Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirection Virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 UMB_Greg

UMB_Greg

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 20 August 2011 - 12:46 PM

To whomever will be helping me: Thank you for taking the time to go over all this material and help me out. This is really bugging me.
It would seem these redirecting viruses are becoming quite popular, based on all the threads about them. I recently used this forum to get rid of one that was on my girlfriends computer.... Annnnd now I've got it. However I think there is something much more sinister at work on my computer.

Here are my dds logs.... I had to pull a few strings to get the program to open the way it should instead of in word pad.
Sadly all I have are the dds logs. I've tried several times now to get GMer to work, however it will finish its scan, shut down, and wont let me open it again. I have to delete it and "re-unzip" it to even be able to open it. Same for HiJackThis. I've tried running them in safe mode and it does the same thing there - finishes the scan, closes and wont reopen. Hopefully we can resolve this issue as well. **EDIT** I tried Mbam, ccleaner and Trend Micro's Housecall. Same with all three of those scans as well. **Finish EDIT**

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Run by Greg at 12:54:54 on 2011-08-20
.
============== Running Processes ===============
.
C:\WINDOWS\553938300:2207448030.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: #{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Security Protection] c:\documents and settings\all users\application data\defender.exe
mRun: [sr1exe] "c:\documents and settings\all users\application data\dell\alert\252\updtSup3.exe"
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
LSP: mswsock.dll
Trusted Zone: gulfinsurance.com
Trusted Zone: northlandins.com
Trusted Zone: northlandonline.com
Trusted Zone: spt.com
Trusted Zone: stpaul.com
Trusted Zone: stpaultravelers.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Canasta - hxxp://download.games.yahoo.com/games/clients/y/yt1_x.cab
DPF: Yahoo! Euchre - hxxp://download.games.yahoo.com/games/clients/y/et1_x.cab
DPF: Yahoo! Graffiti - hxxp://download.games.yahoo.com/games/clients/y/grt3_x.cab
DPF: Yahoo! Hearts - hxxp://download.games.yahoo.com/games/clients/y/ht1_x.cab
DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt0_x.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab
DPF: Yahoo! Spades - hxxp://download.games.yahoo.com/games/clients/y/st2_x.cab
DPF: Yahoo! Word Racer - hxxp://download.games.yahoo.com/games/clients/y/wt0_x.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.activation.rr.com/install/downloads/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/us/en/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {26AF16A3-32E4-4D60-A764-C5B6F249D091} - hxxp://marketrac.nyse.com/mt/3D/Axgviewer.cab
DPF: {27617699-4576-4819-879F-4411D90D7047} - hxxps://employees.stpaultravelers.com/nsepn/applets/cert.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/23.30/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5644D240-5C0D-41BD-B80B-C3F8C46B28F7} - hxxps://employees.stpaultravelers.com/nsepn/applets/NSEPNX.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - hxxp://ftp.us.dell.com/fixes/PROFILER.CAB
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://129.120.124.7/activex/AxisCamControl.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{660A33C2-A244-4B4E-BC83-097F659D80A0} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\hhp9tr71.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\greg\application data\mozilla\firefox\profiles\hhp9tr71.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\greg\application data\mozilla\firefox\profiles\hhp9tr71.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\greg\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R? ccEvtMgr;Symantec Event Manager
R? ccPwdSvc;Symantec Password Validation Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? echodap;echodap
R? LIKECDN2;LIKECDN2
R? NProtectService;Norton Unerase Protection
R? OEMSTOR;USB Mass Storage
R? SBService;ScriptBlocking Service
R? TARWDM;Video Blaster DigitalVCR
R? vsdatant;vsdatant
R? WinDefend;Windows Defender Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
S? ikhlayer;Kernel Anti-Spyware Driver
S? navapsvc;Norton AntiVirus Auto Protect Service
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NeroCd2k;NeroCd2k
S? padenum;Enumerador de dispositivos de NTPAD
S? SAVRT;SAVRT
S? SAVRTPEL;SAVRTPEL
S? VendorJoystickEnabler;Driver para joystick paralelo de consola
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-07-30 01:39:33 -------- d-----w- c:\program files\Sierra On-Line
2011-07-30 01:39:32 -------- d-----w- C:\SIERRA
2011-07-25 13:49:01 -------- d-----w- c:\program files\CCleaner
2011-07-22 16:42:01 -------- d-----w- c:\documents and settings\greg\local settings\application data\My Games
2011-07-22 14:07:08 -------- d-----w- c:\program files\PowerISO
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:56:34.32 ===============


Once again, thank you for your time and effort.
~Greg

Attached Files


Edited by UMB_Greg, 20 August 2011 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 24 August 2011 - 04:31 PM

Someone? Anyone?

