Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

network hacked


  • This topic is locked This topic is locked
34 replies to this topic

#1 cazabra

cazabra

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 16 March 2012 - 11:30 AM

Broni assisted with another pc ...
http://www.bleepingcomputer.com/forums/topic445812.html

this next one was on the same network before i realized the router had been hacked.
he advised this

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

..etc



NOTE: I had been running ESET at the time of the attack on the network and the hit on the other computer.
It (eset) nor malwarebytes pro nor norton free check have found anything, but I have received a lot of new firewall notices from ESET

3/14/2012 1:17:09 AM Detected ARP cache poisoning attack 169.254.160.220 10.183.9.29 ARP
3/14/2012 1:17:08 AM Detected ARP cache poisoning attack 169.254.160.220 10.183.9.29 ARP
3/14/2012 1:17:07 AM Detected ARP cache poisoning attack 169.254.160.220 10.183.9.29 ARP
3/13/2012 11:36:47 PM Detected ARP cache poisoning attack 169.254.160.220 75.248.126.35 ARP
3/13/2012 11:36:46 PM Detected ARP cache poisoning attack 169.254.160.220 75.248.126.35 ARP

I have notified my ISP, and I realize that should mean they were blocked, however, the previous pc was rooted with a keylogger and the router completely reprogrammed, so I am not confident something hasn't gotten in and hidden itself as legit.
i have been experiencing session issues* with firefox which actually prompted me to dig into this further even though the standard scans I run are clean.
*SESSION ISSUES = known websites don't fully log in .. they just hang at a white screen. and, a site i got logged in to, which i have 2nd account for, retained some session info for the first site even after i logged out, preventing me from fully accessing the 2nd site management area (product management site I have 2 logins for) .. I have never had anything like that happen before.

the version of ESET on this machine was 4 pro, and though up to date, in my paranoid state, I enabled norton 360 (and temp disabled eset) Prior to running the steps advised ... and am still running norton 360 and MBAM pro.
should be noted that mbam periodically indicates it has blocked incoming ip's from Skype.

I have attached dds / attach / gmer .. per instructed.
GMER didn't indicate it had finished.. it just stopped scanning after going through recyle bin .. boot .. and something else at the end of 6 hours running.

I forgot to mention earlier that norton keeps popping up host process for windows has high disk usage.. and that this machine will seem to run normal for a while then be really slow between window changes .
though i use firefox for most everything, i try internet explorer 9 sometimes and takes over a full minute to load and i have simple google as my home page on it
i installed chrome before running these tests and did not import anything from ie or ff, to see if it would work better .. it opens much faster than IE, but still has lag between window changes and typing in the address bar hesitates sometimes.


========================
DDS
========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by toshibauser at 3:52:10 on 2012-03-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1528 [GMT -7:00]
.
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\toshibauser\Downloads\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.1.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.1.1.8\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.1.1.8\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\toshibauser\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7A8A02D-1D27-4C8B-BC0C-236A14DD8F02} : DhcpNameServer = 192.168.1.1
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
Hosts: 50.63.81.1 youandiarenotperfect.com
Hosts: 50.63.81.1 www.youandiarenotperfect.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toshibauser\appdata\roaming\mozilla\firefox\profiles\eih9zfo0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\users\toshibauser\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\toshibauser\appdata\roaming\mozilla\firefox\profiles\eih9zfo0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0601010.008\symds.sys [2012-3-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0601010.008\symefa.sys [2012-3-15 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120302.001\BHDrvx86.sys [2012-3-2 820856]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-9-30 273552]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0601010.008\ccsetx86.sys [2012-3-15 132744]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20120315.002\IDSvix86.sys [2012-3-15 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0601010.008\ironx86.sys [2012-3-15 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0601010.008\symtdiv.sys [2012-3-15 345208]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-27 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.1.1.8\ccsvchst.exe [2012-3-15 138232]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-15 2337144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-15 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-27 20464]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-12 9472]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-18 16896]
.
=============== Created Last 30 ================
.
2012-03-16 10:47:39 -------- d-----w- c:\users\toshibauser\appdata\local\CrashDumps
2012-03-16 02:20:24 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-15 23:12:20 345208 ----a-r- c:\windows\system32\drivers\n360\0601010.008\symtdiv.sys
2012-03-15 23:12:19 318584 ----a-r- c:\windows\system32\drivers\n360\0601010.008\symnets.sys
2012-03-15 23:12:18 905336 ----a-r- c:\windows\system32\drivers\n360\0601010.008\symefa.sys
2012-03-15 23:12:18 340088 ----a-r- c:\windows\system32\drivers\n360\0601010.008\symds.sys
2012-03-15 23:12:18 32888 ----a-r- c:\windows\system32\drivers\n360\0601010.008\srtspx.sys
2012-03-15 23:12:17 574584 ----a-r- c:\windows\system32\drivers\n360\0601010.008\srtsp.sys
2012-03-15 23:12:17 149624 ----a-r- c:\windows\system32\drivers\n360\0601010.008\ironx86.sys
2012-03-15 23:12:16 132744 ----a-r- c:\windows\system32\drivers\n360\0601010.008\ccsetx86.sys
2012-03-15 23:10:51 -------- d-----w- c:\windows\system32\drivers\n360\0601010.008
2012-03-15 22:47:11 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 22:47:11 -------- d-----w- c:\program files\Symantec
2012-03-15 22:47:11 -------- d-----w- c:\program files\common files\Symantec Shared
2012-03-15 22:44:49 -------- d-----w- c:\windows\system32\drivers\N360
2012-03-15 22:44:46 -------- d-----w- c:\program files\Norton 360
2012-03-15 22:44:44 -------- d-----w- c:\programdata\Norton
2012-03-15 22:43:59 -------- d-----w- c:\programdata\NortonInstaller
2012-03-15 22:43:59 -------- d-----w- c:\program files\NortonInstaller
2012-03-15 22:33:46 -------- d-----w- c:\users\toshibauser\appdata\roaming\Wireshark
2012-03-15 22:11:11 -------- d-----w- c:\program files\WinPcap
2012-03-15 22:10:28 -------- d-----w- c:\program files\Wireshark
2012-03-15 18:20:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 18:20:53 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 18:20:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 18:20:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 18:20:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 10:45:37 95864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-14 22:01:39 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-14 21:58:21 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-14 21:58:21 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-14 21:58:20 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-14 21:58:20 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-14 21:58:20 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-14 21:58:20 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-14 21:58:20 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-14 20:31:45 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-14 20:31:45 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 18:57:48 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2012-03-14 06:30:37 -------- d-----w- c:\program files\HTC
2012-03-14 06:29:40 -------- d-----w- C:\Temp
2012-03-14 06:14:24 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-03-14 06:14:24 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-03-14 06:14:23 -------- d-----w- c:\program files\PdaNet for Android
2012-03-13 23:49:31 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58f6392d-c900-416a-9bb6-dd77fcd5d048}\mpengine.dll
2012-03-13 23:39:22 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-03-13 23:39:05 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-13 23:39:02 66560 ----a-w- c:\windows\system32\packager.dll
2012-03-13 23:39:00 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-03-13 23:39:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-03-13 23:38:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 23:38:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:37:56 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-13 23:37:53 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-03-13 23:37:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:37:50 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-03-13 23:37:50 189952 ----a-w- c:\windows\system32\winmm.dll
2012-03-13 23:37:48 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-13 23:37:47 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-03-13 23:37:47 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-03-13 23:37:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-13 23:37:45 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-03-13 23:37:03 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-13 23:37:02 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-03-13 23:36:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-03-13 23:36:21 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-03-13 23:36:20 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-13 23:36:20 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-03-13 23:28:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-13 23:28:03 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-03-13 23:28:00 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-13 23:28:00 278528 ----a-w- c:\windows\system32\schannel.dll
2012-03-13 23:28:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-13 23:27:59 9728 ----a-w- c:\windows\system32\lsass.exe
2012-03-13 23:27:59 72704 ----a-w- c:\windows\system32\secur32.dll
2012-03-13 23:27:59 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-03-13 23:22:24 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 23:22:23 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-12 10:29:16 -------- d-----w- c:\windows\system32\eu-ES
2012-03-12 10:29:16 -------- d-----w- c:\windows\system32\ca-ES
2012-03-12 10:29:15 -------- d-----w- c:\windows\system32\vi-VN
2012-03-12 09:39:45 -------- d-----w- c:\windows\system32\EventProviders
2012-03-08 21:42:35 -------- d-----w- c:\users\toshibauser\appdata\roaming\Trillian
.
==================== Find3M ====================
.
2012-03-14 22:01:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-14 21:58:23 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-03-14 08:27:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 3:54:02.35 ===============

