-487586180CB3} 8A1811E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51Port6Path0Target10Lun0 8AA8B1E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51 8AA8B1E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51Port6Path2Target10Lun0 8AA8B1E8
Device \Driver\aokzycwi \Device\Scsi\aokzycwi1 8A2601E8
Device \Driver\aokzycwi \Device\Scsi\aokzycwi1Port7Path0Target0Lun0 8A2601E8
Device \FileSystem\Cdfs \Cdfs 8A168380
---- EOF - GMER 1.0.15 ----
I also cannot access the folder \...\System32\Drivers from the windows explorer (yes, I have activated the option to view hidden files and folders). I can access it from the console, though.:confused:
------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
I believe I have a malware rootkit in my computer. It's detected by AVG Anti-rootkit, Gmer, and RootRepeal. I've tried to get rid of it but it re-spawns under a randomly different name.
RootAlyze finds nothing. Malwarebytes' Anti-Malware, SUPERAntiSpyware, SpyBit S&D, and Kaspersky Online find nothing.
RootRepeal Finds hidden drivers. As soon as I press the "Hidden services" tab my computer reboots, same when I try to wipe the hidden driver in question.
Yesterday I did the ComboFix thing. It successfully (supposedly) detected and fixed some problems, but today I've detected this malware.
Below is the log file of HJT and Gmer.
Thanks for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:25 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ig?hl=es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.es/ig?hl=es
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1326648433.dll/gn_menu2.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.iberia.com/ibcomv3/content/COMUN/FLASH/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Administrador de Google Desktop 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b9bcbad22336) (gupdate1c9b9bcbad22336) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)
--
End of file - 8758 bytes
GMER 1.0.15.15077 [pdfe9dzy (gmer).exe] - http://www.gmer.net
Rootkit scan 2009-08-30 18:57:04
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwCreateProcess [0xB326AC1C]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwCreateProcessEx [0xB326AC36]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwOpenKey [0xB326AC6A]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]
SSDT \??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys (Process Monitor driver/Igor Nys) ZwTerminateProcess [0xB326AC50]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9F508AC 5 Bytes JMP 8A45B1C8
? System32\Drivers\aokzycwi.SYS The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Gustavo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AA1E1E8
Device \Driver\usbohci \Device\USBPDO-0 8A45A1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AA8C1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AA8C1E8
Device \Driver\usbehci \Device\USBPDO-1 8A44E1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{04C5E1F6-DB42-41F0-A0DC-B0DAEA8AA7EF} 8A1811E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA211E8
Device \Driver\Cdrom \Device\CdRom0 8A264790
Device \Driver\Cdrom \Device\CdRom1 8A264790
Device \Driver\PCI_NTPNP8862 \Device\00000068 sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1811E8
Device \Driver\NetBT \Device\NetbiosSmb 8A1811E8
Device \Driver\usbohci \Device\USBFDO-0 8A45A1E8
Device \Driver\usbehci \Device\USBFDO-1 8A44E1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0D54B0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0D54B0
Device \Driver\Ftdisk \Device\FtControl 8AA211E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EB4F7566-F404-40D3-AADD-487586180CB3} 8A1811E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51Port6Path0Target10Lun0 8AA8B1E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51 8AA8B1E8
Device \Driver\si3114r5 \Device\Scsi\si3114r51Port6Path2Target10Lun0 8AA8B1E8
Device \Driver\aokzycwi \Device\Scsi\aokzycwi1 8A2601E8
Device \Driver\aokzycwi \Device\Scsi\aokzycwi1Port7Path0Target0Lun0 8A2601E8
Device \FileSystem\Cdfs \Cdfs 8A168380
---- EOF - GMER 1.0.15 ----
I also cannot access the folder \...\System32\Drivers from the windows explorer (yes, I have activated the option to view hidden files and folders). I can access it from the console, though.:confused:
------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)