EDIT: Please be patient. There are over 150 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~Budapest

Edited by Budapest, 24 August 2011 - 04:33 PM.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 25 August 2011 - 10:48 AM

Hello UMB_Greg,

  • Please download DummyCreator.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      C:\WINDOWS\553938300
    • Press Create button and post the result.
  • Important: Reboot the computer.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#4 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 25 August 2011 - 11:28 AM

Thank you Just Curious, for taking the time to help me. And my apologies on not being as patient as I should have been.
Here are my logs:

DummyMaker by Farbar
Ran by Greg (administrator) on 25-08-2011 at 12:14:36
**************************************************************

C:\WINDOWS\553938300 [25-08-2011 12:14:36]

== End of log ==

and TDSS:

2011/08/25 12:25:58.0663 2852 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 12:25:59.0100 2852 ================================================================================
2011/08/25 12:25:59.0100 2852 SystemInfo:
2011/08/25 12:25:59.0100 2852
2011/08/25 12:25:59.0100 2852 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 12:25:59.0100 2852 Product type: Workstation
2011/08/25 12:25:59.0100 2852 ComputerName: DELL2-4
2011/08/25 12:25:59.0100 2852 UserName: Greg
2011/08/25 12:25:59.0100 2852 Windows directory: C:\WINDOWS
2011/08/25 12:25:59.0100 2852 System windows directory: C:\WINDOWS
2011/08/25 12:25:59.0100 2852 Processor architecture: Intel x86
2011/08/25 12:25:59.0100 2852 Number of processors: 1
2011/08/25 12:25:59.0100 2852 Page size: 0x1000
2011/08/25 12:25:59.0100 2852 Boot type: Normal boot
2011/08/25 12:25:59.0100 2852 ================================================================================
2011/08/25 12:26:00.0850 2852 Initialize success


Yes, TDSS needed a reboot, and I can't tell if it did anything after the reboot or not. I'm hoping so.
~Greg

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 25 August 2011 - 12:31 PM

Well done. :thumbup2:

When TDSSKiller needed a reboot it did work.

But I need to see the full log of TDSSKiller. Please go to start => My Computer => open C drive and post the content of the TDSSKiller_date_time.txt (the date and time are the date and time the tool is run).

#6 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 27 August 2011 - 04:32 PM

I thought that "Report" seemed a little short. Here's the full one.

