View Single Post
  #15  
Old May 7th, 2009, 06:46 PM
Bonksie's Avatar
Bonksie Bonksie is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: The Netherlands
Posts: 100
mbr.log and Gmer.log (non MS files)

Hi Jintan:

First, here is the mbr.log -

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

=============================

- and here is the secong Gmer scan with _Only MS files_ selected . . .


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-07 19:33:19
Windows 5.1.2600 Service Pack 3

---- Modules - GMER 1.0.15 ----
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F798B000-F798D000 (8192 bytes)
Module cmdide.sys (CMD PCI IDE-busstuurprogramma/CMD Technology, Inc.) F798D000-F798F000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7991000-F7993000 (8192 bytes)
Module sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) F7717000-F771C000 (20480 bytes)
Module symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) F78A3000-F78A7000 (16384 bytes)
Module asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) F771F000-F7726000 (28672 bytes)
Module asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) F78AF000-F78B3000 (16384 bytes)
Module mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) F7727000-F772C000 (20480 bytes)
Module symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) F7737000-F773F000 (32768 bytes)
Module sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) F773F000-F7746000 (28672 bytes)
Module sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) F7747000-F774F000 (32768 bytes)
Module ultra.sys (Promise ULTRA66 Minipoort Driver/Promise Technology, Inc.) F7667000-F7670000 (36864 bytes)
Module ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7677000-F7681000 (40960 bytes)
Module ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7687000-F7693000 (49152 bytes)
Module ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) F7697000-F76A3000 (49152 bytes)
Module dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) F7852000-F787E000 (180224 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F76C7000-F76D6000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F76D7000-F76E0000 (36864 bytes)
Module WDMCAPI.sys BAF70000-BB000000 (589824 bytes)
Module viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) BAF5D000-BAF70000 (77824 bytes)
Module viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) F7999000-F799B000 (8192 bytes)
Module ulsata.sys (Promise Ultra/Sata Series Driver for WinXP/Promise Technology, Inc.) F76F7000-F7707000 (65536 bytes)
Module siside.sys (SiS PCI Mini IDE Driver/Silicon Integrated Systems Corp.) F799B000-F799D000 (8192 bytes)
Module sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) F7586000-F7590000 (40960 bytes)
Module amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) F7536000-F7541000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 /NVIDIA Corporation) B9B1E000-B9C56000 (1277952 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) B9AC2000-B9AE6000 (147456 bytes)
Module \SystemRoot\system32\drivers\pfc.sys (Padus(R) ASPI Shell/Padus, Inc.) BAE37000-BAE3A000 (12288 bytes)
Module \SystemRoot\System32\Drivers\pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio) B9A6E000-B9A8B000 (118784 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) F7797000-F779E000 (28672 bytes)
Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) B9920000-B9A6E000 (1368064 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\wdmwanmp.sys F77BF000-F77C6000 (28672 bytes)
Module \SystemRoot\System32\Drivers\dvd_2K.SYS (DVD-RAM AddOn Driver/Roxio) F77C7000-F77CD000 (24576 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CF000-BA9D0000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) BA9CE000-BA9CF000 (4096 bytes)
Module \SystemRoot\System32\Drivers\cdudf_xp.SYS (CD-UDF NT Filesystem Driver/Roxio) B068E000-B06CE000 (262144 bytes)
Module \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS (DVDVR XP Filesystem Reader Driver/Roxio) B0630000-B0654000 (147456 bytes)
Module \SystemRoot\System32\Drivers\UdfReadr_xp.SYS (CD-UDF NT Filesystem Reader Driver/Roxio) B05C1000-B05F6000 (217088 bytes)
Module \SystemRoot\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) B051C000-B0543000 (159744 bytes)
Module \SystemRoot\System32\Drivers\UimFIO.SYS F79EB000-F79ED000 (8192 bytes)
Module \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) B0316000-B0349000 (208896 bytes)
Module \SystemRoot\system32\DRIVERS\P1120Vid.sys (Video Streaming and Capture Device Driver/Creative Technology Ltd.) B025D000-B0316000 (757760 bytes)
Module \SystemRoot\System32\DRIVERS\nvtvsnd.sys (NVIDIA WDM TV Sound/NVIDIA Corporation) B985E000-B9863000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\nvtunep.sys (NVIDIA WDM TVTuner/NVIDIA Corporation) B9856000-B985B000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\NVxbar.sys (NVIDIA WDM A/V Crossbar/NVIDIA Corporation) B0508000-B050B000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\nvcap.sys AFE72000-AFE8F000 (118784 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 45.23 /NVIDIA Corporation) BF9D5000-BFD8E000 (3903488 bytes)
Module \SystemRoot\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) B0215000-B021C000 (28672 bytes)
Module \SystemRoot\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) AF12C000-AF13E000 (73728 bytes)
Module \SystemRoot\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) AEB6C000-AEB75000 (36864 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\mbr.sys AF0E8000-AF0EB000 (12288 bytes)
Module \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\aujasnkj.sys (GMER) AE98D000-AE9A1000 (81920 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 180
Library C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 0x00400000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_3_11~1\Mc Util.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1043\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll (Sqlite3 Database Module/McAfee, Inc.) 0x62800000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcshllps.dll (McAfee McShell Proxy Stub DLL/McAfee, Inc.) 0x67300000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll (McAfee VirusScan Application Information/McAfee, Inc.) 0x60F00000
Library C:\PROGRA~1\McAfee\VIRUSS~1\1043\vscobres.dll (McAfee Application Information Provider/McAfee, Inc.) 0x6C100000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library c:\PROGRA~1\mcafee\msc\mcsubmgr\9_3_13~1\mcsubmgr. dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\mcafee\msc\mcmscver.dll (McMSCVer/McAfee, Inc.) 0x66D00000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll (McAfee VirusScan Protection Provider/McAfee, Inc.) 0x60B00000
Library c:\PROGRA~1\mcafee\msc\mcprotpv.dll (MISP Default Protection Provider/McAfee, Inc.) 0x66F00000
Library c:\PROGRA~1\mcafee\msc\mcnmcprv.dll (McAfee NMC Provider/McAfee, Inc.) 0x6B280000
Library c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL (McAfee Network Agent Proxy/Stub/McAfee, Inc.) 0x6B600000
Library c:\PROGRA~1\mcafee\msc\mcnmcsps.dll (McAfee NMC Server Proxy Stub/McAfee, Inc.) 0x6B380000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll (McAfee Configuration Object Tool/McAfee, Inc.) 0x61000000
Library c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll (McAfee VirusScan Announcer Proxy Stub dll/McAfee, Inc.) 0x61A00000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_3_13~1\mcregobj. dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library C:\PROGRA~1\McAfee\MSC\McProHlp.dll (Mc Security Index/McAfee, Inc.) 0x66E00000
Library c:\PROGRA~1\mcafee\msc\mcdemenu.dll (Default Menu Provider/McAfee, Inc.) 0x66900000
Library c:\PROGRA~1\mcafee\VIRUSS~1\mvscp.dll (McAfee VirusScan - Configuration Provider/McAfee, Inc.) 0x61100000
Library c:\PROGRA~1\mcafee\msc\mcuicfg.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x67600000
Library c:\PROGRA~1\mcafee\msc\mccfgpv.dll (MISP Default Configuration Provider/McAfee, Inc.) 0x66300000
Process c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 232
Library c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent/McAfee, Inc.) 0x00400000
Reply With Quote