=================================================================================




I apologize if i have attached too much.. one screen said zip the attach.txt and one said just upload it so i put both.

I can not tell you how very much I appreciate you all being here, and taking the time to help us 'tech challenged' individuals :)

thank you

Attached Files


Edited by cazabra, 16 March 2012 - 11:38 AM.


BC AdBot (Login to Remove)

 


#2 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 March 2012 - 02:08 PM

not trying to bump, just adding more info.
my browsers are acting really weird and i don't know if it is just norton or something more..
many sites, including this one load, but the loading igon in the address bar continues to circle until i click the stop X
i tried logging into my router and was not able to.. i had to reset it.
i can't even log in to the router from this computer now.. i get the password entered, but the interface doesn't fully load.
i have a new machine which, i am scared to use, but have had to use it to get back into the router and change the ssid and password.
as i was typing this post, norton popped up with .. norton has encountered an error and is performing an autofix.

i am supremely paranoid considering my last router was completely hacked beyond repair

thank you for any assistance/advice

#3 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 March 2012 - 06:10 PM

read up on ICMP and dns cache attacks so I changed my dns to use google dns and ALL of the browser delays stopped.

That is enough for me to be convinced there is some kind of dns hack on my PC and or router
.. and that the hackers now have my new IP .. which it took an act of congress to get from my ISP.

can it actually be permanently cleaned ?
do you guys help with router security settings ?

I don't know how you guys do this stuff, but I am so glad you do.
This has tweaked me so much I've considered giving up on the internet completely, or going MAC, but that would require me to buy thousands in software replacement .. and probably just give the hackers a new game.
Besides, I don't imagine I can find the community support I have found here..

trying to be patient while I freak out :)

thanks again.

#4 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 17 March 2012 - 07:25 PM

more firewall stuff
192.168.1.2 being my router

PC 1 (the old pc whos logs are above)
3/17/2012 10:07:55 AM Detected unexpected data in protocol 192.168.1.2:50545 206.204.54.90:53 UDP
3/16/2012 5:55:00 PM Detected unexpected data in protocol 192.168.1.2:61675 216.12.144.90:53 UDP
3/16/2012 4:24:44 PM Detected unexpected data in protocol 192.168.1.2:57811 216.12.144.90:53 UDP
3/16/2012 2:54:28 PM Detected unexpected data in protocol 192.168.1.2:63567 206.204.54.90:53 UDP
3/16/2012 9:24:08 AM Detected unexpected data in protocol 192.168.1.2:61629 216.12.144.90:53 UDP
3/15/2012 10:58:29 PM Detected unexpected data in protocol 192.168.1.2:62784 216.12.144.90:53 UDP
3/15/2012 7:57:47 PM Detected unexpected data in protocol 192.168.1.2:59530 216.12.144.90:53 UDP
3/15/2012 4:22:26 PM Detected covert channel exploit in ICMP packet 192.168.1.2 206.204.18.22 ICMP
3/15/2012 4:22:26 PM Detected covert channel exploit in ICMP packet 192.168.1.2 192.168.1.1 ICMP

pc 2 (the new pc which had been completely reformatted with windows 7)

3/17/2012 4:58:42 PM Detected DNS cache poisoning attack 8.8.4.4:53 192.168.1.2:54173 UDP
3/17/2012 4:58:41 PM Detected DNS cache poisoning attack 8.8.8.8:53 192.168.1.2:54173 UDP
3/17/2012 4:53:35 PM Detected DNS cache poisoning attack 8.8.4.4:53 192.168.1.2:56227 UDP
3/17/2012 4:53:35 PM Detected DNS cache poisoning attack 8.8.8.8:53 192.168.1.2:56227 UDP
3/17/2012 4:53:32 PM Detected DNS cache poisoning attack 8.8.8.8:53 192.168.1.2:56227 UDP
3/17/2012 4:53:31 PM Detected DNS cache poisoning attack 8.8.4.4:53 192.168.1.2:56227 UDP
3/17/2012 4:51:02 PM Detected DNS cache poisoning attack 8.8.8.8:53 192.168.1.2:52017 UDP
3/17/2012 4:51:02 PM Detected DNS cache poisoning attack 8.8.4.4:53 192.168.1.2:52017 UDP
(hundreds of these)

Edited by cazabra, 17 March 2012 - 07:28 PM.