2011/08/25 12:19:42.0578 3484 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 12:19:43.0562 3484 ================================================================================
2011/08/25 12:19:43.0562 3484 SystemInfo:
2011/08/25 12:19:43.0562 3484
2011/08/25 12:19:43.0562 3484 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 12:19:43.0562 3484 Product type: Workstation
2011/08/25 12:19:43.0562 3484 ComputerName: DELL2-4
2011/08/25 12:19:43.0562 3484 UserName: Greg
2011/08/25 12:19:43.0562 3484 Windows directory: C:\WINDOWS
2011/08/25 12:19:43.0562 3484 System windows directory: C:\WINDOWS
2011/08/25 12:19:43.0562 3484 Processor architecture: Intel x86
2011/08/25 12:19:43.0562 3484 Number of processors: 1
2011/08/25 12:19:43.0562 3484 Page size: 0x1000
2011/08/25 12:19:43.0562 3484 Boot type: Normal boot
2011/08/25 12:19:43.0562 3484 ================================================================================
2011/08/25 12:19:46.0484 3484 Initialize success
2011/08/25 12:19:49.0421 3700 ================================================================================
2011/08/25 12:19:49.0421 3700 Scan started
2011/08/25 12:19:49.0421 3700 Mode: Manual;
2011/08/25 12:19:49.0421 3700 ================================================================================
2011/08/25 12:19:51.0796 3700 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/08/25 12:19:51.0937 3700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/25 12:19:52.0031 3700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/25 12:19:52.0140 3700 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/08/25 12:19:52.0281 3700 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/08/25 12:19:52.0390 3700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/25 12:19:52.0500 3700 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/25 12:19:52.0593 3700 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/25 12:19:52.0718 3700 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/25 12:19:52.0812 3700 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/08/25 12:19:52.0937 3700 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/08/25 12:19:53.0046 3700 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/08/25 12:19:53.0140 3700 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/08/25 12:19:53.0281 3700 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/08/25 12:19:53.0390 3700 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/08/25 12:19:53.0500 3700 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/08/25 12:19:53.0609 3700 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/08/25 12:19:53.0718 3700 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/08/25 12:19:53.0828 3700 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/08/25 12:19:53.0921 3700 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/08/25 12:19:54.0046 3700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/25 12:19:54.0187 3700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/25 12:19:54.0375 3700 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/25 12:19:54.0515 3700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/25 12:19:54.0609 3700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/25 12:19:54.0750 3700 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/08/25 12:19:54.0828 3700 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/08/25 12:19:54.0953 3700 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2011/08/25 12:19:55.0046 3700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/25 12:19:55.0140 3700 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/25 12:19:55.0171 3700 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/25 12:19:55.0312 3700 btaudio (ca141a70ad8604c6d97ab9b3084ab954) C:\WINDOWS\system32\drivers\btaudio.sys
2011/08/25 12:19:55.0453 3700 BTDriver (d307cb113bad063d4d56058f69b02d7a) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/08/25 12:19:55.0625 3700 BTKRNL (0627ed35e6c287a924c3b685815db8d8) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/08/25 12:19:55.0781 3700 BTSERIAL (e490c0b632e9e2cc551ca82a42a68d60) C:\WINDOWS\system32\drivers\btserial.sys
2011/08/25 12:19:55.0859 3700 BTSLBCSP (5abc4b88ea25d81b34bd00b7abe9553d) C:\WINDOWS\system32\drivers\btslbcsp.sys
2011/08/25 12:19:55.0937 3700 BTWDNDIS (5f69dd42413a09e0b501bbf4237454a6) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/08/25 12:19:56.0125 3700 btwmodem (21b393aa3ade51451178cd79b7995b70) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/08/25 12:19:57.0062 3700 BTWUSB (540e6832d01e0b35a0e341fc0c3f5a4c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/25 12:19:58.0468 3700 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/08/25 12:19:58.0531 3700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/25 12:19:58.0640 3700 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/25 12:19:58.0796 3700 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/08/25 12:19:58.0906 3700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/25 12:19:59.0046 3700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/25 12:19:59.0218 3700 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/25 12:19:59.0312 3700 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/25 12:19:59.0437 3700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/25 12:19:59.0531 3700 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/08/25 12:19:59.0750 3700 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/08/25 12:19:59.0890 3700 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/08/25 12:20:00.0015 3700 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/08/25 12:20:00.0171 3700 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/08/25 12:20:00.0328 3700 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/08/25 12:20:00.0531 3700 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/08/25 12:20:00.0750 3700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/25 12:20:01.0171 3700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/25 12:20:01.0828 3700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/25 12:20:01.0953 3700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/25 12:20:02.0062 3700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/25 12:20:02.0234 3700 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/08/25 12:20:02.0468 3700 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/08/25 12:20:02.0687 3700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/25 12:20:02.0812 3700 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/08/25 12:20:03.0031 3700 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/25 12:20:03.0390 3700 echodap (c8460ecb400c58db8f0a35f5a240eebb) C:\WINDOWS\system32\drivers\echodap.sys
2011/08/25 12:20:04.0562 3700 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/08/25 12:20:04.0656 3700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/25 12:20:04.0750 3700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/25 12:20:04.0812 3700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/25 12:20:04.0859 3700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/25 12:20:04.0921 3700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/25 12:20:05.0015 3700 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/08/25 12:20:05.0093 3700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/25 12:20:05.0140 3700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/25 12:20:05.0234 3700 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/25 12:20:05.0328 3700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/25 12:20:05.0406 3700 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/08/25 12:20:06.0734 3700 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/25 12:20:08.0187 3700 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/08/25 12:20:09.0515 3700 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/25 12:20:11.0125 3700 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/08/25 12:20:11.0406 3700 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/08/25 12:20:11.0625 3700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/25 12:20:11.0765 3700 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/25 12:20:11.0875 3700 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/08/25 12:20:12.0031 3700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/25 12:20:12.0203 3700 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/08/25 12:20:12.0343 3700 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/08/25 12:20:12.0500 3700 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/08/25 12:20:12.0609 3700 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/08/25 12:20:12.0750 3700 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/08/25 12:20:12.0828 3700 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/08/25 12:20:12.0906 3700 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/08/25 12:20:13.0109 3700 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/08/25 12:20:13.0234 3700 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/08/25 12:20:13.0750 3700 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/08/25 12:20:13.0890 3700 ifp700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\Drivers\ifp700.sys
2011/08/25 12:20:14.0109 3700 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
2011/08/25 12:20:14.0250 3700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/25 12:20:14.0390 3700 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/08/25 12:20:14.0484 3700 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/08/25 12:20:14.0578 3700 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/25 12:20:14.0671 3700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/25 12:20:14.0781 3700 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/08/25 12:20:14.0953 3700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/25 12:20:15.0093 3700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/25 12:20:15.0265 3700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/25 12:20:15.0375 3700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/25 12:20:15.0515 3700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/25 12:20:15.0718 3700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/25 12:20:15.0875 3700 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/08/25 12:20:16.0000 3700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/25 12:20:16.0078 3700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/25 12:20:16.0171 3700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/25 12:20:16.0453 3700 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/25 12:20:16.0546 3700 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/08/25 12:20:16.0656 3700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/25 12:20:16.0828 3700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/25 12:20:16.0890 3700 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/25 12:20:16.0968 3700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/25 12:20:17.0078 3700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/25 12:20:17.0156 3700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/25 12:20:17.0265 3700 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/08/25 12:20:17.0343 3700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/25 12:20:17.0484 3700 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/25 12:20:17.0625 3700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/25 12:20:17.0718 3700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/25 12:20:17.0828 3700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/25 12:20:17.0953 3700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/25 12:20:18.0031 3700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/25 12:20:18.0125 3700 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/25 12:20:18.0203 3700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/25 12:20:18.0296 3700 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/25 12:20:18.0546 3700 NAVENG (68f5550e4395b0d9b6d205ca7561c5b1) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVENG.Sys
2011/08/25 12:20:18.0609 3700 NAVEX15 (3efba831884806a0d6675bbd61c479f0) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NavEx15.Sys
2011/08/25 12:20:18.0703 3700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/25 12:20:18.0812 3700 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/25 12:20:18.0890 3700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/25 12:20:18.0968 3700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/25 12:20:19.0046 3700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/25 12:20:19.0140 3700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/25 12:20:19.0312 3700 NeroCd2k (58b29812b8d23501d15d85dd72eacb34) C:\WINDOWS\system32\drivers\NeroCd2k.sys
2011/08/25 12:20:19.0406 3700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/25 12:20:19.0500 3700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/25 12:20:19.0671 3700 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\System32\drivers\NMSCFG.SYS
2011/08/25 12:20:19.0812 3700 NPDriver (c0e6afd4c945331475141f0fbb7f950e) C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
2011/08/25 12:20:19.0906 3700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/25 12:20:20.0015 3700 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/08/25 12:20:20.0156 3700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/25 12:20:20.0312 3700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/25 12:20:21.0046 3700 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/25 12:20:22.0093 3700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/25 12:20:22.0203 3700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/25 12:20:22.0312 3700 OEMSTOR (cfb87a03dd0cae2bf3f9a4b4b795be47) C:\WINDOWS\system32\DRIVERS\USBMSDk.SYS
2011/08/25 12:20:22.0437 3700 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/08/25 12:20:22.0531 3700 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/25 12:20:22.0640 3700 padenum (55d74b30d587ba2e2c6f7155ed5a2e28) C:\WINDOWS\system32\DRIVERS\padenum.sys
2011/08/25 12:20:22.0734 3700 PalmUSBD (f49e3b9fb2dd84fca2f6310a147c43fe) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/08/25 12:20:22.0859 3700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/25 12:20:22.0921 3700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/25 12:20:23.0015 3700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/25 12:20:23.0078 3700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/25 12:20:23.0203 3700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/25 12:20:23.0312 3700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/25 12:20:23.0609 3700 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/08/25 12:20:23.0718 3700 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/08/25 12:20:23.0843 3700 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/25 12:20:23.0937 3700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/25 12:20:24.0000 3700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/25 12:20:24.0078 3700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/25 12:20:24.0156 3700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/25 12:20:24.0265 3700 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/08/25 12:20:24.0390 3700 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/25 12:20:24.0546 3700 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/08/25 12:20:24.0656 3700 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/08/25 12:20:24.0765 3700 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/08/25 12:20:24.0875 3700 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/08/25 12:20:24.0984 3700 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/08/25 12:20:25.0078 3700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/25 12:20:25.0187 3700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/25 12:20:25.0250 3700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/25 12:20:25.0328 3700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/25 12:20:25.0406 3700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/25 12:20:25.0484 3700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/25 12:20:25.0578 3700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/25 12:20:25.0687 3700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/25 12:20:25.0781 3700 redbook (db417c4c7626823dcaa64d023c3a5d93) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/25 12:20:25.0796 3700 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: db417c4c7626823dcaa64d023c3a5d93, Fake md5: 3eb7091d5cd78e6fabc29c9ebc6b26b6
2011/08/25 12:20:25.0812 3700 redbook - detected Rootkit.Win32.ZAccess.f (0)
2011/08/25 12:20:25.0906 3700 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/08/25 12:20:26.0062 3700 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/08/25 12:20:26.0203 3700 SAVRT (916f1232167a090311950e6b87f1eab4) C:\WINDOWS\system32\Drivers\SAVRT.SYS
2011/08/25 12:20:26.0281 3700 SAVRTPEL (35f4d6f53fc698c1e00ac52cc8cd6f93) C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS
2011/08/25 12:20:26.0406 3700 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/25 12:20:26.0546 3700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/25 12:20:26.0640 3700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/25 12:20:26.0718 3700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/25 12:20:26.0875 3700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/25 12:20:26.0984 3700 SilverLink (2780f848d54fda49b865995af566dd64) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
2011/08/25 12:20:27.0140 3700 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/08/25 12:20:27.0218 3700 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/25 12:20:27.0359 3700 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/25 12:20:27.0453 3700 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/08/25 12:20:27.0562 3700 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/25 12:20:27.0671 3700 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/08/25 12:20:27.0765 3700 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2011/08/25 12:20:27.0859 3700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/25 12:20:27.0968 3700 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/25 12:20:27.0968 3700 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/08/25 12:20:27.0984 3700 sptd - detected LockedFile.Multi.Generic (1)
2011/08/25 12:20:28.0062 3700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/25 12:20:28.0171 3700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/25 12:20:28.0328 3700 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/25 12:20:28.0406 3700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/25 12:20:28.0484 3700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/25 12:20:28.0593 3700 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/08/25 12:20:28.0703 3700 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/08/25 12:20:28.0812 3700 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
2011/08/25 12:20:28.0921 3700 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/08/25 12:20:29.0015 3700 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/08/25 12:20:29.0125 3700 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/08/25 12:20:29.0234 3700 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/08/25 12:20:29.0359 3700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/25 12:20:29.0468 3700 TARWDM (f577d27ce344b344e506a99a3977e10c) C:\WINDOWS\system32\DRIVERS\ct5882.sys
2011/08/25 12:20:29.0593 3700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/25 12:20:29.0718 3700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/25 12:20:29.0843 3700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/25 12:20:29.0953 3700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/25 12:20:30.0093 3700 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/08/25 12:20:30.0187 3700 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/08/25 12:20:30.0328 3700 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/08/25 12:20:30.0406 3700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/25 12:20:30.0500 3700 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/08/25 12:20:30.0640 3700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/25 12:20:30.0828 3700 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/25 12:20:30.0937 3700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/25 12:20:31.0046 3700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/25 12:20:31.0234 3700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/25 12:20:31.0515 3700 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/25 12:20:31.0625 3700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/25 12:20:31.0703 3700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/25 12:20:31.0859 3700 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/08/25 12:20:31.0968 3700 VendorJoystickEnabler (ebc680713f8e847e721a7d1aea720a74) C:\WINDOWS\system32\drivers\ntpad.sys
2011/08/25 12:20:32.0046 3700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/25 12:20:32.0156 3700 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/08/25 12:20:32.0265 3700 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/25 12:20:32.0375 3700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/25 12:20:32.0500 3700 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/08/25 12:20:32.0656 3700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/25 12:20:32.0796 3700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/25 12:20:32.0937 3700 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/25 12:20:33.0156 3700 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/08/25 12:20:33.0281 3700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/25 12:20:33.0375 3700 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/25 12:20:33.0515 3700 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/25 12:20:33.0671 3700 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/08/25 12:20:33.0796 3700 Boot (0x1200) (db9840a98626f284da5fa79a0e5f08ff) \Device\Harddisk0\DR0\Partition0
2011/08/25 12:20:33.0812 3700 Boot (0x1200) (98439a42b02a1f69b0d42ed52683bf6d) \Device\Harddisk1\DR1\Partition0
2011/08/25 12:20:33.0828 3700 ================================================================================
2011/08/25 12:20:33.0843 3700 Scan finished
2011/08/25 12:20:33.0859 3700 ================================================================================
2011/08/25 12:20:33.0875 3692 Detected object count: 2
2011/08/25 12:20:33.0875 3692 Actual detected object count: 2
2011/08/25 12:20:57.0359 3692 redbook (db417c4c7626823dcaa64d023c3a5d93) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/25 12:20:57.0359 3692 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: db417c4c7626823dcaa64d023c3a5d93, Fake md5: 3eb7091d5cd78e6fabc29c9ebc6b26b6
2011/08/25 12:21:02.0062 3692 Backup copy found, using it..
2011/08/25 12:21:02.0156 3692 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2011/08/25 12:21:02.0156 3692 Rootkit.Win32.ZAccess.f(redbook) - User select action: Cure
2011/08/25 12:21:02.0156 3692 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/25 12:21:27.0578 3464 Deinitialize success

