Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nortons keeps blocking an attack from litOgraphy-type.com


  • This topic is locked This topic is locked
6 replies to this topic

#1 shawnzer33

shawnzer33

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollidaysburg, PA
  • Local time:04:30 PM

Posted 23 May 2011 - 02:46 PM

I think I have a virus or rootkit Norton keeps blocking an attack that reads:

Risk name: Tidserv activity 2
Attacking computer: litOgraphy-type.com (188.95.52.161, 443
Destination Address: KING-E6AEE95FF1 (192.168.2.101, 1040
Source Address: 188.95.52.161
Traffic Description: TCP, https

Just started 3 days ago

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 11:40:57 on 2011-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.54 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
D:\WINDOWS\system32\svchost -k rpcss
D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
D:\Program Files\Trusteer\Rapport\bin\RapportService.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
D:\WINDOWS\system32\WSCRIPT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = "d:\program files\outlook express\msimn.exe" //mailurl:mailto:contact@buprenorphine-doctors.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\nero\lib\NMBgMonitor.exe"
mRun: [SoundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [igfxtray] d:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
mRun: [igfxpers] d:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
StartupFolder: d:\docume~1\owner\startm~1\programs\startup\magicdisc.lnk - d:\program files\magicdisc\MagicDisc.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Download with ImTOO iPhone Transfer Platinum - d:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: hrblock.com\taxes
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\owner\application data\mozilla\firefox\profiles\kor9yvwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\IPSFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\nav\1108000.005\symds.sys [2010-11-15 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\nav\1108000.005\symefa.sys [2010-11-15 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-19 802936]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2010-11-15 501888]
R1 RapportCerberus_26169;RapportCerberus_26169;d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;d:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;d:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\nav\1108000.005\ironx86.sys [2010-11-15 116784]
R2 NAV;Norton AntiVirus;d:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe [2010-11-15 126392]
R2 RapportMgmtService;Rapport Management Service;d:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20110518.001\IDSXpx86.sys [2011-5-19 341944]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20110522.002\NAVENG.SYS [2011-5-22 86008]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20110522.002\NAVEX15.SYS [2011-5-22 1542392]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;d:\windows\system32\drivers\rt2870.sys [2010-12-4 709248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DfSdkS;Defragmentation-Service;d:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2010-11-15 406016]
S3 MSFT43XX;Microsoft Wireless Notebook Adapter Driver;d:\windows\system32\drivers\mn720-50.sys [2003-7-18 254208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-22 19:42:19 92160 ----a-w- d:\windows\system32\drivers\mcdbus.sys
2011-05-22 19:42:05 -------- d-----w- d:\program files\MagicDisc
2011-05-22 00:01:29 94208 --sha-r- d:\windows\system32\WMVXENCDP.dll
2011-05-21 05:05:50 135168 ----a-w- d:\windows\system32\igfxres.dll
2011-05-21 05:00:04 -------- d-----w- d:\documents and settings\owner\application data\Black Sea Studios
2011-05-20 04:01:09 -------- d-----w- d:\documents and settings\owner\application data\.minecraft
2011-05-15 02:55:46 -------- d-----w- d:\program files\Activision
2011-05-15 02:51:06 -------- d-----w- d:\program files\Alcohol Soft
2011-05-15 02:45:24 436792 ----a-w- d:\windows\system32\drivers\sptd.sys
2011-04-28 18:34:50 53816 ----a-w- d:\windows\system32\drivers\RapportKELL.sys
2011-04-28 00:40:53 -------- d-----w- d:\program files\Studio 3
.
==================== Find3M ====================
.
2011-04-18 00:49:16 20480 ----a-w- d:\windows\system32\H@tKeysH@@k.DLL
2011-04-03 14:47:04 2829 ----a-w- d:\windows\War3Unin.pif
2011-04-03 14:47:03 139264 ----a-w- d:\windows\War3Unin.exe
2011-03-07 05:31:47 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-03-04 06:35:38 420864 ----a-w- d:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- d:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- d:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F046F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f0aa10]; MOV EAX, [0x82f0aa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82FA3AB8]
3 CLASSPNP[0xF86F7FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x82F95838]
\Driver\atapi[0x82F934B0] -> IRP_MJ_CREATE -> 0x82F046F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F0453B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:43:56.54 ===============
Attached File  attach.txt   10.13KB   1 downloads

