Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Several intrusion attempts, tries to open windows in FF.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 7th, 2010, 11:34 am

Already removed one entry that was high risk, but I'm unsure if everything is clean and removed now since I'm still getting a lot of intrusion attempts. Norton 360 and Spybot S&D don't seem too find anything.

Anyway here's my log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:05, on 7-9-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Norton 360\Engine\4.0.0.127\MCUI32.EXE
C:\Windows\system32\taskmgr.exe
C:\Users\George\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1938754323-729904025-910476438-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Windows\System32\calc.exe /restart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #1] C:\Windows\System32\calc.exe /restart (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

Thanks in advance.
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am
Advertisement
Register to Remove

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 8th, 2010, 8:16 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

Disable Spybot's TeaTimer 1.5 & 1.6
  • If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
  • Click on Mode > Advanced Mode. When it prompts you, click Yes
  • On the left hand side, click on Tools
  • Check this box if it is not yet ticked: Resident
  • You will notice that Resident is now added under Tools. Click on Resident
  • Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
  • Exit Spybot Search & Destroy
  • Restart your computer for the changes to take effect
Leave TeaTimer disabled until we're done here.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 8th, 2010, 1:41 pm

Thank you for your help, really appreciated. Unfortunately I can't post a GMER log since my laptop already bluescreened 2 times running that program. I ran it under administrator rights, and I made sure no other programs were running. Maybe it's my norton antivirus, or should I run it in safe mode?

Edit: Ran my system in safe mode and was able too safely generate a GMER log. All log files are attached.

Argh, I can't upload the GMER file and I can't manually post it here. What should I do too send it?

Thanks for the support,

Sjors
You do not have the required permissions to view the files attached to this post.
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 8th, 2010, 7:45 pm

Hi

Copy/pasting the results of any logs will be fine. No need to attach them.

Leave Gmer for now. We'll come back to it if required. Try this one:
Rootkit Unhooker
Download Rootkit Unhooker from Here & save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers and Stealth Code, uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it such as your desktop then click Close
  • Copy/paste the entire contents of the report & post it in your next reply
Note - You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 9th, 2010, 8:35 am