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 18 March 2012 - 07:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 18 March 2012 - 07:56 PM

I'm here, subscribed, and ready for direction ;)
thanks !

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 18 March 2012 - 08:30 PM

Okay, well your network looks like it's being attacked but it's not a hack. There's no person behind it just malware. First, let's see if we can flush it out.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#8 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 18 March 2012 - 09:58 PM

i was having an issue getting aswMBR.exe to start and in looking in the task manager found
PresentationFontCache.exe running.. i've never seen that before .. noting just in case.



I don't know how to attach the MBR.dat [Error You aren't permitted to upload this kind of file]
the only legible text in that file is
Invalid partition table Error loading operating system Missing operating system

here is the log from a 'quick scan'...

---------------------------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 19:05:25
-----------------------------
19:05:25.541 OS Version: Windows 6.0.6002 Service Pack 2
19:05:25.541 Number of processors: 2 586 0x6801
19:05:25.541 ComputerName: ANKH UserName:
19:05:39.509 Initialize success
19:06:38.131 AVAST engine defs: 12031700
19:07:35.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:07:35.344 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7DP Size: 152627MB BusType: 3
19:07:35.360 Disk 0 MBR read successfully
19:07:35.360 Disk 0 MBR scan
19:07:35.407 Disk 0 Windows VISTA default MBR code
19:07:35.422 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:07:35.454 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151126 MB offset 3074048
19:07:35.469 Disk 0 scanning sectors +312580096
19:07:35.641 Disk 0 scanning C:\Windows\system32\drivers
19:08:05.543 Service scanning
19:09:01.636 Modules scanning
19:09:35.438 Disk 0 trace - called modules:
19:09:35.516 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
19:09:35.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8571c4a0]
19:09:35.516 3 CLASSPNP.SYS[8a5138b3] -> nt!IofCallDriver -> [0x85733650]
19:09:35.516 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8570e5e0]
19:09:36.764 AVAST engine scan C:\Windows
19:09:46.395 AVAST engine scan C:\Windows\system32
19:17:28.651 AVAST engine scan C:\Windows\system32\drivers
19:18:16.268 AVAST engine scan C:\Users\toshibauser
19:33:57.816 AVAST engine scan C:\ProgramData
19:50:12.097 Scan finished successfully
19:51:46.124 Disk 0 MBR has been saved successfully to "C:\Users\toshibauser\{4938bb4d-af28-4564-97bd-

5c487f58a082}\MBR.dat"
19:51:46.139 The log file has been saved successfully to "C:\Users\toshibauser\{4938bb4d-af28-4564-97bd-

5c487f58a082}\aswMBR.txt"
19:52:18.969 Disk 0 MBR has been saved successfully to "C:\Users\toshibauser\Desktop\MBR.dat"
19:52:18.969 The log file has been saved successfully to "C:\Users\toshibauser\Desktop\aswMBR.txt"




I have 2 other machines on my network which, i'm afraid to run ..
what would be the protocol for assistance with those ?

thanks !

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 19 March 2012 - 05:25 PM

The protocol depends on the team member. I am happy to look through each one in turn, they must be kept off the network until they are given the all-clear. So far, we don't have anything to clean though.

Please run TDSSKiller next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#10 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 March 2012 - 07:29 PM

awesome. thanks
running now.

#11 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 March 2012 - 08:16 PM

No Threats Found

.. which, I guess is great, but there is still something funky going on.. I can't browse in chrome or firefox without it hanging (page either doesn't load at all ...blank, or loads fully but the loading icon in the address bar continues to spin)