Attached Files

  • Attached File  ark.txt   20.47KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:30 PM

Posted 23 May 2011 - 04:31 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 shawnzer33

shawnzer33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollidaysburg, PA
  • Local time:04:30 PM

Posted 23 May 2011 - 11:16 PM

Ok, Thank you kindly for the help. Heres the aswmbr log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 00:13:18
-----------------------------
00:13:18.250 OS Version: Windows 5.1.2600 Service Pack 3
00:13:18.250 Number of processors: 1 586 0x409
00:13:18.250 ComputerName: KING-E6AEE95FF1 UserName: Owner
00:13:20.843 Initialize success
00:13:45.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:13:45.218 Disk 0 Vendor: WDC_WD1600JB-75GVC0 08.02D08 Size: 152587MB BusType: 3
00:13:45.218 Device \Driver\atapi -> DriverStartIo 82efa53b
00:13:45.218 Disk 0 MBR read error 0
00:13:45.218 Disk 0 MBR scan
00:13:45.218 Disk 0 unknown MBR code
00:13:45.218 MBR BIOS signature not found 0
00:13:45.218 Disk 0 scanning sectors +305893665
00:13:45.250 Disk 0 scanning D:\WINDOWS\system32\drivers
00:14:04.203 Service scanning
00:14:06.109 Disk 0 trace - called modules:
00:14:06.109 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82efa6f0]<<
00:14:06.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f5eab8]
00:14:06.109 3 CLASSPNP.SYS[f86f7fd7] -> nt!IofCallDriver -> [0x82ec0b08]
00:14:06.171 \Driver\atapi[0x82fce328] -> IRP_MJ_CREATE -> 0x82efa6f0
00:14:06.171 Scan finished successfully
00:14:36.109 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Owner\Desktop\MBR.dat"
00:14:36.109 The log file has been saved successfully to "D:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:30 PM

Posted 24 May 2011 - 04:07 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 shawnzer33

shawnzer33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollidaysburg, PA
  • Local time:04:30 PM

Posted 24 May 2011 - 11:24 PM

OK it cured something and so far no norton attack alerts so thanx. It also said it skipped a driver that was locked? Is it ok to delete it?