Thank you for your reply. The GMER log is too long too copy/paste. The rootkin scanner did detect a few viruses.
Here's the report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x93637000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9261056 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C3B000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C3B000 PnpManager 4259840 bytes
0x82C3B000 RAW 4259840 bytes
0x82C3B000 WMIxWDM 4259840 bytes
0x9A8D0000 Win32k 2400256 bytes
0x9A8D0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x95A11000 C:\Windows\system32\DRIVERS\snp2uvc.sys 1761280 bytes (-, UVC Camera Streaming Driver)
0x95835000 C:\Windows\system32\drivers\viahduaa.sys 1503232 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xB6A67000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100908.050\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8B815000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B428000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x94A05000 C:\Windows\system32\DRIVERS\athr.sys 1232896 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8C621000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8B203000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x93F0C000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B61E000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x92C3B000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x83306000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xB2810000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9042A000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9212C000 C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x83233000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B010000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9208D000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8B595000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90EC5000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x90E15000 C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x92035000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100908.001\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xB6A10000 C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x8B35E000 C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0xB294D000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xB28FE000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9AB80000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92D1A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B151000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B08F000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8C75C000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8B7BC000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832C4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x905AE000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B98F000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B6D5000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8B1C4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90F77000 C:\Windows\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0x93FC3000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C04000 ACPI_HAL 225280 bytes
0x82C04000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B32A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92000000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B765000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90E93000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B95E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x959A4000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B738000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B3CF000 C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8B557000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90400000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B0E8000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x921B9000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8B797000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B713000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x90E6E000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8B2E6000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x904AF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x92D84000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB28D0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x92CE7000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x9052D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x904F4000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92D65000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90FC2000 C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x90F26000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0xB28A7000 C:\Program Files\Sandboxie\SbieDrv.sys 126976 bytes (tzuk, Sandboxie Kernel Mode Driver)
0x9AB60000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x920EB000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x92C00000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x8C717000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8C600000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x94B79000 C:\Windows\system32\DRIVERS\ETD.sys 106496 bytes (ELAN Microelectronic Corp., ETD Control Center)
0x8C732000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8C7D5000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x959D3000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x92114000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x94B4C000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x94BE0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92DA6000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x92DBE000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92DD5000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9058C000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x95800000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B19C000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xB6BB3000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100908.050\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x95BDF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B582000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8C7B2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90F64000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x94BCE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92D08000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8C7EE000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B9EE000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C6FB000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B3B4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92C1D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B11D000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832AB000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90F45000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x94B3C000 C:\Windows\system32\DRIVERS\L1E62x86.sys 65536 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20))
0x8C74C000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B9D6000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8C7A2000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90FB2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B141000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9360B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x94BB2000 C:\Windows\system32\DRIVERS\VMNetSrv.sys 61440 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0x921AB000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90F56000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9057E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B313000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B5F2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x95BBF000 C:\Windows\system32\DRIVERS\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x93625000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B081000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x94BC1000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x95821000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x94B6C000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x94B93000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xB28F1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9054E000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x92108000 C:\Windows\System32\drivers\discache.sys 49152 bytes
0x90521000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x959EC000 C:\Windows\system32\drivers\AmUStor.SYS 45056 bytes (Alcor Micro, Corp., Alocr Micro USB Mass Storage Driver)
0x8B136000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x95BD4000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8C70C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x95A00000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x90573000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9361A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x905A3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x93600000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B112000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8B3C5000 C:\Windows\System32\Drivers\AsDsm.sys 40960 bytes (ASUSTek Computer Inc, Data Security Manager Driver)
0x95817000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B309000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x90FF5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90FEB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8B1BA000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB28C6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90FE1000 C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x94B32000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8B321000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xCCEA0000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B2DD000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8B400000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xCCEA9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9AB30000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7C5000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x8B0D7000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x94BAA000 C:\Windows\system32\DRIVERS\ATKACPI.sys 32768 bytes (ASUS, ATK0100 ACPI Utility)
0x832BC000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B12E000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B9E6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x94B64000 C:\Windows\system32\DRIVERS\kbfiltr.sys 32768 bytes ( , Keyboard Filter Driver)
0x80B9F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B1B2000 C:\Windows\system32\DRIVERS\lullaby.sys 32768 bytes (Windows (R) Win 7 DDK provider, ASUS CopyProtect driver)
0x8B0E0000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9055B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90563000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x9056B000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B9CE000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C7CE000 C:\Program Files\ATKGFNEX\ASMMAP.sys 28672 bytes (-, -)
0x9051A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95BF2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90513000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x95BCD000 C:\Windows\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0x90F1F000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x94BA0000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x94BA6000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8C61B000 C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0x94BF8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x959F7000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB299E000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
!!!!!!!!!!!Hidden driver: 0x876D6AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x86E419D8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x8B203000 WARNING: suspicious driver modification [iaStor.sys::0x876D6AEA]
0x92108000 WARNING: Virus alike driver modification [discache.sys], 49152 bytes
0xCCE60F2E Unknown thread object [ ETHREAD 0x85757D48 ] , 600 bytes
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 9th, 2010, 8:48 am

Hi

Ok, attach the Gmer log if you can... I'd like to see it
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 9th, 2010, 12:20 pm

jmw3 wrote:Hi

Ok, attach the Gmer log if you can... I'd like to see it


I can´t upload it, for some reason it won´t upload. Any other method too sent the log?
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 9th, 2010, 8:43 pm

Hi

Don't worry about. We'll continue on.

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Right-click TFC.exe then choose Run as Administrator to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 10th, 2010, 6:31 am

Thanks a lot for your commitment too help me, really awesome. Also nice tools, haven't heard of them before. However, I forgot too run combofix from my desktop. It did detect a rootkit, and restarted my computer. After that I didn't pay attention to my pc, and when I logged in again a message popped up that I had a bluescreen. Also the combofix didn't produce a log, only a file folder redirecting to my computer. What should I do now, run combofix again from my desktop?

Edit: Every once in a while I still got windows popping up in firefox, and after that I'm getting an intrusion attempt message from norton.
Last edited by Sjors on September 10th, 2010, 7:08 am, edited 1 time in total.
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 10th, 2010, 6:46 am

What should I do now, run combofix again from my desktop?
yes... Move ComboFix to your desktop & run it again.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 10th, 2010, 9:05 am

Here's my combofix log:

ComboFix 10-09-09.04 - George 10-09-2010 14:38:10.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3037.1965 [GMT 2:00]
Gestart vanuit: c:\users\George\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Explorer
c:\windows\system32\Explorer\cd.txt

c:\windows\system32\drivers\discache.sys . . . is geïnfecteerd!! . . . Failed to find a valid replacement.
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))
.