18:12:27.0138 9524 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:12:29.0141 9524 ============================================================
18:12:29.0142 9524 Current date / time: 2012/03/19 18:12:29.0141
18:12:29.0142 9524 SystemInfo:
18:12:29.0142 9524
18:12:29.0142 9524 OS Version: 6.0.6002 ServicePack: 2.0
18:12:29.0142 9524 Product type: Workstation
18:12:29.0142 9524 ComputerName: ANKH
18:12:29.0142 9524 UserName: toshibauser
18:12:29.0143 9524 Windows directory: C:\Windows
18:12:29.0143 9524 System windows directory: C:\Windows
18:12:29.0143 9524 Processor architecture: Intel x86
18:12:29.0143 9524 Number of processors: 2
18:12:29.0143 9524 Page size: 0x1000
18:12:29.0143 9524 Boot type: Normal boot
18:12:29.0143 9524 ============================================================
18:12:35.0166 9524 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:12:35.0182 9524 \Device\Harddisk0\DR0:
18:12:35.0197 9524 MBR used
18:12:35.0197 9524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
18:12:35.0384 9524 Initialize success
18:12:35.0384 9524 ============================================================
18:12:40.0600 9504 ============================================================
18:12:40.0600 9504 Scan started
18:12:40.0600 9504 Mode: Manual;
18:12:40.0600 9504 ============================================================
18:12:43.0570 9504 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:12:43.0574 9504 ACPI - ok
18:12:43.0912 9504 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:12:43.0928 9504 adp94xx - ok
18:12:44.0256 9504 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:12:44.0300 9504 adpahci - ok
18:12:44.0645 9504 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:12:44.0648 9504 adpu160m - ok
18:12:44.0683 9504 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:12:44.0686 9504 adpu320 - ok
18:12:45.0274 9504 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:12:45.0304 9504 AFD - ok
18:12:46.0038 9504 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:12:46.0460 9504 AgereSoftModem - ok
18:12:46.0668 9504 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:12:46.0784 9504 agp440 - ok
18:12:47.0083 9504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:12:47.0108 9504 aic78xx - ok
18:12:47.0270 9504 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:12:47.0293 9504 aliide - ok
18:12:47.0338 9504 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:12:47.0380 9504 amdagp - ok
18:12:47.0430 9504 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:12:47.0434 9504 amdide - ok
18:12:47.0581 9504 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:12:47.0583 9504 AmdK7 - ok
18:12:47.0639 9504 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
18:12:47.0642 9504 AmdK8 - ok
18:12:47.0725 9504 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:12:47.0768 9504 arc - ok
18:12:47.0884 9504 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:12:47.0928 9504 arcsas - ok
18:12:48.0072 9504 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\Windows\system32\Drivers\ASAPIW2K.sys
18:12:48.0072 9504 ASAPIW2K - ok
18:12:48.0181 9504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:12:48.0181 9504 AsyncMac - ok
18:12:48.0274 9504 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:12:48.0274 9504 atapi - ok
18:12:48.0352 9504 athr (65b4e571b8c3f5b960ab889c0a770459) C:\Windows\system32\DRIVERS\athr.sys
18:12:48.0352 9504 athr - ok
18:12:48.0583 9504 atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys
18:12:48.0705 9504 atikmdag - ok
18:12:48.0834 9504 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:12:48.0858 9504 AtiPcie - ok
18:12:48.0963 9504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:12:48.0986 9504 Beep - ok
18:12:49.0303 9504 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
18:12:49.0315 9504 BHDrvx86 - ok
18:12:49.0435 9504 blbdrive - ok
18:12:49.0522 9504 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:12:49.0562 9504 bowser - ok
18:12:49.0718 9504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:12:49.0723 9504 BrFiltLo - ok
18:12:49.0749 9504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:12:49.0755 9504 BrFiltUp - ok
18:12:49.0797 9504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:12:49.0804 9504 Brserid - ok
18:12:49.0928 9504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:12:49.0936 9504 BrSerWdm - ok
18:12:49.0957 9504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:12:49.0961 9504 BrUsbMdm - ok
18:12:49.0979 9504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:12:49.0981 9504 BrUsbSer - ok
18:12:50.0025 9504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:12:50.0049 9504 BTHMODEM - ok
18:12:50.0240 9504 cbfs3 (aa7e8990bd4762f3e0c3d21aa1655468) C:\Windows\system32\drivers\cbfs3.sys
18:12:50.0252 9504 cbfs3 - ok
18:12:50.0369 9504 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0601010.008\ccSetx86.sys
18:12:50.0394 9504 ccSet_N360 - ok
18:12:50.0557 9504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:12:50.0588 9504 cdfs - ok
18:12:50.0619 9504 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
18:12:50.0635 9504 Cdr4_xp - ok
18:12:50.0666 9504 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
18:12:50.0682 9504 Cdralw2k - ok
18:12:50.0806 9504 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:12:50.0853 9504 cdrom - ok
18:12:50.0900 9504 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:12:50.0947 9504 circlass - ok
18:12:50.0994 9504 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:12:50.0994 9504 CLFS - ok
18:12:51.0099 9504 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:12:51.0104 9504 CmBatt - ok
18:12:51.0155 9504 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:12:51.0177 9504 cmdide - ok
18:12:51.0222 9504 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:12:51.0225 9504 Compbatt - ok
18:12:51.0259 9504 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:12:51.0316 9504 crcdisk - ok
18:12:51.0463 9504 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:12:51.0505 9504 Crusoe - ok
18:12:51.0604 9504 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:12:51.0608 9504 DfsC - ok
18:12:51.0797 9504 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:12:51.0801 9504 disk - ok
18:12:51.0879 9504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:12:51.0900 9504 drmkaud - ok
18:12:52.0079 9504 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:12:52.0079 9504 DXGKrnl - ok
18:12:52.0237 9504 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:12:52.0278 9504 E1G60 - ok
18:12:52.0388 9504 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
18:12:52.0414 9504 eamonm - ok
18:12:52.0589 9504 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:12:52.0593 9504 Ecache - ok
18:12:52.0772 9504 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:12:52.0785 9504 eeCtrl - ok
18:12:52.0918 9504 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
18:12:52.0922 9504 ehdrv - ok
18:12:53.0016 9504 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:12:53.0024 9504 elxstor - ok
18:12:53.0196 9504 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\Windows\system32\DRIVERS\epfw.sys
18:12:53.0196 9504 epfw - ok
18:12:53.0274 9504 Epfwndis (490329bf80f333e788df9596a752a915) C:\Windows\system32\DRIVERS\Epfwndis.sys
18:12:53.0336 9504 Epfwndis - ok
18:12:53.0383 9504 epfwwfp (c62068dab6e2510fb231286d3da63dfa) C:\Windows\system32\DRIVERS\epfwwfp.sys
18:12:53.0414 9504 epfwwfp - ok
18:12:53.0539 9504 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:12:53.0539 9504 EraserUtilRebootDrv - ok
18:12:53.0683 9504 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:12:53.0734 9504 exfat - ok
18:12:53.0777 9504 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:12:53.0802 9504 fastfat - ok
18:12:53.0848 9504 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:12:53.0887 9504 fdc - ok
18:12:54.0028 9504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:12:54.0068 9504 FileInfo - ok
18:12:54.0113 9504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:12:54.0135 9504 Filetrace - ok
18:12:54.0247 9504 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:12:54.0270 9504 flpydisk - ok
18:12:54.0371 9504 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:12:54.0413 9504 FltMgr - ok
18:12:54.0503 9504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:12:54.0526 9504 Fs_Rec - ok
18:12:54.0594 9504 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:12:54.0594 9504 gagp30kx - ok
18:12:54.0672 9504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:12:54.0681 9504 GEARAspiWDM - ok
18:12:54.0788 9504 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:12:54.0815 9504 HdAudAddService - ok
18:12:54.0920 9504 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:12:54.0927 9504 HDAudBus - ok
18:12:55.0110 9504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:12:55.0134 9504 HidBth - ok
18:12:55.0227 9504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:12:55.0249 9504 HidIr - ok
18:12:55.0342 9504 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:12:55.0364 9504 HidUsb - ok
18:12:55.0389 9504 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:12:55.0429 9504 HpCISSs - ok
18:12:55.0557 9504 htcusbnet - ok
18:12:55.0629 9504 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:12:55.0634 9504 HTTP - ok
18:12:55.0697 9504 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:12:55.0712 9504 i2omp - ok
18:12:55.0853 9504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:12:55.0868 9504 i8042prt - ok
18:12:55.0946 9504 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:12:55.0962 9504 iaStorV - ok
18:12:56.0147 9504 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120316.005\IDSvix86.sys
18:12:56.0158 9504 IDSVix86 - ok
18:12:56.0281 9504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:12:56.0306 9504 iirsp - ok
18:12:56.0377 9504 IntcAzAudAddService - ok
18:12:56.0445 9504 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:12:56.0468 9504 intelide - ok
18:12:56.0497 9504 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:12:56.0523 9504 intelppm - ok
18:12:56.0694 9504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:56.0718 9504 IpFilterDriver - ok
18:12:56.0737 9504 IpInIp - ok
18:12:56.0785 9504 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:12:56.0789 9504 IPMIDRV - ok
18:12:56.0842 9504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:12:56.0844 9504 IPNAT - ok
18:12:57.0032 9504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:12:57.0054 9504 IRENUM - ok
18:12:57.0172 9504 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:12:57.0204 9504 isapnp - ok
18:12:57.0425 9504 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:12:57.0429 9504 iScsiPrt - ok
18:12:57.0483 9504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:12:57.0525 9504 iteatapi - ok
18:12:57.0632 9504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:12:57.0673 9504 iteraid - ok
18:12:57.0718 9504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:12:57.0758 9504 kbdclass - ok
18:12:57.0787 9504 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
18:12:57.0789 9504 kbdhid - ok
18:12:57.0903 9504 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
18:12:57.0931 9504 KR10I - ok
18:12:58.0029 9504 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
18:12:58.0039 9504 KR10N - ok
18:12:58.0076 9504 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
18:12:58.0124 9504 KR3NPXP - ok
18:12:58.0274 9504 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:12:58.0289 9504 KSecDD - ok
18:12:58.0352 9504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:12:58.0367 9504 lltdio - ok
18:12:58.0508 9504 lmimirr - ok
18:12:58.0554 9504 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
18:12:58.0570 9504 LPCFilter - ok
18:12:58.0617 9504 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:12:58.0648 9504 LSI_FC - ok
18:12:58.0679 9504 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:12:58.0695 9504 LSI_SAS - ok
18:12:58.0798 9504 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:12:58.0822 9504 LSI_SCSI - ok
18:12:58.0911 9504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:12:58.0935 9504 luafv - ok
18:12:59.0058 9504 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
18:12:59.0100 9504 LVcKap - ok
18:12:59.0321 9504 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
18:12:59.0344 9504 LVMVDrv - ok
18:12:59.0571 9504 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys
18:12:59.0615 9504 lvpopflt - ok
18:12:59.0813 9504 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:12:59.0818 9504 LVPr2Mon - ok
18:13:00.0118 9504 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
18:13:00.0123 9504 LVUSBSta - ok
18:13:00.0405 9504 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys
18:13:00.0442 9504 LVUVC - ok
18:13:00.0597 9504 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\Windows\system32\DRIVERS\MarvinBus.sys
18:13:00.0600 9504 MarvinBus - ok
18:13:00.0648 9504 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:13:00.0789 9504 MBAMProtector - ok
18:13:01.0007 9504 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:13:01.0039 9504 megasas - ok
18:13:01.0348 9504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:13:01.0350 9504 Modem - ok
18:13:01.0521 9504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:13:01.0523 9504 monitor - ok
18:13:01.0585 9504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:13:01.0609 9504 mouclass - ok
18:13:01.0638 9504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:13:01.0662 9504 mouhid - ok
18:13:01.0700 9504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:13:01.0724 9504 MountMgr - ok
18:13:01.0855 9504 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:13:01.0879 9504 mpio - ok
18:13:01.0925 9504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:13:01.0985 9504 mpsdrv - ok
18:13:02.0107 9504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:13:02.0131 9504 Mraid35x - ok
18:13:02.0431 9504 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:13:02.0440 9504 MRxDAV - ok
18:13:02.0657 9504 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:13:02.0660 9504 mrxsmb - ok
18:13:02.0839 9504 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:13:02.0872 9504 mrxsmb10 - ok
18:13:03.0297 9504 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:13:03.0350 9504 mrxsmb20 - ok
18:13:03.0819 9504 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:13:03.0827 9504 msahci - ok
18:13:03.0954 9504 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:13:03.0996 9504 msdsm - ok
18:13:04.0053 9504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:13:04.0078 9504 Msfs - ok
18:13:04.0169 9504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:13:04.0192 9504 msisadrv - ok
18:13:04.0308 9504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:13:04.0332 9504 MSKSSRV - ok
18:13:04.0789 9504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:13:04.0792 9504 MSPCLOCK - ok
18:13:04.0890 9504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:13:04.0891 9504 MSPQM - ok
18:13:04.0928 9504 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:13:04.0937 9504 MsRPC - ok
18:13:05.0023 9504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:13:05.0046 9504 mssmbios - ok
18:13:05.0217 9504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:13:05.0240 9504 MSTEE - ok
18:13:05.0552 9504 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:13:05.0575 9504 Mup - ok
18:13:05.0913 9504 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:13:05.0913 9504 NativeWifiP - ok
18:13:06.0069 9504 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120319.003\NAVENG.SYS
18:13:06.0085 9504 NAVENG - ok
18:13:06.0163 9504 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120319.003\NAVEX15.SYS
18:13:06.0194 9504 NAVEX15 - ok
18:13:06.0421 9504 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:13:06.0431 9504 NDIS - ok
18:13:06.0571 9504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:13:06.0575 9504 NdisTapi - ok
18:13:06.0673 9504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:13:06.0675 9504 Ndisuio - ok
18:13:06.0797 9504 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:13:06.0891 9504 NdisWan - ok
18:13:07.0025 9504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:13:07.0066 9504 NDProxy - ok
18:13:07.0157 9504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:13:07.0179 9504 NetBIOS - ok
18:13:07.0321 9504 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:13:07.0348 9504 netbt - ok
18:13:07.0420 9504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:13:07.0451 9504 nfrd960 - ok
18:13:07.0531 9504 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
18:13:07.0538 9504 NPF - ok
18:13:07.0664 9504 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:13:07.0688 9504 Npfs - ok
18:13:07.0729 9504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:13:07.0755 9504 nsiproxy - ok
18:13:08.0002 9504 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:13:08.0069 9504 Ntfs - ok
18:13:08.0193 9504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:13:08.0215 9504 ntrigdigi - ok
18:13:08.0293 9504 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:13:08.0314 9504 NuidFltr - ok
18:13:08.0490 9504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:13:08.0521 9504 Null - ok
18:13:08.0646 9504 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:13:08.0677 9504 nvraid - ok
18:13:08.0693 9504 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:13:08.0724 9504 nvstor - ok
18:13:08.0849 9504 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:13:08.0865 9504 nv_agp - ok
18:13:08.0880 9504 NwlnkFlt - ok
18:13:08.0896 9504 NwlnkFwd - ok
18:13:09.0304 9504 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:13:09.0306 9504 ohci1394 - ok
18:13:09.0423 9504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:13:09.0452 9504 Parport - ok
18:13:09.0606 9504 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:13:09.0630 9504 partmgr - ok
18:13:09.0703 9504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:13:09.0725 9504 Parvdm - ok
18:13:09.0776 9504 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:13:09.0801 9504 pci - ok
18:13:09.0869 9504 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:13:09.0893 9504 pciide - ok
18:13:09.0981 9504 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys
18:13:09.0981 9504 PCLEPCI - ok
18:13:10.0014 9504 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
18:13:10.0036 9504 pcmcia - ok
18:13:10.0248 9504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:13:10.0270 9504 PEAUTH - ok
18:13:10.0636 9504 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
18:13:10.0640 9504 pnetmdm - ok
18:13:10.0852 9504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:13:10.0877 9504 PptpMiniport - ok
18:13:10.0967 9504 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:13:11.0036 9504 Processor - ok
18:13:11.0129 9504 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:13:11.0145 9504 PSched - ok
18:13:11.0363 9504 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
18:13:11.0395 9504 PxHelp20 - ok
18:13:11.0488 9504 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:13:11.0514 9504 ql2300 - ok
18:13:11.0658 9504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:13:11.0662 9504 ql40xx - ok
18:13:11.0745 9504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:13:11.0747 9504 QWAVEdrv - ok
18:13:11.0804 9504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:13:11.0826 9504 RasAcd - ok
18:13:11.0920 9504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:13:11.0962 9504 Rasl2tp - ok
18:13:12.0047 9504 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:13:12.0070 9504 RasPppoe - ok
18:13:12.0113 9504 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:13:12.0139 9504 RasSstp - ok
18:13:12.0488 9504 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:13:12.0527 9504 rdbss - ok
18:13:12.0697 9504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:13:12.0699 9504 RDPCDD - ok
18:13:12.0804 9504 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:13:12.0850 9504 rdpdr - ok
18:13:13.0292 9504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:13:13.0412 9504 RDPENCDD - ok
18:13:13.0562 9504 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:13:13.0597 9504 RDPWD - ok
18:13:13.0675 9504 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
18:13:13.0675 9504 ROOTMODEM - ok
18:13:13.0737 9504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:13:13.0769 9504 rspndr - ok
18:13:13.0909 9504 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:13:13.0956 9504 RTL8169 - ok
18:13:14.0003 9504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:13:14.0003 9504 sbp2port - ok
18:13:14.0065 9504 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
18:13:14.0066 9504 sdbus - ok
18:13:14.0198 9504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:13:14.0222 9504 secdrv - ok
18:13:14.0259 9504 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:13:14.0283 9504 Serenum - ok
18:13:14.0323 9504 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:13:14.0347 9504 Serial - ok
18:13:14.0514 9504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:13:14.0517 9504 sermouse - ok
18:13:14.0749 9504 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
18:13:14.0772 9504 sffdisk - ok
18:13:14.0816 9504 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:13:14.0817 9504 sffp_mmc - ok
18:13:14.0869 9504 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:13:14.0891 9504 sffp_sd - ok
18:13:15.0016 9504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:13:15.0040 9504 sfloppy - ok
18:13:15.0104 9504 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:13:15.0136 9504 sisagp - ok
18:13:15.0156 9504 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:13:15.0199 9504 SiSRaid2 - ok
18:13:15.0229 9504 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:13:15.0254 9504 SiSRaid4 - ok
18:13:15.0576 9504 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:13:15.0601 9504 Smb - ok
18:13:16.0012 9504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:13:16.0088 9504 spldr - ok
18:13:16.0267 9504 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601010.008\SRTSP.SYS
18:13:16.0299 9504 SRTSP - ok
18:13:16.0455 9504 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\N360\0601010.008\SRTSPX.SYS
18:13:16.0455 9504 SRTSPX - ok
18:13:16.0533 9504 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:13:16.0595 9504 srv - ok
18:13:16.0735 9504 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:13:16.0762 9504 srv2 - ok
18:13:16.0784 9504 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:13:16.0809 9504 srvnet - ok
18:13:16.0875 9504 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:13:16.0897 9504 StillCam - ok
18:13:17.0035 9504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:13:17.0040 9504 swenum - ok
18:13:17.0096 9504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:13:17.0126 9504 Symc8xx - ok
18:13:17.0221 9504 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0601010.008\SYMDS.SYS
18:13:17.0235 9504 SymDS - ok
18:13:17.0454 9504 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0601010.008\SYMEFA.SYS
18:13:17.0475 9504 SymEFA - ok
18:13:17.0755 9504 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:13:17.0758 9504 SymEvent - ok
18:13:17.0830 9504 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
18:13:17.0832 9504 SymIM - ok
18:13:17.0906 9504 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0601010.008\Ironx86.SYS
18:13:17.0932 9504 SymIRON - ok
18:13:18.0031 9504 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0601010.008\SYMTDIV.SYS
18:13:18.0063 9504 SYMTDIv - ok
18:13:18.0139 9504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:13:18.0162 9504 Sym_hi - ok
18:13:18.0216 9504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:13:18.0240 9504 Sym_u3 - ok
18:13:18.0334 9504 SynTP (2b0552686d4f56888280627920d52e35) C:\Windows\system32\DRIVERS\SynTP.sys
18:13:18.0345 9504 SynTP - ok
18:13:18.0485 9504 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:13:18.0508 9504 Tcpip - ok
18:13:18.0860 9504 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:13:18.0875 9504 Tcpip6 - ok
18:13:19.0000 9504 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:13:19.0000 9504 tcpipreg - ok
18:13:19.0063 9504 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:13:19.0063 9504 tdcmdpst - ok
18:13:19.0187 9504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:13:19.0194 9504 TDPIPE - ok
18:13:19.0229 9504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:13:19.0271 9504 TDTCP - ok
18:13:19.0323 9504 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:13:19.0347 9504 tdx - ok
18:13:19.0397 9504 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:13:19.0399 9504 TermDD - ok
18:13:19.0560 9504 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
18:13:19.0605 9504 tifm21 - ok
18:13:19.0936 9504 Tosrfcom - ok
18:13:20.0030 9504 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:13:20.0077 9504 tos_sps32 - ok
18:13:20.0102 9504 TpChoice - ok
18:13:20.0211 9504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:13:20.0211 9504 tssecsrv - ok
18:13:20.0308 9504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:13:20.0310 9504 tunmp - ok
18:13:20.0373 9504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:13:20.0376 9504 tunnel - ok
18:13:20.0460 9504 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:13:20.0484 9504 TVALZ - ok
18:13:20.0536 9504 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:13:20.0538 9504 uagp35 - ok
18:13:20.0639 9504 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:13:20.0644 9504 udfs - ok
18:13:20.0858 9504 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:13:20.0884 9504 uliagpkx - ok
18:13:20.0945 9504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:13:20.0974 9504 uliahci - ok
18:13:21.0003 9504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:13:21.0046 9504 UlSata - ok
18:13:21.0069 9504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:13:21.0123 9504 ulsata2 - ok
18:13:21.0284 9504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:13:21.0284 9504 umbus - ok
18:13:21.0362 9504 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:13:21.0362 9504 USBAAPL - ok
18:13:21.0408 9504 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:13:21.0424 9504 usbaudio - ok
18:13:21.0564 9504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:13:21.0564 9504 usbccgp - ok
18:13:21.0596 9504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:13:21.0611 9504 usbcir - ok
18:13:21.0658 9504 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:13:21.0689 9504 usbehci - ok
18:13:21.0874 9504 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:13:21.0881 9504 usbhub - ok
18:13:21.0962 9504 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:13:21.0984 9504 usbohci - ok
18:13:22.0031 9504 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:13:22.0055 9504 usbprint - ok
18:13:22.0149 9504 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:13:22.0173 9504 usbscan - ok
18:13:22.0271 9504 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:13:22.0295 9504 USBSTOR - ok
18:13:22.0335 9504 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:13:22.0336 9504 usbuhci - ok
18:13:22.0436 9504 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
18:13:22.0444 9504 usbvideo - ok
18:13:22.0527 9504 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
18:13:22.0551 9504 usb_rndisx - ok
18:13:22.0661 9504 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:13:22.0684 9504 vga - ok
18:13:22.0993 9504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:13:23.0032 9504 VgaSave - ok
18:13:23.0248 9504 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:13:23.0273 9504 viaagp - ok
18:13:23.0395 9504 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:13:23.0419 9504 ViaC7 - ok
18:13:23.0450 9504 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:13:23.0472 9504 viaide - ok
18:13:23.0518 9504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:13:23.0542 9504 volmgr - ok
18:13:23.0593 9504 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:13:23.0619 9504 volmgrx - ok
18:13:23.0754 9504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:13:23.0782 9504 volsnap - ok
18:13:23.0847 9504 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:13:23.0909 9504 vsmraid - ok
18:13:24.0128 9504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:13:24.0143 9504 WacomPen - ok
18:13:24.0252 9504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:13:24.0299 9504 Wanarp - ok
18:13:24.0315 9504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:13:24.0315 9504 Wanarpv6 - ok
18:13:24.0397 9504 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:13:24.0420 9504 Wd - ok
18:13:24.0508 9504 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
18:13:24.0530 9504 WDC_SAM - ok
18:13:24.0591 9504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:13:24.0604 9504 Wdf01000 - ok
18:13:24.0794 9504 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
18:13:24.0800 9504 winusb - ok
18:13:24.0870 9504 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:13:24.0893 9504 WmiAcpi - ok
18:13:25.0197 9504 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:13:25.0199 9504 WpdUsb - ok
18:13:25.0293 9504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:13:25.0340 9504 ws2ifsl - ok
18:13:25.0400 9504 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:13:25.0422 9504 WSDPrintDevice - ok
18:13:25.0554 9504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:13:25.0562 9504 WUDFRd - ok
18:13:25.0606 9504 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:13:25.0660 9504 \Device\Harddisk0\DR0 - ok
18:13:25.0666 9504 Boot (0x1200) (d03ca29b5b2e3b6df42f36678c788c7d) \Device\Harddisk0\DR0\Partition0
18:13:25.0667 9504 \Device\Harddisk0\DR0\Partition0 - ok
18:13:25.0671 9504 ============================================================
18:13:25.0671 9504 Scan finished
18:13:25.0671 9504 ============================================================
18:13:25.0691 8624 Detected object count: 0
18:13:25.0691 8624 Actual detected object count: 0

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 AM

Posted 19 March 2012 - 08:29 PM

These are only the preliminary scans. Please run Combofix now that rootkit activity seems to be nil

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 March 2012 - 08:51 PM

no av fw....Holding my breath while it runs ;)
Stage 7 and counting

#14 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 March 2012 - 09:08 PM

not even going to pretend i can read this :)


ComboFix 12-03-18.04 - toshibauser 03/19/2012 18:46:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1781 [GMT -7:00]
Running from: c:\users\toshibauser\Desktop\comfix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\toshibauser\AppData\Roaming\Microsoft\Windows\Recent\indiana_expo06_05
c:\users\toshibauser\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\toshibauser\ia_remove.sh7201.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 02:01 . 2012-03-20 02:02 -------- d-----w- c:\users\toshibauser\AppData\Local\temp
2012-03-20 02:01 . 2012-03-20 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 16:54 . 2012-03-19 16:54 -------- d-----w- c:\program files\Common Files\Skype
2012-03-17 21:15 . 2012-03-19 14:41 -------- d-----w- c:\users\toshibauser\AppData\Local\NPE
2012-03-16 10:47 . 2012-03-17 00:15 -------- d-----w- c:\users\toshibauser\AppData\Local\CrashDumps
2012-03-16 02:20 . 2011-11-24 02:23 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-15 22:47 . 2012-03-16 00:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-15 22:47 . 2012-03-15 23:13 -------- d-----w- c:\program files\Symantec
2012-03-15 22:47 . 2012-03-15 23:13 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-15 22:44 . 2012-03-15 23:57 -------- d-----w- c:\windows\system32\drivers\N360
2012-03-15 22:44 . 2012-03-15 22:44 -------- d-----w- c:\program files\Norton 360
2012-03-15 22:44 . 2012-03-17 21:15 -------- d-----w- c:\programdata\Norton
2012-03-15 22:43 . 2012-03-15 22:43 -------- d-----w- c:\program files\NortonInstaller
2012-03-15 22:33 . 2012-03-15 22:33 -------- d-----w- c:\users\toshibauser\AppData\Roaming\Wireshark
2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\WinPcap
2012-03-15 22:10 . 2012-03-15 22:11 -------- d-----w- c:\program files\Wireshark
2012-03-15 18:20 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 18:20 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 18:20 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 18:20 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 18:20 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 10:45 . 2007-05-11 03:52 95864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-14 22:01 . 2012-03-14 22:01 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-14 21:58 . 2012-03-14 21:58 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-14 21:58 . 2012-03-14 21:58 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-14 21:58 . 2012-03-14 21:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-14 21:58 . 2012-03-14 21:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-14 21:58 . 2012-03-14 21:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-14 21:58 . 2012-03-14 21:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-14 21:58 . 2012-03-14 21:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-14 20:31 . 2012-03-14 20:31 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-14 20:31 . 2012-03-14 20:31 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 18:57 . 2011-06-09 01:06 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2012-03-14 06:30 . 2012-03-15 23:32 -------- d-----w- c:\program files\HTC
2012-03-14 06:29 . 2012-03-14 06:29 -------- d-----w- c:\users\toshibauser\AppData\Roaming\InstallShield
2012-03-14 06:29 . 2012-03-14 06:29 -------- d-----w- C:\Temp
2012-03-14 06:14 . 2009-11-08 08:41 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-03-14 06:14 . 2009-11-08 08:41 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-03-14 06:14 . 2012-03-14 06:20 -------- d-----w- c:\program files\PdaNet for Android
2012-03-13 23:49 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58F6392D-C900-416A-9BB6-DD77FCD5D048}\mpengine.dll
2012-03-13 23:39 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-03-13 23:39 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-13 23:39 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-03-13 23:39 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-03-13 23:39 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-03-13 23:38 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 23:38 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:37 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-13 23:37 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-03-13 23:37 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:37 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-03-13 23:37 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-03-13 23:37 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-13 23:37 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-13 23:37 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-03-13 23:37 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-03-13 23:37 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-03-13 23:37 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-13 23:37 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-13 23:36 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-03-13 23:36 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-03-13 23:36 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-13 23:36 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-03-13 23:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-13 23:28 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-03-13 23:28 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-13 23:28 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-03-13 23:28 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-13 23:27 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-03-13 23:27 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-03-13 23:27 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-03-13 23:22 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 23:22 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-12 10:29 . 2012-03-12 10:30 -------- d-----w- c:\windows\system32\ca-ES
2012-03-12 10:29 . 2012-03-12 10:29 -------- d-----w- c:\windows\system32\eu-ES
2012-03-12 10:29 . 2012-03-12 10:29 -------- d-----w- c:\windows\system32\vi-VN
2012-03-12 09:39 . 2012-03-12 09:39 -------- d-----w- c:\windows\system32\EventProviders
2012-03-08 21:42 . 2012-03-10 05:10 -------- d-----w- c:\users\toshibauser\AppData\Roaming\Trillian
2012-03-02 18:54 . 2012-03-02 18:54 5164704 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 21:58 . 2012-03-14 21:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-03-14 08:27 . 2011-10-21 00:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2011-05-20 16:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2007-09-12 15:19 . 2007-12-07 20:21 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:22 . 2007-12-07 20:21 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-03-14 20:31 . 2011-05-06 06:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1045800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Jungle Disk Workgroup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Workgroup.lnk
backup=c:\windows\pss\Jungle Disk Workgroup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^toshibauser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\toshibauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^toshibauser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\toshibauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^toshibauser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\users\toshibauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 23:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]
2011-06-09 01:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 20:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 20:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMM Mode Selection]
2011-02-14 13:55 43520 ----a-r- c:\program files\HTC\ModeSelection\VMMModeSelection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WISE-FTP Task Planner]
2007-11-27 14:35 1243136 ----a-w- c:\program files\AceBIT\WISE-FTP 5\wf_tp.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31056850
*Deregistered* - 31056850
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833290559-1860086990-3996457891-1000Core.job
- c:\users\toshibauser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 02:46]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3833290559-1860086990-3996457891-1000UA.job
- c:\users\toshibauser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 02:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7A8A02D-1D27-4C8B-BC0C-236A14DD8F02}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\eih9zfo0.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-19 19:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-19 19:06:18
ComboFix-quarantined-files.txt 2012-03-20 02:06
.
Pre-Run: 70,291,271,680 bytes free
Post-Run: 70,241,042,432 bytes free
.
- - End Of File - - B80109F7B92CD52708A895E62373B0A7

#15 cazabra

cazabra
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 19 March 2012 - 09:16 PM

i know you have a trained eye, but i do have a specific concern regarding firefox ..
2007-09-12 15:19 . 2007-12-07 20:21 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:22 . 2007-12-07 20:21 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-03-14 20:31 . 2011-05-06 06:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

these scare me .. mostly just the last one with the date of 3 days ago




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users