heres the log

2011/05/25 00:07:27.0593 0912 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
2011/05/25 00:07:28.0375 0912 ================================================================================
2011/05/25 00:07:28.0375 0912 SystemInfo:
2011/05/25 00:07:28.0375 0912
2011/05/25 00:07:28.0375 0912 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 00:07:28.0375 0912 Product type: Workstation
2011/05/25 00:07:28.0375 0912 ComputerName: KING-E6AEE95FF1
2011/05/25 00:07:28.0375 0912 UserName: Owner
2011/05/25 00:07:28.0375 0912 Windows directory: D:\WINDOWS
2011/05/25 00:07:28.0375 0912 System windows directory: D:\WINDOWS
2011/05/25 00:07:28.0375 0912 Processor architecture: Intel x86
2011/05/25 00:07:28.0375 0912 Number of processors: 1
2011/05/25 00:07:28.0375 0912 Page size: 0x1000
2011/05/25 00:07:28.0375 0912 Boot type: Normal boot
2011/05/25 00:07:28.0375 0912 ================================================================================
2011/05/25 00:07:33.0921 0912 Initialize success
2011/05/25 00:07:46.0078 2080 ================================================================================
2011/05/25 00:07:46.0078 2080 Scan started
2011/05/25 00:07:46.0078 2080 Mode: Manual;
2011/05/25 00:07:46.0078 2080 ================================================================================
2011/05/25 00:07:47.0000 2080 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 00:07:47.0093 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/25 00:07:47.0296 2080 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/05/25 00:07:47.0437 2080 AFD (38d7b715504da4741df35e3594fe2099) D:\WINDOWS\System32\drivers\afd.sys
2011/05/25 00:07:47.0906 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 00:07:47.0968 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 00:07:48.0093 2080 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 00:07:48.0187 2080 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 00:07:48.0328 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 00:07:48.0656 2080 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/25 00:07:48.0828 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 00:07:48.0937 2080 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) D:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys
2011/05/25 00:07:49.0078 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 00:07:49.0187 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 00:07:49.0265 2080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 00:07:49.0625 2080 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 00:07:49.0765 2080 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 00:07:49.0890 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 00:07:49.0984 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 00:07:50.0093 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 00:07:50.0187 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 00:07:50.0281 2080 E100B (98b46b331404a951cabad8b4877e1276) D:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/25 00:07:50.0437 2080 eeCtrl (5461f01b7def17dc90d90b029f874c3b) D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/25 00:07:50.0562 2080 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/25 00:07:50.0734 2080 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 00:07:50.0812 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/25 00:07:50.0859 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 00:07:50.0921 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/25 00:07:51.0031 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/25 00:07:51.0171 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 00:07:51.0250 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 00:07:51.0375 2080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 00:07:51.0500 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 00:07:51.0625 2080 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 00:07:51.0796 2080 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) D:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/25 00:07:51.0921 2080 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) D:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/25 00:07:52.0046 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 00:07:52.0281 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/25 00:07:52.0406 2080 ialm (0294a30b302ca71a2c26e582dda93486) D:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/25 00:07:52.0671 2080 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20110518.001\IDSxpx86.sys
2011/05/25 00:07:52.0796 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 00:07:52.0984 2080 IntelIde (b5466a9250342a7aa0cd1fba13420678) D:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/25 00:07:53.0062 2080 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 00:07:53.0125 2080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/25 00:07:53.0203 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/25 00:07:53.0281 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 00:07:53.0359 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 00:07:53.0437 2080 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 00:07:53.0531 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 00:07:53.0703 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 00:07:53.0765 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 00:07:53.0843 2080 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/25 00:07:53.0968 2080 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 00:07:54.0078 2080 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 00:07:54.0312 2080 mcdbus (cf156a4797551f88fea61567e052dcec) D:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/05/25 00:07:54.0468 2080 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/25 00:07:54.0593 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 00:07:54.0718 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 00:07:54.0796 2080 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) D:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/25 00:07:54.0843 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 00:07:54.0921 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 00:07:55.0015 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 00:07:55.0140 2080 MRxSmb (fb7dfd15d760ad339837a470f0e780d3) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 00:07:55.0343 2080 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 00:07:55.0437 2080 MSFT43XX (a8be5b44170d7d1fbdb4dac89d2dacda) D:\WINDOWS\system32\DRIVERS\mn720-50.sys
2011/05/25 00:07:55.0562 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 00:07:55.0625 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 00:07:55.0671 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 00:07:55.0734 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 00:07:55.0796 2080 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 00:07:56.0031 2080 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20110524.018\NAVENG.SYS
2011/05/25 00:07:56.0171 2080 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20110524.018\NAVEX15.SYS
2011/05/25 00:07:56.0468 2080 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 00:07:56.0593 2080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 00:07:56.0640 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 00:07:56.0703 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 00:07:56.0796 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 00:07:56.0859 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 00:07:56.0921 2080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 00:07:57.0046 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 00:07:57.0125 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 00:07:57.0265 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/05/25 00:07:57.0328 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 00:07:57.0421 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 00:07:57.0484 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/25 00:07:57.0546 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 00:07:57.0625 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 00:07:57.0734 2080 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 00:07:57.0843 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\drivers\PCIIde.sys
2011/05/25 00:07:57.0906 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/25 00:07:58.0468 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 00:07:58.0562 2080 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 00:07:58.0656 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 00:07:58.0781 2080 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) D:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/25 00:07:59.0218 2080 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/25 00:07:59.0375 2080 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) D:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/25 00:07:59.0421 2080 RapportKELL (12031844f5ad4126eab4c410623f7789) D:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/05/25 00:07:59.0656 2080 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) D:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/25 00:07:59.0843 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 00:07:59.0968 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 00:08:00.0031 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 00:08:00.0078 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 00:08:00.0156 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 00:08:00.0218 2080 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 00:08:00.0343 2080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 00:08:00.0484 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 00:08:00.0656 2080 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) D:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/05/25 00:08:00.0796 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 00:08:00.0984 2080 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) D:\WINDOWS\system32\drivers\senfilt.sys
2011/05/25 00:08:01.0109 2080 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/25 00:08:01.0156 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/25 00:08:01.0265 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 00:08:01.0406 2080 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) D:\WINDOWS\system32\drivers\smwdm.sys
2011/05/25 00:08:01.0546 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 00:08:01.0671 2080 sptd (a199171385be17973fd800fa91f8f78a) D:\WINDOWS\system32\Drivers\sptd.sys
2011/05/25 00:08:01.0671 2080 Suspicious file (NoAccess): D:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/05/25 00:08:01.0718 2080 sptd - detected LockedFile.Multi.Generic (1)
2011/05/25 00:08:01.0796 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 00:08:01.0953 2080 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) D:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS
2011/05/25 00:08:02.0046 2080 SRTSPX (55d5c37ed41231e3ac2063d16df50840) D:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS
2011/05/25 00:08:02.0140 2080 Srv (9b390283569ea58d43d2586032b892f5) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 00:08:02.0281 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 00:08:02.0390 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 00:08:02.0609 2080 SymDS (56890bf9d9204b93042089d4b45ae671) D:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS
2011/05/25 00:08:02.0718 2080 SymEFA (1c91df5188150510a6f0cf78f7d94b69) D:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS
2011/05/25 00:08:02.0843 2080 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) D:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/25 00:08:02.0921 2080 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) D:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS
2011/05/25 00:08:03.0031 2080 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) D:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS
2011/05/25 00:08:03.0265 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 00:08:03.0390 2080 Tcpip (ad978a1b783b5719720cff204b666c8e) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 00:08:03.0515 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 00:08:03.0578 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 00:08:03.0640 2080 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 00:08:03.0765 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 00:08:03.0906 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 00:08:04.0062 2080 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) D:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/25 00:08:04.0156 2080 usbaudio (e919708db44ed8543a7c017953148330) D:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/25 00:08:04.0218 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 00:08:04.0281 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 00:08:04.0343 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 00:08:04.0421 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/25 00:08:04.0500 2080 usbstor (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 00:08:04.0593 2080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/25 00:08:04.0687 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/05/25 00:08:04.0828 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 00:08:04.0906 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 00:08:05.0046 2080 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 00:08:05.0125 2080 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) D:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/05/25 00:08:05.0281 2080 winachsf (f59ed5a43b988a18ef582bb07b2327a7) D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/25 00:08:05.0468 2080 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) D:\WINDOWS\system32\drivers\windrvr6.sys
2011/05/25 00:08:05.0656 2080 WpdUsb (cf4def1bf66f06964dc0d91844239104) D:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/25 00:08:05.0781 2080 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/25 00:08:05.0875 2080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/25 00:08:05.0984 2080 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/05/25 00:08:05.0984 2080 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/25 00:08:06.0000 2080 ================================================================================
2011/05/25 00:08:06.0000 2080 Scan finished
2011/05/25 00:08:06.0000 2080 ================================================================================
2011/05/25 00:08:06.0031 4064 Detected object count: 2
2011/05/25 00:08:06.0031 4064 Actual detected object count: 2
2011/05/25 00:09:37.0859 4064 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/25 00:09:37.0890 4064 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/25 00:09:37.0890 4064 \Device\Harddisk0\DR0 - ok
2011/05/25 00:09:37.0890 4064 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/25 00:10:04.0437 2744 Deinitialize success

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:30 PM

Posted 25 May 2011 - 01:51 PM

Good evening. :)

At the top of this page you should see the following link: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help Did you follow step 6 when you originally posted?

So long, and thanks for all the fish.

 

 


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:30 PM

Posted 30 May 2011 - 01:09 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users