2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\George\AppData\Local\temp
2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-10 12:52 . 2010-09-10 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 12:22 . 2010-09-10 12:22 -------- d-----w- C:\32788R22FWJFW
2010-09-08 19:38 . 2010-09-08 19:38 -------- d-----w- c:\program files\EasyPHP-5.3.3
2010-09-08 19:16 . 2010-09-08 19:16 -------- d-----w- c:\users\George\AppData\Roaming\ubot
2010-09-07 13:17 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-07 13:17 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-07 13:17 . 2010-09-07 13:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-07 13:16 . 2010-09-08 11:28 -------- d-----w- c:\windows\system32\drivers\N360
2010-09-07 13:16 . 2010-09-07 13:16 -------- d-----w- c:\program files\Norton 360
2010-09-07 13:16 . 2010-09-07 13:16 -------- d-----w- c:\program files\NortonInstaller
2010-09-06 18:43 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-06 18:35 . 2010-09-07 15:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-06 18:35 . 2010-09-07 12:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 19:24 . 2010-09-04 19:24 -------- d-----w- c:\program files\Instant Article Wizard Pro
2010-09-04 19:19 . 2010-09-04 19:34 -------- d-----w- c:\program files\Instant Article Wizard 2.0
2010-09-03 21:16 . 2010-09-03 21:16 -------- d-----w- c:\users\George\AppData\Local\Sophos
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\windows\XSxS
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\users\George\AppData\Local\Xenocode
2010-09-03 20:40 . 2010-09-03 20:40 -------- d-----w- c:\program files\Xenocode
2010-09-03 20:36 . 2010-09-03 22:35 -------- d-----w- c:\program files\Artisteer 2
2010-09-03 20:10 . 2010-09-07 13:40 -------- d-----w- c:\programdata\Sophos
2010-09-03 20:03 . 2010-08-30 12:34 1496064 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-03 20:03 . 2010-08-30 12:33 43008 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-03 20:03 . 2010-08-30 12:33 338944 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-03 20:03 . 2010-08-30 12:33 346112 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-30 21:56 . 2010-05-23 15:50 73216 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-08-30 21:56 . 2010-04-18 12:33 307200 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-08-30 21:56 . 2010-04-18 12:33 172032 ----a-w- c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-08-29 02:31 . 2010-09-04 22:15 -------- d-----w- c:\users\George\AppData\Roaming\riujosodf
2010-08-29 02:31 . 2010-08-29 02:37 -------- d-----w- c:\users\George\AppData\Local\riujosodf
2010-08-29 02:25 . 2010-08-29 02:25 113395 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{C05DAB66-DA77-40B2-9D51-C54B0F2AD8F5}\_DA950C4C370ED3A1DE096D.exe
2010-08-29 02:25 . 2010-08-29 02:25 10134 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{C05DAB66-DA77-40B2-9D51-C54B0F2AD8F5}\_BE44F31A5B28B87342419B.exe
2010-08-28 18:39 . 2010-08-28 18:39 -------- d-----w- c:\users\George\AppData\Roaming\Artisteer
2010-08-28 15:35 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\users\George\AppData\Roaming\Tific
2010-08-24 20:27 . 2010-09-05 00:32 -------- d-----w- c:\program files\OnlyWire
2010-08-24 12:09 . 2010-08-24 12:09 -------- d-----w- c:\program files\Traffic Addict
2010-08-22 20:32 . 2010-08-22 20:32 -------- d-----w- c:\program files\CherryPicker
2010-08-20 14:36 . 2010-08-26 00:10 -------- d-----w- c:\program files\Magic Niche Finder
2010-08-19 21:38 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-19 21:38 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-19 21:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-19 21:38 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-19 21:38 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 12:35 . 2009-11-27 16:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-09-10 12:35 . 2009-11-27 20:04 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-09-10 10:49 . 2010-04-12 13:28 -------- d-----w- c:\users\George\AppData\Roaming\Winamp
2010-09-09 21:12 . 2010-08-01 16:41 -------- d-----w- c:\users\George\AppData\Roaming\FileZilla
2010-09-09 20:25 . 2009-12-03 09:06 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-08 18:47 . 2009-11-27 16:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-09-08 16:42 . 2010-07-09 17:41 -------- d-----w- c:\program files\SENuke
2010-09-07 23:05 . 2009-07-13 23:24 32256 ----a-w- c:\windows\system32\drivers\discache.sys
2010-09-07 13:42 . 2009-11-28 14:36 -------- d-----w- c:\programdata\Norton
2010-09-07 13:42 . 2009-11-28 14:35 -------- d-----w- c:\programdata\NortonInstaller
2010-09-07 13:17 . 2010-09-07 13:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-07 13:17 . 2010-09-07 13:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-07 13:17 . 2009-12-21 16:44 -------- d-----w- c:\program files\Symantec
2010-09-07 13:17 . 2009-12-21 16:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-07 12:29 . 2010-04-12 13:06 -------- d-----w- c:\program files\QuickTime
2010-09-07 12:28 . 2010-04-15 12:40 -------- d-----w- c:\program files\Google
2010-09-06 01:23 . 2009-12-02 19:13 -------- d-----w- c:\users\George\AppData\Roaming\GrabIt
2010-08-29 01:15 . 2009-12-17 14:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-29 01:15 . 2009-12-17 14:40 -------- d-----w- c:\program files\Common Files\Real
2010-08-29 01:13 . 2009-12-17 14:40 -------- d-----w- c:\program files\Real
2010-08-26 22:51 . 2010-08-03 13:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-24 22:23 . 2010-07-24 14:52 140968 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-24 13:26 . 2010-07-16 14:00 -------- d-----w- c:\program files\Hummingbird
2010-08-24 12:43 . 2010-04-12 13:06 -------- d-----w- c:\programdata\Apple Computer