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 28 August 2011 - 06:24 AM

  • Please run TDSSKiller once more and post the log even if it is clean.
  • We need to scan the system with this special tool.
    • Please download Junction.zip and save it.
      Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
    • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

      cmd /c junction -s >log.txt&log.txt

      A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 01 September 2011 - 10:08 AM

Are you still there?

#9 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 01 September 2011 - 05:53 PM

Yes Farbar,
Unfortunately, I was in the path of hurricane Irene and have been out of power since 6:30am Sunday. We just got power back earlier today, I'll get the new post up shortly.

#10 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 01 September 2011 - 07:41 PM

Here is my TDSS:

2011/09/01 19:47:58.0437 2688 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/01 19:47:58.0843 2688 ================================================================================
2011/09/01 19:47:58.0843 2688 SystemInfo:
2011/09/01 19:47:58.0843 2688
2011/09/01 19:47:58.0843 2688 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/01 19:47:58.0843 2688 Product type: Workstation
2011/09/01 19:47:58.0843 2688 ComputerName: DELL2-4
2011/09/01 19:47:58.0843 2688 UserName: Greg
2011/09/01 19:47:58.0843 2688 Windows directory: C:\WINDOWS
2011/09/01 19:47:58.0843 2688 System windows directory: C:\WINDOWS
2011/09/01 19:47:58.0843 2688 Processor architecture: Intel x86
2011/09/01 19:47:58.0843 2688 Number of processors: 1
2011/09/01 19:47:58.0843 2688 Page size: 0x1000
2011/09/01 19:47:58.0843 2688 Boot type: Normal boot
2011/09/01 19:47:58.0843 2688 ================================================================================
2011/09/01 19:48:01.0328 2688 Initialize success
2011/09/01 19:48:03.0125 2164 ================================================================================
2011/09/01 19:48:03.0125 2164 Scan started
2011/09/01 19:48:03.0125 2164 Mode: Manual;
2011/09/01 19:48:03.0125 2164 ================================================================================
2011/09/01 19:48:05.0328 2164 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/09/01 19:48:05.0578 2164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/01 19:48:05.0828 2164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/01 19:48:06.0062 2164 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/09/01 19:48:06.0640 2164 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/09/01 19:48:06.0765 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/01 19:48:06.0875 2164 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/01 19:48:06.0968 2164 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/01 19:48:07.0078 2164 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/01 19:48:07.0156 2164 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/09/01 19:48:07.0296 2164 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/09/01 19:48:07.0406 2164 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/09/01 19:48:07.0531 2164 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/09/01 19:48:07.0656 2164 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/09/01 19:48:07.0765 2164 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/09/01 19:48:07.0875 2164 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/09/01 19:48:07.0984 2164 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/09/01 19:48:08.0109 2164 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/09/01 19:48:08.0203 2164 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/09/01 19:48:08.0312 2164 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/09/01 19:48:08.0453 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/01 19:48:08.0609 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/01 19:48:08.0875 2164 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/01 19:48:09.0125 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/01 19:48:09.0281 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/01 19:48:09.0421 2164 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/09/01 19:48:09.0531 2164 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/09/01 19:48:09.0750 2164 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2011/09/01 19:48:10.0000 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/01 19:48:10.0218 2164 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/01 19:48:10.0296 2164 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/01 19:48:10.0515 2164 btaudio (ca141a70ad8604c6d97ab9b3084ab954) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/01 19:48:10.0859 2164 BTDriver (d307cb113bad063d4d56058f69b02d7a) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/01 19:48:11.0437 2164 BTKRNL (0627ed35e6c287a924c3b685815db8d8) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/01 19:48:12.0562 2164 BTSERIAL (e490c0b632e9e2cc551ca82a42a68d60) C:\WINDOWS\system32\drivers\btserial.sys
2011/09/01 19:48:12.0843 2164 BTSLBCSP (5abc4b88ea25d81b34bd00b7abe9553d) C:\WINDOWS\system32\drivers\btslbcsp.sys
2011/09/01 19:48:13.0234 2164 BTWDNDIS (5f69dd42413a09e0b501bbf4237454a6) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/01 19:48:13.0562 2164 btwmodem (21b393aa3ade51451178cd79b7995b70) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/09/01 19:48:13.0796 2164 BTWUSB (540e6832d01e0b35a0e341fc0c3f5a4c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/01 19:48:17.0750 2164 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/09/01 19:48:18.0078 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/01 19:48:18.0250 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/01 19:48:18.0484 2164 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/09/01 19:48:18.0625 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/01 19:48:18.0828 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/01 19:48:19.0015 2164 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/09/01 19:48:19.0171 2164 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/09/01 19:48:19.0343 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/01 19:48:19.0546 2164 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/09/01 19:48:19.0859 2164 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/09/01 19:48:20.0156 2164 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/09/01 19:48:20.0625 2164 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/09/01 19:48:21.0578 2164 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/09/01 19:48:21.0921 2164 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/09/01 19:48:22.0234 2164 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/09/01 19:48:22.0500 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/01 19:48:22.0781 2164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/01 19:48:23.0078 2164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/01 19:48:23.0312 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/01 19:48:23.0546 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/01 19:48:23.0734 2164 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/09/01 19:48:24.0093 2164 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/09/01 19:48:24.0562 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/01 19:48:25.0031 2164 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/09/01 19:48:25.0593 2164 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/01 19:48:26.0093 2164 echodap (c8460ecb400c58db8f0a35f5a240eebb) C:\WINDOWS\system32\drivers\echodap.sys
2011/09/01 19:48:26.0609 2164 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/09/01 19:48:26.0890 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/01 19:48:27.0109 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/01 19:48:27.0265 2164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/01 19:48:27.0453 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/01 19:48:27.0671 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/01 19:48:27.0875 2164 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/09/01 19:48:28.0468 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/01 19:48:28.0890 2164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/01 19:48:29.0296 2164 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/01 19:48:29.0468 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/01 19:48:29.0703 2164 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/09/01 19:48:30.0359 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/01 19:48:30.0578 2164 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/09/01 19:48:30.0781 2164 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/01 19:48:31.0281 2164 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/01 19:48:32.0828 2164 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/09/01 19:48:34.0328 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/01 19:48:34.0468 2164 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/01 19:48:34.0640 2164 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/09/01 19:48:34.0828 2164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/01 19:48:35.0000 2164 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/09/01 19:48:35.0187 2164 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/09/01 19:48:35.0390 2164 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/09/01 19:48:35.0546 2164 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/09/01 19:48:35.0828 2164 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/09/01 19:48:36.0203 2164 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/09/01 19:48:36.0703 2164 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/09/01 19:48:37.0031 2164 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/09/01 19:48:37.0296 2164 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/09/01 19:48:37.0453 2164 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/09/01 19:48:37.0656 2164 ifp700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\Drivers\ifp700.sys
2011/09/01 19:48:37.0812 2164 ikhlayer (b03903b8273848b340faf061635d7daf) C:\WINDOWS\system32\drivers\ikhlayer.sys
2011/09/01 19:48:38.0000 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/01 19:48:38.0234 2164 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/09/01 19:48:38.0421 2164 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/09/01 19:48:38.0656 2164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/01 19:48:38.0796 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/01 19:48:38.0968 2164 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/09/01 19:48:39.0468 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/01 19:48:39.0984 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/01 19:48:40.0656 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/01 19:48:40.0890 2164 IPSec (971cc3f310293a2964f96d6c8c0f24b2) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/01 19:48:41.0031 2164 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 971cc3f310293a2964f96d6c8c0f24b2, Fake md5: 151111a66986a02f0cc00312c1b142d9
2011/09/01 19:48:41.0046 2164 IPSec - detected Rootkit.Win32.ZAccess.c (0)
2011/09/01 19:48:41.0218 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/01 19:48:41.0328 2164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/01 19:48:41.0578 2164 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/09/01 19:48:41.0859 2164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/01 19:48:42.0062 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/01 19:48:42.0281 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/01 19:48:42.0828 2164 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/01 19:48:43.0062 2164 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/09/01 19:48:43.0515 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/01 19:48:43.0890 2164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/01 19:48:44.0078 2164 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/01 19:48:44.0218 2164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/01 19:48:44.0421 2164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/01 19:48:44.0578 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/01 19:48:44.0703 2164 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/09/01 19:48:44.0859 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/01 19:48:45.0125 2164 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/01 19:48:45.0359 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/01 19:48:45.0562 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/01 19:48:46.0343 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/01 19:48:47.0859 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/01 19:48:48.0921 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/01 19:48:49.0406 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/01 19:48:50.0156 2164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/01 19:48:50.0843 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/01 19:48:52.0281 2164 NAVENG (68f5550e4395b0d9b6d205ca7561c5b1) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVENG.Sys
2011/09/01 19:48:53.0406 2164 NAVEX15 (3efba831884806a0d6675bbd61c479f0) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NavEx15.Sys
2011/09/01 19:48:54.0906 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/01 19:48:55.0953 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/01 19:48:57.0343 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/01 19:48:59.0203 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/01 19:49:00.0968 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/01 19:49:02.0187 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/01 19:49:03.0140 2164 NeroCd2k (58b29812b8d23501d15d85dd72eacb34) C:\WINDOWS\system32\drivers\NeroCd2k.sys
2011/09/01 19:49:04.0031 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/01 19:49:05.0343 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/01 19:49:07.0515 2164 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\System32\drivers\NMSCFG.SYS
2011/09/01 19:49:08.0656 2164 NPDriver (c0e6afd4c945331475141f0fbb7f950e) C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
2011/09/01 19:49:11.0046 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/01 19:49:12.0109 2164 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/09/01 19:49:13.0046 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/01 19:49:13.0875 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/01 19:49:18.0359 2164 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/01 19:49:26.0000 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/01 19:49:26.0531 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/01 19:49:27.0109 2164 OEMSTOR (cfb87a03dd0cae2bf3f9a4b4b795be47) C:\WINDOWS\system32\DRIVERS\USBMSDk.SYS
2011/09/01 19:49:27.0546 2164 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/01 19:49:28.0328 2164 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/01 19:49:28.0968 2164 padenum (55d74b30d587ba2e2c6f7155ed5a2e28) C:\WINDOWS\system32\DRIVERS\padenum.sys
2011/09/01 19:49:29.0484 2164 PalmUSBD (f49e3b9fb2dd84fca2f6310a147c43fe) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/09/01 19:49:29.0968 2164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/01 19:49:30.0281 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/01 19:49:30.0578 2164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/01 19:49:30.0906 2164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/01 19:49:31.0437 2164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/01 19:49:31.0718 2164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/01 19:49:33.0375 2164 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/09/01 19:49:33.0531 2164 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/09/01 19:49:33.0687 2164 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/09/01 19:49:33.0796 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/01 19:49:34.0343 2164 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/01 19:49:34.0437 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/01 19:49:34.0546 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/01 19:49:34.0671 2164 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/09/01 19:49:34.0765 2164 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/01 19:49:34.0875 2164 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/09/01 19:49:34.0984 2164 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/09/01 19:49:35.0109 2164 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/09/01 19:49:35.0453 2164 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/09/01 19:49:35.0671 2164 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/09/01 19:49:35.0906 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/01 19:49:36.0031 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/01 19:49:36.0218 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/01 19:49:36.0359 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/01 19:49:37.0078 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/01 19:49:37.0578 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/01 19:49:38.0265 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/01 19:49:39.0187 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/01 19:49:39.0562 2164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/01 19:49:39.0890 2164 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/09/01 19:49:40.0078 2164 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/09/01 19:49:40.0234 2164 SAVRT (916f1232167a090311950e6b87f1eab4) C:\WINDOWS\system32\Drivers\SAVRT.SYS
2011/09/01 19:49:40.0296 2164 SAVRTPEL (35f4d6f53fc698c1e00ac52cc8cd6f93) C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS
2011/09/01 19:49:40.0453 2164 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/09/01 19:49:40.0625 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/01 19:49:40.0750 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/01 19:49:40.0859 2164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/01 19:49:41.0000 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/01 19:49:41.0109 2164 SilverLink (2780f848d54fda49b865995af566dd64) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
2011/09/01 19:49:41.0265 2164 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/09/01 19:49:41.0359 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/01 19:49:41.0578 2164 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/01 19:49:42.0031 2164 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/09/01 19:49:42.0203 2164 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/01 19:49:42.0328 2164 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/09/01 19:49:42.0421 2164 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2011/09/01 19:49:42.0562 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/01 19:49:42.0703 2164 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/01 19:49:42.0703 2164 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/09/01 19:49:42.0734 2164 sptd - detected LockedFile.Multi.Generic (1)
2011/09/01 19:49:42.0828 2164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/01 19:49:42.0937 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/01 19:49:43.0078 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/01 19:49:43.0171 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/01 19:49:43.0234 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/01 19:49:43.0359 2164 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/09/01 19:49:43.0468 2164 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/09/01 19:49:43.0625 2164 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
2011/09/01 19:49:43.0750 2164 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/01 19:49:43.0843 2164 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/01 19:49:43.0968 2164 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/09/01 19:49:44.0078 2164 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/09/01 19:49:44.0218 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/01 19:49:44.0328 2164 TARWDM (f577d27ce344b344e506a99a3977e10c) C:\WINDOWS\system32\DRIVERS\ct5882.sys
2011/09/01 19:49:44.0484 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/01 19:49:44.0671 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/01 19:49:44.0828 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/01 19:49:45.0031 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/01 19:49:45.0234 2164 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/09/01 19:49:45.0328 2164 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/09/01 19:49:45.0468 2164 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/09/01 19:49:45.0562 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/01 19:49:45.0656 2164 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/09/01 19:49:45.0781 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/01 19:49:45.0953 2164 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/01 19:49:46.0062 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/01 19:49:46.0125 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/01 19:49:46.0203 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/01 19:49:46.0296 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/01 19:49:46.0421 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/01 19:49:46.0515 2164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/01 19:49:46.0625 2164 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/09/01 19:49:46.0765 2164 VendorJoystickEnabler (ebc680713f8e847e721a7d1aea720a74) C:\WINDOWS\system32\drivers\ntpad.sys
2011/09/01 19:49:46.0843 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/01 19:49:46.0953 2164 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/09/01 19:49:47.0062 2164 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/09/01 19:49:47.0187 2164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/01 19:49:47.0296 2164 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/09/01 19:49:47.0468 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/01 19:49:47.0625 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/01 19:49:47.0781 2164 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/01 19:49:48.0015 2164 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/01 19:49:48.0140 2164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/01 19:49:48.0250 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/01 19:49:48.0343 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/01 19:49:48.0515 2164 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/09/01 19:49:48.0656 2164 Boot (0x1200) (db9840a98626f284da5fa79a0e5f08ff) \Device\Harddisk0\DR0\Partition0
2011/09/01 19:49:48.0671 2164 Boot (0x1200) (98439a42b02a1f69b0d42ed52683bf6d) \Device\Harddisk1\DR1\Partition0
2011/09/01 19:49:48.0687 2164 ================================================================================
2011/09/01 19:49:48.0687 2164 Scan finished
2011/09/01 19:49:48.0687 2164 ================================================================================
2011/09/01 19:49:48.0703 1188 Detected object count: 2
2011/09/01 19:49:48.0703 1188 Actual detected object count: 2
2011/09/01 19:52:05.0531 1188 IPSec (971cc3f310293a2964f96d6c8c0f24b2) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/01 19:52:05.0531 1188 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 971cc3f310293a2964f96d6c8c0f24b2, Fake md5: 151111a66986a02f0cc00312c1b142d9
2011/09/01 19:52:05.0546 1188 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
2011/09/01 19:52:10.0156 1188 Backup copy found, using it..
2011/09/01 19:52:10.0187 1188 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot
2011/09/01 19:52:10.0187 1188 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure
2011/09/01 19:52:10.0187 1188 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/01 19:52:17.0421 1776 Deinitialize success


Again, same as last time, the same two items showed up - required a reboot after saying it couldn't fix the Rootkit.Win32.ZAccess.c - Nothing happened after the reboot. I ran the scan again, and same thing is appearing.

Here's the log from the Junction.exe


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

...

..
Failed to open \\?\C:\Documents and Settings\Greg\Desktop\gmer.exe: Access is denied.


.

...


Failed to open \\?\C:\Documents and Settings\Greg\Local Settings\temp\7zS3.tmp\Setup.exe: Access is denied.



Failed to open \\?\C:\Documents and Settings\Greg\Local Settings\temp\7zS4.tmp\Setup.exe: Access is denied.



Failed to open \\?\C:\Documents and Settings\Greg\Local Settings\temp\7zS5.tmp\Setup.exe: Access is denied.


..No reparse points found.


And I reinstalled MBAM, updated it - and tried to run a "quick scan". Same thing happened as I explained in the first post... It got most of the way through the scan (I think most the way through it), MBAM closed, and now I can't open it without replacing the .exe..... =(

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 02 September 2011 - 01:18 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with the tool. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • You will get a warning about the not trusted download sites for ComboFix, click Yes.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#12 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 02 September 2011 - 08:31 AM

Combo Fix log is too long to post, I attached it.

If it makes any difference, it did have to reboot the computer 2x before producing a log file. However, I am glad that it actually ran all the way through without cutting off like the other scans. Hopefully we've made some headway here! :thumbsup:

Attached Files



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 02 September 2011 - 08:55 AM

Great. :thumbup2:

Now we are going to unlock any locked file and restore the corrupted/infected security softwares to give the system the proper protection before we proceed.

Let's start with Norton. Is Norton fractioning properly? I see it is an old version, are you planning to keep it?

#14 UMB_Greg

UMB_Greg
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 02 September 2011 - 09:15 AM

This is a 10 year old, hand-me-down computer from my dad. Sadly, I don't think Norton has worked since I got it a couple years back (or at least I haven't used Norton for anything). I was under the impression that I had gotten rid of most of the Norton files, but apparently I haven't.

After everything is back to a pristine state, I will be getting the newest version of Norton (supplied via Comcast), and will use it on a regular basis.
Other than that, I was fully unaware that Norton even started up anymore.

Sooooo, ultimately, I believe the correct answer is "No", I won't by using the Norton that is currently installed.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:01 AM

Posted 02 September 2011 - 11:11 AM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

We will have a long session this time.:)

Removal Instructions
  • For x86 bit systems please download GrantPerms.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    C:\Documents and Settings\Greg\Desktop\gmer.exe
    C:\Documents and Settings\Greg\Local Settings\temp\7zS3.tmp\Setup.exe
    C:\Documents and Settings\Greg\Local Settings\temp\7zS4.tmp\Setup.exe
    C:\Documents and Settings\Greg\Local Settings\temp\7zS5.tmp\Setup.exe


    Click Unlock. When it is done click "OK".
  • We need to clean install MBAM:
    • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    • Restart your computer (very important).
    • Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe
    • It will ask to restart your computer (please allow it to).[/URL]
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

    Please first go to Add/Remove Programs in the Control Panel and uninstall the following Symantec software (unless used):

    Norton AntiVirus 2003
    Norton CleanSweep
    Norton Speed Disk 6.0 for Windows NT
    Norton SystemWorks 2002
    Norton Utilities 2002 for Windows
    Norton WMI Update
    Symantec Network Drivers Update
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)


    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.
  • You need to install an antivirus program to have a proper protection. Unless you get another antivirus I recommend this good free antivirus:

    Avira
    • Download the installer from softpedia.com link as it has a secure download mirror.
    • Install it, but if it in the process of installing it asked the permission to install Ask Toolbar select no.
      Update it then let it scan the computer and remove what it finds.
    • Copy and paste the content of the report to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users