2010-08-24 12:43 . 2010-04-12 13:05 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 11:54 . 2009-11-28 15:49 -------- d-----w- c:\programdata\Microsoft Help
2010-08-22 20:31 . 2010-05-02 16:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-21 08:51 . 2009-12-02 20:06 -------- d-----w- c:\users\George\AppData\Roaming\vlc
2010-08-21 06:39 . 2010-08-01 16:40 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-04 19:55 . 2010-02-13 18:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-03 13:04 . 2009-11-27 17:48 109784 ----a-w- c:\users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 13:04 . 2009-11-28 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 12:53 . 2010-08-03 12:53 -------- d-----w- c:\programdata\ALM
2010-08-03 12:09 . 2010-08-03 12:09 -------- d-----w- c:\program files\Adobe Media Player
2010-08-03 12:05 . 2010-08-03 12:05 10134 ----a-r- c:\users\George\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-08-03 12:05 . 2009-11-28 14:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-03 12:05 . 2010-08-03 12:05 -------- d-----w- c:\program files\My Company Name
2010-07-25 17:54 . 2010-07-25 17:54 -------- d-----w- c:\program files\Market Samurai
2010-07-25 12:44 . 2010-07-25 12:44 -------- d-----w- c:\users\George\AppData\Roaming\CherryPickerLive
2010-07-18 14:14 . 2010-07-18 14:14 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-07-16 17:15 . 2010-07-16 17:15 -------- d-----w- c:\program files\Micro Niche Finder 5.0
2010-07-16 16:53 . 2010-04-12 13:28 -------- d-----w- c:\program files\Winamp
2010-07-16 16:17 . 2010-04-12 13:28 -------- d-----w- c:\program files\Winamp Detect
2010-07-16 14:58 . 2010-07-16 14:58 165232 ---ha-w- c:\users\George\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-07-16 14:57 . 2010-07-16 14:57 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-07-16 14:00 . 2010-07-16 14:00 -------- d-----w- c:\users\George\AppData\Roaming\com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1
2010-07-16 13:48 . 2010-07-16 13:48 -------- d-----w- c:\programdata\Submit Suite
2010-07-14 21:28 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-07-14 21:21 . 2010-07-14 21:21 -------- d-----w- c:\programdata\Micro Niche Finder
2010-07-14 21:20 . 2010-07-14 21:19 -------- d-----w- c:\program files\EasyPHP-5.3.1
2010-07-14 20:36 . 2010-07-14 20:36 -------- d-----w- c:\users\George\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-07-14 20:35 . 2010-07-14 20:35 -------- d-----w- c:\program files\Domain Samurai
2010-06-30 06:25 . 2010-08-19 21:37 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 13:33 . 2010-03-05 05:13 439816 ----a-w- c:\users\George\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-22 02:47 . 2010-08-19 21:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-19 21:37 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-19 21:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-19 21:37 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-19 21:37 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 04:07 . 2010-08-19 21:37 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 08:28 . 2010-06-16 08:28 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-16 08:28 . 2010-06-16 08:28 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-16 05:48 . 2010-08-19 21:37 224256 ----a-w- c:\windows\system32\schannel.dll
2009-04-08 09:31 . 2009-04-08 09:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-08-11 20:45 . 2008-08-11 20:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll
2008-05-22 07:35 . 2008-05-22 07:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 08:34 . 2007-06-12 08:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 1474560]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-20 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-20 167960]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 7BF8F58D8D8D5DEDCEE34185622A4B64702EFB8E"="c:\windows\System32\calc.exe" [2009-07-14 776192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\d:\0autocheck autochk /r \??\c:\0autocheck autochk /r \??\d:\0autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2009-09-01 07:10 233472 ----a-w- c:\program files\AmIcoSingLun\AmIcoSinglun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"skb"=rundll32 "tihfs.dll",,Run
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ADSMTray"=c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 EraserUtilDrv10710;EraserUtilDrv10710;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSvix86.sys [2010-08-26 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 27136]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-04 102448]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 12:40]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 12:40]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938754323-729904025-910476438-1001Core.job
- c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 18:52]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938754323-729904025-910476438-1001UA.job
- c:\users\George\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 18:52]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Torrent Finder
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - component: c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\George\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\George\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\George\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-setupupdate70700 - c:\users\George\AppData\Roaming\D6EBB0A2A1556570AE82E9C207CD6115\setupupdate70700.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8700FEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85595398
QueryNameProcedure -> 0x85595528
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-09-10 14:56:43
ComboFix-quarantined-files.txt 2010-09-10 12:56

Pre-Run: 28.522.811.392 bytes free
Post-Run: 28.423.921.664 bytes free

- - End Of File - - 7E02CD9E593DB1D9659F23C367A13AA0
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 10th, 2010, 10:30 am

Hi

Still quite a bit to do.

SystemLook
Download SystemLook by jpshortstuff from one of the links below & save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it
  • Copy the contents of the Codebox below into the main textfield
    Code: Select all
    :filefind
    discache.*
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Post the contents of the log in your next reply
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 10th, 2010, 11:02 am

Never knew malware could be so tough too remove, I thought it only required a commercial scanner! Scary to know that It can bypass the commercial antivirus scanners. How am I sure that my computer is completely clean, after this is deleted?

SystemLook 04.09.10 by jpshortstuff
Log created at 16:57 on 10/09/2010 by George
Administrator - Elevation successful

========== filefind ==========

Searching for "discache.*"
C:\Windows\System32\drivers\discache.sys --a---- 32256 bytes [23:24 13/07/2009] [23:05 07/09/2010] 7CFB2D249DC33191163CCDFD562A0AE2
C:\Windows\winsxs\x86_microsoft-windows-systemindexer_31bf3856ad364e35_6.1.7600.16385_none_d5726d6f847c1ef3\discache.sys --a---- 32256 bytes [23:24 13/07/2009] [23:05 07/09/2010] 7CFB2D249DC33191163CCDFD562A0AE2

-= EOF =-
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby jmw3 » September 10th, 2010, 11:40 am

Hi

TDSSKiller
Download TDSSKiller.zip & save it on your desktop.
  • Extract (unzip) its contents to your Desktop
  • Double-click the TDSSKiller Folder on your desktop
  • Important!: Run this fix once and once only
  • Right click TDSSKiller.exe, choose Run as Administrator then click Start scan
  • A box will appear saying System scan completed
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 10.09.2010
  • To find the log click Start > Computer > C:
  • Please post the contents of that log in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Several intrusion attempts, tries to open windows in FF.

Unread postby Sjors » September 10th, 2010, 12:23 pm

Thanks man! The rootkit got removed, how come kaspersky detects this rootkit, and my norton 360 4.0 doesn't? I'll look what I can donate.

2010/09/10 18:08:47.0953 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/10 18:08:47.0953 ================================================================================
2010/09/10 18:08:47.0953 SystemInfo:
2010/09/10 18:08:47.0953
2010/09/10 18:08:47.0953 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/10 18:08:47.0953 Product type: Workstation
2010/09/10 18:08:47.0953 ComputerName: GEORGE-PC
2010/09/10 18:08:47.0958 UserName: George
2010/09/10 18:08:47.0958 Windows directory: C:\Windows
2010/09/10 18:08:47.0958 System windows directory: C:\Windows
2010/09/10 18:08:47.0958 Processor architecture: Intel x86
2010/09/10 18:08:47.0958 Number of processors: 2
2010/09/10 18:08:47.0958 Page size: 0x1000
2010/09/10 18:08:47.0958 Boot type: Normal boot
2010/09/10 18:08:47.0958 ================================================================================
2010/09/10 18:08:48.0828 Initialize success
2010/09/10 18:08:56.0694 ================================================================================
2010/09/10 18:08:56.0694 Scan started
2010/09/10 18:08:56.0694 Mode: Manual;
2010/09/10 18:08:56.0694 ================================================================================
2010/09/10 18:09:29.0022 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/10 18:09:29.0171 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/10 18:09:29.0286 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/10 18:09:29.0345 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/10 18:09:29.0436 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/10 18:09:29.0593 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/10 18:09:29.0741 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/10 18:09:29.0778 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/10 18:09:29.0838 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/10 18:09:29.0974 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/10 18:09:30.0017 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/10 18:09:30.0058 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/10 18:09:30.0111 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/10 18:09:30.0142 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/10 18:09:30.0181 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/10 18:09:30.0228 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/10 18:09:30.0271 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/10 18:09:30.0360 AmUStor (d2bf422c2611632afb9ce8f7b2a8c306) C:\Windows\system32\drivers\AmUStor.SYS
2010/09/10 18:09:30.0477 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/10 18:09:30.0635 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/10 18:09:30.0669 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/10 18:09:30.0712 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
2010/09/10 18:09:30.0788 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2010/09/10 18:09:30.0908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/10 18:09:30.0954 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/10 18:09:31.0047 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/09/10 18:09:31.0608 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/10 18:09:31.0730 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/10 18:09:31.0789 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/10 18:09:31.0984 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
2010/09/10 18:09:32.0116 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/10 18:09:32.0212 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/10 18:09:32.0262 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/10 18:09:32.0311 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/10 18:09:32.0382 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/10 18:09:32.0433 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/10 18:09:32.0479 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/10 18:09:32.0531 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/10 18:09:32.0584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/10 18:09:32.0751 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2010/09/10 18:09:32.0994 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/09/10 18:09:33.0117 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/10 18:09:33.0158 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/10 18:09:33.0299 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/10 18:09:33.0343 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/10 18:09:33.0528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/10 18:09:33.0558 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/10 18:09:33.0593 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/10 18:09:33.0636 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/10 18:09:33.0775 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/10 18:09:33.0844 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/10 18:09:33.0990 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/10 18:09:34.0053 discache (61a6f01d57a1a37db2bd630dc2c4b789) C:\Windows\system32\drivers\discache.sys
2010/09/10 18:09:34.0053 Suspicious file (Forged): C:\Windows\system32\drivers\discache.sys. Real md5: 61a6f01d57a1a37db2bd630dc2c4b789, Fake md5: 7cfb2d249dc33191163ccdfd562a0ae2
2010/09/10 18:09:34.0060 discache - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/10 18:09:34.0160 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/10 18:09:34.0268 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/10 18:09:34.0321 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/10 18:09:34.0496 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/10 18:09:34.0690 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/10 18:09:34.0890 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/10 18:09:35.0075 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/10 18:09:35.0174 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/10 18:09:35.0243 ETD (249d08177b2080163e600c3424f1a6af) C:\Windows\system32\DRIVERS\ETD.sys
2010/09/10 18:09:35.0323 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/10 18:09:35.0354 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/10 18:09:35.0394 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/10 18:09:35.0474 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/10 18:09:35.0503 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/10 18:09:35.0533 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/10 18:09:35.0577 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/10 18:09:35.0656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/10 18:09:35.0721 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/09/10 18:09:35.0798 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/10 18:09:35.0855 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/10 18:09:35.0972 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/10 18:09:36.0029 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/09/10 18:09:36.0128 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/09/10 18:09:36.0274 hcmon (1f79859a8c1d7c14ef6207852f622add) C:\Windows\system32\drivers\hcmon.sys
2010/09/10 18:09:36.0319 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/10 18:09:36.0366 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/10 18:09:36.0412 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/10 18:09:36.0443 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/10 18:09:36.0477 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/10 18:09:36.0523 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/10 18:09:36.0601 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/10 18:09:36.0680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/10 18:09:36.0769 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/10 18:09:36.0834 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/10 18:09:36.0875 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/10 18:09:36.0938 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2010/09/10 18:09:37.0046 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/10 18:09:37.0256 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSvix86.sys
2010/09/10 18:09:37.0597 igfx (b3a313080b0f73f4c8292290606fc15d) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/10 18:09:37.0939 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/10 18:09:38.0043 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/10 18:09:38.0097 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/10 18:09:38.0153 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/10 18:09:38.0274 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/10 18:09:38.0297 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/10 18:09:38.0423 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/10 18:09:38.0459 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/10 18:09:38.0534 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/10 18:09:38.0590 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/10 18:09:38.0633 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/10 18:09:38.0673 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
2010/09/10 18:09:38.0723 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/10 18:09:38.0788 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/10 18:09:38.0879 L1E (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys
2010/09/10 18:09:39.0023 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/10 18:09:39.0104 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/10 18:09:39.0147 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/10 18:09:39.0204 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/10 18:09:39.0240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/10 18:09:39.0427 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/10 18:09:39.0485 lullaby (969d61d7463d78037dc6b020a435fc0c) C:\Windows\system32\DRIVERS\lullaby.sys
2010/09/10 18:09:39.0598 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/09/10 18:09:39.0681 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/10 18:09:39.0726 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/10 18:09:39.0781 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/10 18:09:39.0824 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/10 18:09:39.0864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/10 18:09:39.0912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/10 18:09:39.0945 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/10 18:09:39.0980 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/10 18:09:40.0008 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/10 18:09:40.0051 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/10 18:09:40.0123 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/10 18:09:40.0188 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/10 18:09:40.0213 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/10 18:09:40.0287 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/10 18:09:40.0349 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/10 18:09:40.0399 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/10 18:09:40.0427 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/10 18:09:40.0454 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/10 18:09:40.0492 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/10 18:09:40.0525 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/10 18:09:40.0551 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/10 18:09:40.0598 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/10 18:09:40.0639 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/10 18:09:40.0672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/10 18:09:40.0699 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/10 18:09:40.0738 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/09/10 18:09:40.0780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/10 18:09:40.0848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/10 18:09:40.0997 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100909.049\NAVENG.SYS
2010/09/10 18:09:41.0186 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100909.049\NAVEX15.SYS
2010/09/10 18:09:41.0343 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/10 18:09:41.0405 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/10 18:09:41.0442 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/10 18:09:41.0491 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/10 18:09:41.0528 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/10 18:09:41.0627 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/10 18:09:41.0665 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/10 18:09:41.0696 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/10 18:09:41.0776 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/10 18:09:41.0819 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/10 18:09:41.0873 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/10 18:09:41.0942 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/10 18:09:42.0047 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/10 18:09:42.0093 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/10 18:09:42.0140 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/10 18:09:42.0164 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/10 18:09:42.0222 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/10 18:09:42.0303 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/10 18:09:42.0333 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/10 18:09:42.0366 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/10 18:09:42.0402 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/10 18:09:42.0437 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/10 18:09:42.0471 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/10 18:09:42.0495 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/10 18:09:42.0537 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/10 18:09:42.0669 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/10 18:09:42.0698 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/10 18:09:42.0753 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/10 18:09:42.0819 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/10 18:09:42.0890 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/10 18:09:42.0954 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/10 18:09:42.0997 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/10 18:09:43.0025 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/10 18:09:43.0102 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/10 18:09:43.0219 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/10 18:09:43.0300 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/10 18:09:43.0376 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/10 18:09:43.0430 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/10 18:09:43.0471 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/10 18:09:43.0519 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/10 18:09:43.0578 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/10 18:09:43.0626 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/10 18:09:43.0683 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/10 18:09:43.0757 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/10 18:09:43.0946 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/10 18:09:44.0060 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) C:\Program Files\Sandboxie\SbieDrv.sys
2010/09/10 18:09:44.0215 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/10 18:09:44.0272 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/10 18:09:44.0512 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/10 18:09:44.0597 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/10 18:09:44.0678 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/10 18:09:44.0740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/10 18:09:44.0888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/10 18:09:44.0963 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/10 18:09:45.0015 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/10 18:09:45.0078 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/10 18:09:45.0160 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/10 18:09:45.0221 SiSGbeLH (6f0c643c7f49f2091b01d014eae72e1a) C:\Windows\system32\DRIVERS\SiSGB6.sys
2010/09/10 18:09:45.0266 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/10 18:09:45.0427 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/10 18:09:45.0835 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/10 18:09:46.0334 SNP2UVC (03210c439d0c1224eb36865c8010dab6) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/09/10 18:09:46.0497 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/10 18:09:46.0593 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/09/10 18:09:46.0745 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/09/10 18:09:46.0801 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/10 18:09:46.0834 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/10 18:09:46.0874 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/10 18:09:46.0938 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/10 18:09:47.0023 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/10 18:09:47.0213 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/09/10 18:09:47.0372 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/09/10 18:09:47.0504 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/10 18:09:47.0597 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/09/10 18:09:47.0759 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
2010/09/10 18:09:47.0924 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/10 18:09:48.0036 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/10 18:09:48.0147 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/10 18:09:48.0207 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/10 18:09:48.0230 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/10 18:09:48.0264 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/10 18:09:48.0299 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/10 18:09:48.0406 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/10 18:09:48.0524 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/09/10 18:09:48.0684 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/10 18:09:48.0740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/10 18:09:48.0787 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/10 18:09:49.0923 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/10 18:09:50.0758 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/10 18:09:50.0966 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/10 18:09:51.0038 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/10 18:09:51.0154 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/10 18:09:51.0238 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/10 18:09:51.0301 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/10 18:09:51.0454 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/10 18:09:52.0106 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/10 18:09:52.0238 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/10 18:09:52.0281 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/10 18:09:52.0317 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/10 18:09:52.0526 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/10 18:09:52.0572 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/10 18:09:52.0601 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/10 18:09:52.0638 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/10 18:09:52.0762 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/10 18:09:52.0875 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/10 18:09:53.0867 VIAHdAudAddService (f6c19f00f10343af369f6251969e9047) C:\Windows\system32\drivers\viahduaa.sys
2010/09/10 18:09:53.0989 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/10 18:09:54.0064 vmci (2847315de9ac17c7ff5fa3059d935c07) C:\Windows\system32\Drivers\vmci.sys
2010/09/10 18:09:54.0156 vmkbd (aaeef4444a6c2bb2e741de684f2a5e56) C:\Windows\system32\drivers\VMkbd.sys
2010/09/10 18:09:54.0381 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/09/10 18:09:54.0571 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/09/10 18:09:54.0891 VMnetuserif (386234c03f38fa9eae752f4cca7c8336) C:\Windows\system32\drivers\vmnetuserif.sys
2010/09/10 18:09:55.0322 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
2010/09/10 18:09:55.0895 vmx86 (cf8215484f00ae5268a1b3a46dd69e17) C:\Windows\system32\Drivers\vmx86.sys
2010/09/10 18:09:56.0203 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/10 18:09:56.0633 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/10 18:09:57.0321 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/10 18:09:57.0695 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/10 18:09:57.0940 vstor2-ws60 (476a052b3ce506ed63a94018f3e979d5) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2010/09/10 18:09:58.0302 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/09/10 18:09:58.0541 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/09/10 18:09:58.0657 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/09/10 18:09:58.0715 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/10 18:09:58.0800 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/10 18:09:58.0824 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/10 18:09:59.0416 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/10 18:10:00.0304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/10 18:10:01.0123 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/10 18:10:01.0212 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/09/10 18:10:01.0273 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/10 18:10:01.0964 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/10 18:10:02.0114 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/10 18:10:02.0929 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/10 18:10:03.0134 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/10 18:10:03.0294 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/10 18:10:03.0432 ================================================================================
2010/09/10 18:10:03.0432 Scan finished
2010/09/10 18:10:03.0432 ================================================================================
2010/09/10 18:10:03.0458 Detected object count: 1
2010/09/10 18:11:13.0785 discache (61a6f01d57a1a37db2bd630dc2c4b789) C:\Windows\system32\drivers\discache.sys
2010/09/10 18:11:13.0786 Suspicious file (Forged): C:\Windows\system32\drivers\discache.sys. Real md5: 61a6f01d57a1a37db2bd630dc2c4b789, Fake md5: 7cfb2d249dc33191163ccdfd562a0ae2
2010/09/10 18:11:14.0296 Backup copy not found, trying to cure infected file..
2010/09/10 18:11:14.0296 Cure success, using it..
2010/09/10 18:11:14.0403 C:\Windows\system32\drivers\discache.sys - will be cured after reboot
2010/09/10 18:11:14.0403 Rootkit.Win32.TDSS.tdl3(discache) - User select action: Cure
2010/09/10 18:11:52.0745 Deinitialize success
Sjors
Active Member
 
Posts: 8
Joined: September 7th, 2010, 11:25 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware