also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot

TechSpot News Products Downloads Forums

[Solved] Norton 360 reports tidserv activity and cannot remove

Discussion in 'Virus and Malware Removal' started by fractoral, Dec 15, 2011.

Thread Status:: Not open for further replies.

Page 1 of 3

fractoral Newcomer, in training

Hello,

I am running Windows XP SP3 and using Norton 360 for anti-virus. It recently began informing me that a: "Threat requiring manual removal detected: System Infected: Tidserv Activity" Sometimes it says "Tidserv Activity 2". The tideserv fix norton offers has not worked, nor has the norton power eraser, and where possible I have also tried these fixes in safe mode (NPE needed safe with networking, i couldn't run the tidserv fix in safe.) The recommended logs will follow, thank you in advance for any assistance.

Chris

fractoral, Dec 15, 2011

#1
fractoral Newcomer, in training

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8376

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2011 12:15:30 PM
mbam-log-2011-12-15 (12-15-30).txt

Scan type: Quick scan
Objects scanned: 200677
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

fractoral, Dec 15, 2011

#2
fractoral Newcomer, in training

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-15 13:10:23
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-24 ST3500320AS rev.AD14
Running: cdyf9vkx.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pxtdipow.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

fractoral, Dec 15, 2011

#3
fractoral Newcomer, in training

..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 7/24/2011 9:37:33 PM
System Uptime: 12/15/2011 9:33:22 AM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Maximus Formula
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2405/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 57.113 GiB free.
D: is FIXED (NTFS) - 56 GiB total, 5.665 GiB free.
E: is FIXED (FAT32) - 112 GiB total, 19.009 GiB free.
F: is CDROM ()
G: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&279E7BDF&0&00E2
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&279E7BDF&0&00E2
Service: yukonwxp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4 Elements
7-Zip 4.65
A.R.E.S.
AaAaAA!!! - A Reckless Disregard for Gravity
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9
Age of Wonders
ƒJƒXƒ^ƒ€ƒƒCƒh3D
Alien Swarm
Anomaly Warzone Earth
Antamedia DHCP
Apple Application Support
Apple Software Update
Armada 2526
Auto Gordian Knot 2.55
Avencast
AviSynth 2.5
Back to the Future: Ep 2 - Get Tannen!
Batman: Arkham City™ PC
Bejeweled 3
Beyond Good & Evil
BioShock
Blur
Breath of Death VII
BufferChm
Bulk Rename Utility 2.7.1.2
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Chantelise
Combined Community Codec Pack 2008-09-21 16:18
Comical 0.8
Command & Conquer 3
Command & Conquer The First Decade
Command & Conquer™ 3: Kane's Wrath
Command & Conquer™ Red Alert™ 3
Command and Conquer 4: Tiberian Twilight
Copy
Crysis(R)
Crystal Key 2
Cthulhu Saves the World
CustomerResearchQFolder
CutePDF Writer 2.8
Dead To Rights
Defense Grid: The Awakening
Destination Component
Deus Ex: Game of the Year Edition
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Download Manager 2.3.10
Droplitz
Dual-Core Optimizer
Dungeon Defenders
eSupportQFolder
EVGA Display Driver
F4200
F4200_Help
ffdshow v1.1.3800 [2011-03-28]
GameSpy Comrade
GearDrvs
Ghost Master
Ghostbusters: Sanctum of Slime
GPBaseService
GPGNet
Grotesque Tactics: Evil Heroes
Half-Life 2
Half-Life 2: Lost Coast
Heroes of Might and Magic III Complete
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPProductAssistant
Japanese Language Support
Java Auto Updater
Java(TM) 6 Update 18
Judge Dredd: Dredd vs Death
K-Lite Mega Codec Pack 4.3.4
Kohan II Kings of War
League of Legends
Light of Altair
MagicDisc 2.7.101
MagicDisc 2.7.105
MagicDisc 2.7.106
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Marvell Miniport Driver
Master of Orion II
Metal Drift
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Application Compatibility Database
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mr. Robot
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA Update 1.5.20
NVIDIA Update Components
Oddworld: Abe's Exoddus
Oddworld: Abe's Oddysee
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
OpenOffice.org 3.2
Pando Media Booster
Plants vs. Zombies
Poker Night at the Inventory
Portal
Post Apocalyptic Mayhem
Project Aftermath
PSSWCORE
Puzzle Chronicles
Puzzle Kingdoms
QuickTime
Rags Suite
Recettear: An Item Shop's Tale
SanctionedMedia
Sanctum
Sansa Updater
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Shatter
Sid Meier's Civilization V
Skype·5.5
SmartWebPrinting
Sol Survivor
SolutionCenter
SoundMAX
Space Siege
Spectromancer
Spiral Knights
Star Raiders
Star Trek Online - Beta
Starcraft
Status
Steam
SUPERAntiSpyware Free Edition
Team Fortress 2
The Last Remnant
The Undergarden Demo
Thief: Deadly Shadows
Tidalis
Titan Quest
Titan Quest: Immortal Throne
Tomb Raider: Anniversary
Toolbox
TrayApp
TurboTax 2010
Universe at War: Earth Assault
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB960763)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VideoToolkit01
VisiPics V1.30
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wizardry 8
Worms Reloaded
XviD MPEG4 Video Codec (remove only)
Zombie Driver
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 12:10:50 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/8/2011 9:25:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 sptd
12/8/2011 9:25:18 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/8/2011 9:23:54 AM, error: Service Control Manager [7000] - The BuddyVM service failed to start due to the following error: The system cannot find the path specified.
12/8/2011 9:22:56 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
12/15/2011 9:14:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm ohci1394 prodrv06 SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI
12/15/2011 9:11:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/15/2011 9:06:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 prodrv06 RasAcd Rdbss SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI Tcpip
12/15/2011 12:15:30 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
12/14/2011 9:41:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss SASDIFSV SASKUTIL sptd SRTSP SRTSPX SymIRON SYMTDI Tcpip
12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 9:41:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 9:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/14/2011 9:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/14/2011 7:51:12 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/14/2011 7:29:02 PM, error: Print [6161] - The document Vennerzad owned by Main failed to print on printer HP Deskjet F4200 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine:

\\HOME. Win32 error code returned by the print processor: 259 (0x103).
12/12/2011 10:35:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001E8CC94AAA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

fractoral, Dec 15, 2011

#4
fractoral Newcomer, in training

Difficulty posting dds log for some reason, will keep trying however. Apologies.

fractoral, Dec 15, 2011

#5
fractoral Newcomer, in training

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Main at 13:13:32 on 2011-12-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.1888 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
.

fractoral, Dec 15, 2011

#6
fractoral Newcomer, in training

============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thenorthernempire.com/forum/index.php
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\main\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpqSRMon]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: custhelp.com\wizards
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\mail
Trusted Zone: wizards.com

fractoral, Dec 15, 2011

#7
fractoral Newcomer, in training

============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-12-15 26872]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-18 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111210.003\BHDrvx86.sys [2011-12-14 819320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-18 136312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-15 366152]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccSvcHst.exe [2011-5-18 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-27 2253120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111214.001\IDSXpx86.sys [2011-12-14 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-15 22216]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111214.034\NAVENG.SYS [2011-12-15 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20111214.034\NAVEX15.SYS [2011-12-15 1576312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-7-27 119656]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\mst3k\titan\slavemaker15x5\hitomi - my stepsister\hitomi\vmlaunch\buddyvm.sys --> c:\mst3k\titan\slavemaker15x5\hitomi - my stepsister\hitomi\vmlaunch\BuddyVM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 gtermddo;gtermddo;\??\c:\docume~1\main\locals~1\temp\gtermddo.sys --> c:\docume~1\main\locals~1\temp\gtermddo.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-15 17:09:55 -------- d-----w- c:\documents and settings\main\application data\Malwarebytes
2011-12-15 17:09:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-15 17:09:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 17:09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 14:03:43 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-12-14 15:54:07 -------- d-----w- c:\documents and settings\main\local settings\application data\SanctionedMedia
2011-12-10 22:05:55 14744 ----a-w- c:\documents and settings\main\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-12-09 01:26:15 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-12-09 01:26:15 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-12-09 01:26:15 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-12-09 01:26:15 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-12-09 01:26:15 317952 ------w- c:\windows\system32\imapi2.dll
2011-12-02 16:44:05 -------- d-----w- c:\documents and settings\all users\application data\Playrix Entertainment
2011-11-26 12:44:10 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
2011-11-26 12:33:06 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-11-26 12:33:01 -------- d-----w- c:\program files\AMD
2011-11-26 12:33:00 -------- d-----w- c:\documents and settings\main\local settings\application data\Downloaded Installations
2011-11-26 12:29:59 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
2011-11-26 12:18:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-26 12:18:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-26 12:18:36 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-26 12:18:36 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-26 12:18:36 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
2011-11-20 20:42:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-11-20 20:42:26 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-11-20 17:04:16 -------- d-----w- c:\documents and settings\main\local settings\application data\CutePDF Writer
2011-11-20 16:55:44 -------- d-----w- c:\program files\GPLGS
2011-11-20 16:55:21 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-11-20 16:55:16 -------- d-----w- c:\program files\Acro Software
2011-11-16 15:34:34 -------- d-----w- c:\documents and settings\main\local settings\application data\NPE
.
==================== Find3M ====================
.
2011-11-26 12:44:46 285256 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-11-26 12:44:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-11-26 12:44:43 285256 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-24 08:55:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 22:45:42 15453832 ----a-w- c:\windows\system32\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 13:14:24.17 ===============

fractoral, Dec 15, 2011

#8
fractoral Newcomer, in training

Every time I try and post the section of the Pseudo HJT Report in the DDS that comes right after trusted zones Internet Explorer claims to have a connection problem, will keep trying.

fractoral, Dec 15, 2011

#9
fractoral Newcomer, in training

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

fractoral, Dec 15, 2011

#10
fractoral Newcomer, in training

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.104.96.22 216.104.98.222
TCP: Interfaces\{75A3587A-D8E6-4ABB-9F44-6C92E0374D7A} : DhcpNameServer = 216.104.96.22 216.104.98.222
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

fractoral, Dec 15, 2011

#11
fractoral Newcomer, in training

Dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} -

fractoral, Dec 15, 2011

#12
fractoral Newcomer, in training

I can apparently post anything except the one line that follows the previous post. I apologize for how out of order everything is, and I will continue to try to post the missing line somehow...

fractoral, Dec 15, 2011

#13
fractoral Newcomer, in training

hxxp://update.micros**wsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311560637109

fractoral, Dec 15, 2011

#14
fractoral Newcomer, in training

in the previous post replace ** with oft.com/windo

fractoral, Dec 15, 2011

#15
Bobbye Helper on the Fringe
Welcome to TechSpot! I'll help with the malware. I note several things going on in the system. First>>

My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

Follow the order of the tasks I give you. Order is crucial in cleaning process.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
======================================
Comments & Questions:
1. There is malware running from a temp file in the drivers: it's a rootkit with a Backdoor.
2. Our scan can't read this: ƒJƒXƒ^ƒ€ƒƒCƒh3D> Maid3D Japanese? So I'd like you to remove it while we're cleaning.
3. Do you know what these Directories are:
2011-11-26 12:29:59 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
2011-11-26 12:18:36 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
4. Please remove FixTDSS.sys
5. There is a rogue program that pretends to be a security update for Windows installed via Automatic Updates. This may be what you're seeing in that last entry.
======================================
Let's see if we can appease Norton:

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)

Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.

Double click on TDSSKiller.exe. to run the scan

When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).

Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43

After clicking Next, the utility applies selected actions and outputs the result.

A reboot is required after disinfection.

=====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan

Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer

Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window

Continue with the directions.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
----------------------------------
You will have malware in the Java cache because of the outdated program:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel. The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=======================================
Please leave the logs in your next reply> TDSS, Combofix, Eset.. We'll go from there.
Bobbye, Dec 15, 2011

#16
fractoral Newcomer, in training

Hello, thank you for all the help.

The japanese program has been removed.

I do not know what those folders are for, but i have 6 apparently randomly numbered and lettered folders in the C drive. Those two each countain copies of folders labelled AMD64 and i386; which each contain copies of the same files, a few of those files are .dlls, the first one is filterpipelineprintproc.dll.

FixTDss.sys has been removed.

TDSSkiller was run, log will follow.

Combofix has been run, log will follow. During the operation of combofix the computer restarted several times. After the last time it restarted the computer installed HP Photosmart Essential 3.0, which seemed odd to me so I thought I would mention it.

I am having problems running the Eset scan, I cannot find an EXE link to save to desktop, and the online scan it self just seems to keep cycling back to the terms of use page every time I click 'start.' I have stopped at this step to await direction.

*edit* Also the tidserv warning has stopped, but I am of course proceeding with the cleam up through to the end.

fractoral, Dec 16, 2011

#17
fractoral Newcomer, in training

ComboFix 11-12-15.02 - Main 12/15/2011 22:28:34.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2881 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL9B.tmp
c:\documents and settings\Main\Application Data\Adobe\plugs
c:\documents and settings\Main\WINDOWS
c:\windows\$NtUninstallKB58913$
c:\windows\$NtUninstallKB58913$\3415127480
c:\windows\$NtUninstallKB58913$\822859562\@
c:\windows\$NtUninstallKB58913$\822859562\bckfg.tmp
c:\windows\$NtUninstallKB58913$\822859562\cfg.ini
c:\windows\$NtUninstallKB58913$\822859562\Desktop.ini
c:\windows\$NtUninstallKB58913$\822859562\keywords
c:\windows\$NtUninstallKB58913$\822859562\kwrd.dll
c:\windows\$NtUninstallKB58913$\822859562\L\bvuwment
c:\windows\$NtUninstallKB58913$\822859562\U\00000001.@
c:\windows\$NtUninstallKB58913$\822859562\U\00000002.@
c:\windows\$NtUninstallKB58913$\822859562\U\00000004.@
c:\windows\$NtUninstallKB58913$\822859562\U\80000000.@
c:\windows\$NtUninstallKB58913$\822859562\U\80000004.@
c:\windows\$NtUninstallKB58913$\822859562\U\80000032.@
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\xa301178406.exe
c:\windows\system32\xa301179718.exe
c:\windows\system32\xa30875375.exe
c:\windows\system32\xa30877250.exe
c:\windows\system32\xa30899906.exe
c:\windows\system32\xa30906578.exe
c:\windows\system32\xa9186187.exe
c:\windows\system32\xa9186828.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-15 23:11 . 2011-12-15 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-15 17:09 . 2011-12-15 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 17:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 15:54 . 2011-12-15 02:27 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\SanctionedMedia
2011-12-09 01:26 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-12-09 01:26 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-12-09 01:26 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-12-09 01:26 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-12-09 01:26 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-12-02 16:44 . 2011-12-02 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2011-11-26 12:44 . 2011-07-07 23:21 876136 ----a-w- c:\windows\system32\nvhdagenco3220102.dll
2011-11-26 12:33 . 2007-06-29 19:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\program files\AMD
2011-11-26 12:33 . 2011-11-26 12:33 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Downloaded Installations
2011-11-26 12:29 . 2011-11-26 12:30 -------- d-----w- C:\2f285ebdfb9ed59c8a6875e3ff4699e2
2011-11-26 12:18 . 2011-11-26 12:19 -------- d-----w- C:\3a7e93e5a4606a81ac8ad4
2011-11-26 12:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-26 12:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-26 12:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-26 12:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-20 20:42 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-11-20 20:42 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-11-20 17:04 . 2011-12-11 18:31 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\CutePDF Writer
2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\GPLGS
2011-11-20 16:55 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-11-20 16:55 . 2011-11-20 16:55 -------- d-----w- c:\program files\Acro Software
2011-11-16 15:34 . 2011-12-15 14:23 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 02:46 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-26 12:57 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-26 12:57 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-24 08:55 . 2011-10-24 08:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-12-01 14:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-07-27 17:11 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-07-27 17:11 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-07-27 17:11 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-07-27 17:11 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2011-07-27 17:11 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-07-27 17:11 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2010-12-16 19:22 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2010-12-16 19:22 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-12-16 19:22 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-12-16 19:22 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2010-12-16 19:22 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-12-16 19:22 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-12-16 19:22 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2010-12-16 19:22 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2010-12-16 19:22 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2004-08-04 07:56 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2004-08-04 05:29 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\system32\xlive.dll
2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-15 79872]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-26 15:24 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\srcds.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\deus ex\\System\\DeusEx.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\chantelise.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\chantelise\\custom.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\tidalis\\Tidalis.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dreddvsdeath\\Dredd.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\Titan Quest.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\titan quest\\help.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\ghost master\\ghost.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\thief deadly shadows\\System\\runme.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\star raiders\\StarRaiders.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\the undergarden\\TheUndergarden.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\ghostbusters sanctum of slime\\Game\\GhostBustersSOS.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\universe at war earth assault\\LaunchUAW.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\space siege\\Space Siege\\SpaceSiege.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\\main.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes oddysee\\AbeWin.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\oddworld abes exoddus\\Exoddus.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\on the rain-slick precipice of darkness - episode one\\RainSlickEp1.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\penny arcade adventures on the rain-slick precipice of darkness episode 2\\RainSlickEp2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\puzzle chronicles\\PuzzleChronicles.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mrrobot\\MrRobot.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\shatter\\ShatterSettingsEditor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\project aftermath\\ProjectAftermath.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\spectromancer\\Spectromancer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\droplitz\\Cascade.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\the last remnant\\Binaries\\TLR.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\zombie driver\\Release\\ZombieDriver.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\light of altair\\Altair.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\avencast\\Avencast.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\grotesque tactics\\GrotesqueTactics.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\armada 2526\\bin\\Armada2526.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWSetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\Readme.txt"=
"c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\QuickStart.pdf"=
"c:\\Program Files\\Steam\\SteamApps\\common\\age of wonders\\AoWEd.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\ares\\ARES.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\breath of death vii\\BoDVIIPC.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\cthulhu saves the world\\CSTW.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\team fortress 2 meet the medic\\smp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\post apocalyptic mayhem\\PAMMainGame.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\Tqit.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\titan quest immortal throne\\help.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\deus ex - human revolution\\dxhr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sanctum\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\tomb raider anniversary\\tra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\bejeweled 3\\Bejeweled3.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\4 elements\\4 Elements.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\batman2\\RunLauncher.bat"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"50942:TCP"= 50942:TCP:CharBuilderFull
"50942:UDP"= 50942:UDP:CharBuilderFull
"19585:TCP"= 19585:TCP:CharBuilderFull
"19585:UDP"= 19585:UDP:CharBuilderFull
"57330:TCP"= 57330:TCPando Media Booster
"57330:UDP"= 57330:UDPando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [5/18/2011 3:23 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [5/18/2011 3:23 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 6:14 PM 819320]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 1:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [5/18/2011 3:23 PM 136312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/15/2011 12:09 PM 366152]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [5/18/2011 3:22 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/27/2011 12:11 PM 2253120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/15/2011 2:08 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSXpx86.sys [12/14/2011 8:41 PM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/15/2011 12:09 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/27/2011 12:10 PM 119656]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys --> c:\windows\system32\drivers\FixTDSS.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 10:10 AM 717296]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys --> c:\mst3k\Titan\SlaveMaker15x5\Hitomi - My Stepsister\Hitomi\VMLaunch\BuddyVM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 gtermddo;gtermddo;\??\c:\docume~1\Main\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\Main\LOCALS~1\Temp\gtermddo.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thenorthernempire.com/forum/index.php
Trusted Zone: custhelp.com\wizards
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\mail
Trusted Zone: wizards.com
TCP: DhcpNameServer = 216.104.96.22 216.104.98.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-80929782.sys
AddRemove-Antamedia DHCP - c:\documents and settings\Main\Desktop\dhcp-installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 22:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Main\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?m%3d%26is-debug%3d%26rom-version%3d%26part-number%3d%26product-n????7?2? ??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\KISS\«0¹0¿0à0á0¤0É03*D*]
"InstallPath"="c:\\MST3K\\mtadfk.com\\custom maid\\ƒJƒXƒ^ƒ€ƒƒCƒh3D"
.
[HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:ef,5a,5b,bb,d4,75,b2,d7,30,db,71,59,a5,5e,06,34,52,20,cb,06,0a,88,42,
a5,5b,3a,89,a2,7e,22,c3,5f,9c,91,5e,6d,6d,c5,b8,ca,f8,ce,14,bc,52,33,85,36,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1844237615-1957994488-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:ad,36,68,61,f7,20,ac,e5,84,d8,0b,b3,4f,13,8c,d6,c2,97,61,0d,d6,
5d,d3,d3,af,78,79,cf,86,5b,21,8a,a8,0b,d5,19,b2,27,48,28,37,58,ec,dd,d7,06,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-12-15 22:46:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 03:45
.
Pre-Run: 68,774,584,320 bytes free
Post-Run: 68,980,191,232 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin /usepmtimer
.
- - End Of File - - D1FD44CB1FCAB88E3A9944AA6F693D6E

fractoral, Dec 16, 2011

#18
fractoral Newcomer, in training

18:09:50.0828 2632 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:09:52.0718 2632 ============================================================
18:09:52.0718 2632 Current date / time: 2011/12/15 18:09:52.0718
18:09:52.0718 2632 SystemInfo:
18:09:52.0718 2632
18:09:52.0718 2632 OS Version: 5.1.2600 ServicePack: 3.0
18:09:52.0718 2632 Product type: Workstation
18:09:52.0718 2632 ComputerName: HOME
18:09:52.0718 2632 UserName: Main
18:09:52.0718 2632 Windows directory: C:\WINDOWS
18:09:52.0718 2632 System windows directory: C:\WINDOWS
18:09:52.0718 2632 Processor architecture: Intel x86
18:09:52.0718 2632 Number of processors: 4
18:09:52.0718 2632 Page size: 0x1000
18:09:52.0718 2632 Boot type: Normal boot
18:09:52.0718 2632 ============================================================
18:09:54.0546 2632 Initialize success
18:10:01.0796 2156 ============================================================
18:10:01.0796 2156 Scan started
18:10:01.0796 2156 Mode: Manual;
18:10:01.0796 2156 ============================================================
18:10:02.0578 2156 Abiosdsk - ok
18:10:02.0625 2156 abp480n5 - ok
18:10:02.0687 2156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:10:02.0687 2156 ACPI - ok
18:10:02.0734 2156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:10:02.0734 2156 ACPIEC - ok
18:10:02.0781 2156 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:10:02.0781 2156 ADIHdAudAddService - ok
18:10:02.0796 2156 adpu160m - ok
18:10:02.0812 2156 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
18:10:02.0812 2156 AEAudio - ok
18:10:02.0828 2156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:10:02.0843 2156 aec - ok
18:10:02.0890 2156 AFD (43d300e5fc2e496ac8d7e97c491ece8d) C:\WINDOWS\System32\drivers\afd.sys
18:10:02.0890 2156 AFD ( Rootkit.Win32.ZAccess.h ) - infected
18:10:02.0890 2156 AFD - detected Rootkit.Win32.ZAccess.h (0)
18:10:02.0906 2156 Aha154x - ok
18:10:02.0921 2156 aic78u2 - ok
18:10:02.0921 2156 aic78xx - ok
18:10:02.0937 2156 AliIde - ok
18:10:02.0984 2156 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
18:10:02.0984 2156 AmdLLD - ok
18:10:02.0984 2156 amsint - ok
18:10:03.0000 2156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:10:03.0015 2156 Arp1394 - ok
18:10:03.0015 2156 asc - ok
18:10:03.0031 2156 asc3350p - ok
18:10:03.0031 2156 asc3550 - ok
18:10:03.0109 2156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:10:03.0109 2156 AsyncMac - ok
18:10:03.0109 2156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:10:03.0125 2156 atapi - ok
18:10:03.0125 2156 Atdisk - ok
18:10:03.0140 2156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:10:03.0140 2156 Atmarpc - ok
18:10:03.0187 2156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:10:03.0203 2156 audstub - ok
18:10:03.0281 2156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:10:03.0281 2156 Beep - ok
18:10:03.0406 2156 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
18:10:03.0421 2156 BHDrvx86 - ok
18:10:03.0453 2156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:10:03.0453 2156 cbidf2k - ok
18:10:03.0468 2156 cd20xrnt - ok
18:10:03.0484 2156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:10:03.0500 2156 Cdaudio - ok
18:10:03.0515 2156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:10:03.0515 2156 Cdfs - ok
18:10:03.0562 2156 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:10:03.0562 2156 Cdrom - ok
18:10:03.0578 2156 Changer - ok
18:10:03.0593 2156 CmdIde - ok
18:10:03.0609 2156 Cpqarray - ok
18:10:03.0625 2156 dac2w2k - ok
18:10:03.0640 2156 dac960nt - ok
18:10:03.0687 2156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:10:03.0687 2156 Disk - ok
18:10:03.0718 2156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:10:03.0750 2156 dmboot - ok
18:10:03.0781 2156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:10:03.0781 2156 dmio - ok
18:10:03.0812 2156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:10:03.0812 2156 dmload - ok
18:10:03.0843 2156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:10:03.0843 2156 DMusic - ok
18:10:03.0859 2156 dpti2o - ok
18:10:03.0906 2156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:10:03.0906 2156 drmkaud - ok
18:10:03.0968 2156 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:10:03.0968 2156 eeCtrl - ok
18:10:04.0031 2156 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
18:10:04.0031 2156 enodpl - ok
18:10:04.0062 2156 EraserUtilDrvI13 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
18:10:04.0062 2156 EraserUtilDrvI13 - ok
18:10:04.0109 2156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:10:04.0109 2156 Fastfat - ok
18:10:04.0125 2156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:10:04.0125 2156 Fdc - ok
18:10:04.0171 2156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:10:04.0171 2156 Fips - ok
18:10:04.0187 2156 FixTDSS - ok
18:10:04.0203 2156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:10:04.0203 2156 Flpydisk - ok
18:10:04.0265 2156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:10:04.0265 2156 FltMgr - ok
18:10:04.0296 2156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:10:04.0296 2156 Fs_Rec - ok
18:10:04.0312 2156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:10:04.0312 2156 Ftdisk - ok
18:10:04.0343 2156 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:10:04.0343 2156 GEARAspiWDM - ok
18:10:04.0390 2156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:10:04.0390 2156 Gpc - ok
18:10:04.0437 2156 gtermddo - ok
18:10:04.0468 2156 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:10:04.0468 2156 HDAudBus - ok
18:10:04.0484 2156 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:10:04.0484 2156 hidusb - ok
18:10:04.0500 2156 hpn - ok
18:10:04.0562 2156 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:10:04.0562 2156 HPZid412 - ok
18:10:04.0609 2156 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:10:04.0609 2156 HPZipr12 - ok
18:10:04.0625 2156 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:10:04.0625 2156 HPZius12 - ok
18:10:04.0656 2156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:10:04.0656 2156 HTTP - ok
18:10:04.0671 2156 i2omgmt - ok
18:10:04.0687 2156 i2omp - ok
18:10:04.0703 2156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:10:04.0703 2156 i8042prt - ok
18:10:04.0750 2156 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSxpx86.sys
18:10:04.0765 2156 IDSxpx86 - ok
18:10:04.0765 2156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:10:04.0765 2156 Imapi - ok
18:10:04.0781 2156 ini910u - ok
18:10:04.0796 2156 IntelIde - ok
18:10:04.0843 2156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:10:04.0843 2156 intelppm - ok
18:10:04.0890 2156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:10:04.0890 2156 ip6fw - ok
18:10:04.0906 2156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:10:04.0906 2156 IpFilterDriver - ok
18:10:04.0937 2156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:10:04.0937 2156 IpInIp - ok
18:10:04.0984 2156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:10:04.0984 2156 IpNat - ok
18:10:05.0031 2156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:10:05.0031 2156 IPSec - ok
18:10:05.0062 2156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:10:05.0062 2156 IRENUM - ok
18:10:05.0109 2156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:10:05.0109 2156 isapnp - ok
18:10:05.0125 2156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:10:05.0125 2156 Kbdclass - ok
18:10:05.0140 2156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:10:05.0140 2156 kbdhid - ok
18:10:05.0171 2156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:10:05.0171 2156 kmixer - ok
18:10:05.0187 2156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:10:05.0187 2156 KSecDD - ok
18:10:05.0203 2156 lbrtfdc - ok
18:10:05.0281 2156 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:10:05.0281 2156 MBAMProtector - ok
18:10:05.0328 2156 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:10:05.0343 2156 mcdbus - ok
18:10:05.0343 2156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:10:05.0343 2156 mnmdd - ok
18:10:05.0390 2156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:10:05.0390 2156 Modem - ok
18:10:05.0421 2156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:10:05.0421 2156 Mouclass - ok
18:10:05.0468 2156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:10:05.0468 2156 mouhid - ok
18:10:05.0484 2156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:10:05.0484 2156 MountMgr - ok
18:10:05.0500 2156 mraid35x - ok
18:10:05.0515 2156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:10:05.0515 2156 MRxDAV - ok
18:10:05.0562 2156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:10:05.0593 2156 MRxSmb - ok
18:10:05.0609 2156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:10:05.0609 2156 Msfs - ok
18:10:05.0625 2156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:10:05.0625 2156 MSKSSRV - ok
18:10:05.0656 2156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:10:05.0656 2156 MSPCLOCK - ok
18:10:05.0671 2156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:10:05.0671 2156 MSPQM - ok
18:10:05.0687 2156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:10:05.0687 2156 mssmbios - ok
18:10:05.0703 2156 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:10:05.0703 2156 MTsensor - ok
18:10:05.0734 2156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:10:05.0734 2156 Mup - ok
18:10:05.0765 2156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVENG.SYS
18:10:05.0765 2156 NAVENG - ok
18:10:05.0812 2156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVEX15.SYS
18:10:05.0843 2156 NAVEX15 - ok
18:10:05.0875 2156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:10:05.0875 2156 NDIS - ok
18:10:05.0921 2156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:10:05.0921 2156 NdisTapi - ok
18:10:05.0937 2156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:10:05.0937 2156 Ndisuio - ok
18:10:05.0953 2156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:10:05.0968 2156 NdisWan - ok
18:10:06.0000 2156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:10:06.0000 2156 NDProxy - ok
18:10:06.0015 2156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:10:06.0015 2156 NetBIOS - ok
18:10:06.0031 2156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:10:06.0062 2156 NetBT - ok
18:10:06.0078 2156 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:10:06.0078 2156 NIC1394 - ok
18:10:06.0109 2156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:10:06.0109 2156 Npfs - ok
18:10:06.0140 2156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:10:06.0140 2156 Ntfs - ok
18:10:06.0156 2156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:10:06.0156 2156 Null - ok
18:10:06.0546 2156 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:10:06.0609 2156 nv - ok
18:10:06.0640 2156 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
18:10:06.0640 2156 NVHDA - ok
18:10:06.0671 2156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:10:06.0671 2156 NwlnkFlt - ok
18:10:06.0703 2156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:10:06.0703 2156 NwlnkFwd - ok
18:10:06.0703 2156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:10:06.0718 2156 ohci1394 - ok
18:10:06.0734 2156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:10:06.0750 2156 Parport - ok
18:10:06.0750 2156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:10:06.0765 2156 PartMgr - ok
18:10:06.0796 2156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:10:06.0796 2156 ParVdm - ok
18:10:06.0828 2156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:10:06.0828 2156 PCI - ok
18:10:06.0828 2156 PCIDump - ok
18:10:06.0859 2156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:10:06.0859 2156 PCIIde - ok
18:10:06.0890 2156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:10:06.0890 2156 Pcmcia - ok
18:10:06.0906 2156 PDCOMP - ok
18:10:06.0906 2156 PDFRAME - ok
18:10:06.0921 2156 PDRELI - ok
18:10:06.0937 2156 PDRFRAME - ok
18:10:06.0937 2156 perc2 - ok
18:10:06.0953 2156 perc2hib - ok
18:10:07.0000 2156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:10:07.0000 2156 PptpMiniport - ok
18:10:07.0031 2156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:10:07.0031 2156 Processor - ok
18:10:07.0031 2156 prodrv06 - ok
18:10:07.0093 2156 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
18:10:07.0109 2156 prohlp02 - ok
18:10:07.0125 2156 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
18:10:07.0140 2156 prosync1 - ok
18:10:07.0140 2156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:10:07.0156 2156 PSched - ok
18:10:07.0187 2156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:10:07.0187 2156 Ptilink - ok
18:10:07.0187 2156 ql1080 - ok
18:10:07.0203 2156 Ql10wnt - ok
18:10:07.0203 2156 ql12160 - ok
18:10:07.0218 2156 ql1240 - ok
18:10:07.0234 2156 ql1280 - ok
18:10:07.0281 2156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:10:07.0281 2156 RasAcd - ok
18:10:07.0328 2156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:10:07.0328 2156 Rasl2tp - ok
18:10:07.0375 2156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:10:07.0375 2156 RasPppoe - ok
18:10:07.0390 2156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:10:07.0390 2156 Raspti - ok
18:10:07.0406 2156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:10:07.0406 2156 Rdbss - ok
18:10:07.0437 2156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:10:07.0437 2156 RDPCDD - ok
18:10:07.0484 2156 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:10:07.0484 2156 RDPWD - ok
18:10:07.0515 2156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:10:07.0531 2156 redbook - ok
18:10:07.0578 2156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:10:07.0578 2156 SASDIFSV - ok
18:10:07.0593 2156 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:10:07.0593 2156 SASENUM - ok
18:10:07.0609 2156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:10:07.0609 2156 SASKUTIL - ok
18:10:07.0640 2156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:10:07.0640 2156 Secdrv - ok
18:10:07.0671 2156 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
18:10:07.0671 2156 SenFiltService - ok
18:10:07.0718 2156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:10:07.0718 2156 Serial - ok
18:10:07.0750 2156 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:10:07.0750 2156 sfhlp01 - ok
18:10:07.0765 2156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:10:07.0765 2156 Sfloppy - ok
18:10:07.0781 2156 Simbad - ok
18:10:07.0796 2156 Sparrow - ok
18:10:07.0843 2156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:10:07.0859 2156 splitter - ok
18:10:07.0906 2156 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
18:10:07.0921 2156 sptd - ok
18:10:07.0953 2156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:10:07.0953 2156 sr - ok
18:10:08.0015 2156 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
18:10:08.0031 2156 SRTSP - ok
18:10:08.0046 2156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:10:08.0046 2156 SRTSPX - ok
18:10:08.0093 2156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:10:08.0093 2156 Srv - ok
18:10:08.0125 2156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:10:08.0125 2156 swenum - ok
18:10:08.0156 2156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:10:08.0156 2156 swmidi - ok
18:10:08.0171 2156 symc810 - ok
18:10:08.0171 2156 symc8xx - ok
18:10:08.0218 2156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:10:08.0218 2156 SymDS - ok
18:10:08.0328 2156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:10:08.0343 2156 SymEFA - ok
18:10:08.0390 2156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:10:08.0390 2156 SymEvent - ok
18:10:08.0406 2156 SYMFW - ok
18:10:08.0406 2156 SYMIDS - ok
18:10:08.0437 2156 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:10:08.0453 2156 SymIM - ok
18:10:08.0453 2156 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:10:08.0453 2156 SymIMMP - ok
18:10:08.0468 2156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:10:08.0468 2156 SymIRON - ok
18:10:08.0468 2156 SYMNDIS - ok
18:10:08.0500 2156 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
18:10:08.0515 2156 SYMTDI - ok
18:10:08.0531 2156 sym_hi - ok
18:10:08.0531 2156 sym_u3 - ok
18:10:08.0593 2156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:10:08.0593 2156 sysaudio - ok
18:10:08.0640 2156 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
18:10:08.0640 2156 tandpl - ok
18:10:08.0703 2156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:10:08.0703 2156 Tcpip - ok
18:10:08.0750 2156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:10:08.0750 2156 TDPIPE - ok
18:10:08.0781 2156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:10:08.0781 2156 TDTCP - ok
18:10:08.0796 2156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:10:08.0796 2156 TermDD - ok
18:10:08.0812 2156 TosIde - ok
18:10:08.0828 2156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:10:08.0828 2156 Udfs - ok
18:10:08.0843 2156 ultra - ok
18:10:08.0859 2156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:10:08.0875 2156 Update - ok
18:10:08.0906 2156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:10:08.0906 2156 usbccgp - ok
18:10:08.0921 2156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:10:08.0921 2156 usbehci - ok
18:10:08.0937 2156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:10:08.0937 2156 usbhub - ok
18:10:08.0953 2156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:10:08.0953 2156 usbprint - ok
18:10:08.0968 2156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:10:08.0968 2156 usbscan - ok
18:10:09.0000 2156 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:10:09.0000 2156 usbstor - ok
18:10:09.0015 2156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:10:09.0015 2156 usbuhci - ok
18:10:09.0046 2156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:10:09.0046 2156 VgaSave - ok
18:10:09.0062 2156 ViaIde - ok
18:10:09.0078 2156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:10:09.0078 2156 VolSnap - ok
18:10:09.0093 2156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:10:09.0109 2156 Wanarp - ok
18:10:09.0156 2156 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:10:09.0171 2156 Wdf01000 - ok
18:10:09.0171 2156 WDICA - ok
18:10:09.0218 2156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:10:09.0218 2156 wdmaud - ok
18:10:09.0265 2156 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
18:10:09.0265 2156 WmBEnum - ok
18:10:09.0296 2156 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
18:10:09.0296 2156 WmFilter - ok
18:10:09.0328 2156 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
18:10:09.0328 2156 WmVirHid - ok
18:10:09.0359 2156 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
18:10:09.0359 2156 WmXlCore - ok
18:10:09.0390 2156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:10:09.0390 2156 WpdUsb - ok
18:10:09.0437 2156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:10:09.0437 2156 WudfPf - ok
18:10:09.0453 2156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:10:09.0453 2156 WudfRd - ok
18:10:09.0500 2156 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:10:09.0500 2156 xusb21 - ok
18:10:09.0546 2156 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:10:09.0546 2156 yukonwxp - ok
18:10:09.0562 2156 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
18:10:09.0578 2156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:10:09.0718 2156 \Device\Harddisk0\DR0 - ok
18:10:09.0718 2156 MBR (0x1B8) (c5a77ec66a1552fdc102d2d4dc22f0d4) \Device\Harddisk1\DR1
18:10:09.0718 2156 \Device\Harddisk1\DR1 - ok
18:10:09.0734 2156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
18:10:09.0796 2156 \Device\Harddisk2\DR2 - ok
18:10:09.0812 2156 Boot (0x1200) (0792fbef5a0adc1dd7074727a12d89c4) \Device\Harddisk0\DR0\Partition0
18:10:09.0812 2156 \Device\Harddisk0\DR0\Partition0 - ok
18:10:09.0812 2156 Boot (0x1200) (9790eb65568029ddd77293421c13de65) \Device\Harddisk1\DR1\Partition0
18:10:09.0812 2156 \Device\Harddisk1\DR1\Partition0 - ok
18:10:09.0812 2156 Boot (0x1200) (b18f2931b4b26bddd802b38688ba7439) \Device\Harddisk2\DR2\Partition0
18:10:09.0812 2156 \Device\Harddisk2\DR2\Partition0 - ok
18:10:09.0828 2156 ============================================================

fractoral, Dec 16, 2011

#19
fractoral Newcomer, in training

18:10:09.0828 2156 Scan finished
18:10:09.0828 2156 ============================================================
18:10:09.0843 4044 Detected object count: 1
18:10:09.0843 4044 Actual detected object count: 1
18:11:05.0015 4044 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
18:11:05.0015 4044 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Quarantine
18:11:14.0703 2956 ============================================================
18:11:14.0703 2956 Scan started
18:11:14.0703 2956 Mode: Manual;
18:11:14.0703 2956 ============================================================
18:11:15.0015 2956 Abiosdsk - ok
18:11:15.0015 2956 abp480n5 - ok
18:11:15.0093 2956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:11:15.0093 2956 ACPI - ok
18:11:15.0156 2956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:11:15.0156 2956 ACPIEC - ok
18:11:15.0203 2956 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:11:15.0203 2956 ADIHdAudAddService - ok
18:11:15.0218 2956 adpu160m - ok
18:11:15.0281 2956 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
18:11:15.0281 2956 AEAudio - ok
18:11:15.0312 2956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:11:15.0312 2956 aec - ok
18:11:15.0328 2956 AFD (43d300e5fc2e496ac8d7e97c491ece8d) C:\WINDOWS\System32\drivers\afd.sys
18:11:15.0328 2956 AFD ( Rootkit.Win32.ZAccess.h ) - infected
18:11:15.0328 2956 AFD - detected Rootkit.Win32.ZAccess.h (0)
18:11:15.0343 2956 Aha154x - ok
18:11:15.0343 2956 aic78u2 - ok
18:11:15.0359 2956 aic78xx - ok
18:11:15.0375 2956 AliIde - ok
18:11:15.0406 2956 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
18:11:15.0406 2956 AmdLLD - ok
18:11:15.0421 2956 amsint - ok
18:11:15.0437 2956 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:11:15.0437 2956 Arp1394 - ok
18:11:15.0453 2956 asc - ok
18:11:15.0453 2956 asc3350p - ok
18:11:15.0468 2956 asc3550 - ok
18:11:15.0515 2956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:11:15.0515 2956 AsyncMac - ok
18:11:15.0531 2956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:11:15.0546 2956 atapi - ok
18:11:15.0546 2956 Atdisk - ok
18:11:15.0578 2956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:11:15.0578 2956 Atmarpc - ok
18:11:15.0625 2956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:11:15.0625 2956 audstub - ok
18:11:15.0703 2956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:11:15.0703 2956 Beep - ok
18:11:15.0843 2956 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
18:11:15.0843 2956 BHDrvx86 - ok
18:11:15.0890 2956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:11:15.0890 2956 cbidf2k - ok
18:11:15.0906 2956 cd20xrnt - ok
18:11:15.0937 2956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:11:15.0937 2956 Cdaudio - ok
18:11:15.0968 2956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:11:15.0968 2956 Cdfs - ok
18:11:15.0984 2956 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:11:15.0984 2956 Cdrom - ok
18:11:16.0000 2956 Changer - ok
18:11:16.0015 2956 CmdIde - ok
18:11:16.0046 2956 Cpqarray - ok
18:11:16.0062 2956 dac2w2k - ok
18:11:16.0062 2956 dac960nt - ok
18:11:16.0093 2956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:11:16.0093 2956 Disk - ok
18:11:16.0140 2956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:11:16.0156 2956 dmboot - ok
18:11:16.0187 2956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:11:16.0187 2956 dmio - ok
18:11:16.0203 2956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:11:16.0203 2956 dmload - ok
18:11:16.0281 2956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:11:16.0281 2956 DMusic - ok
18:11:16.0296 2956 dpti2o - ok
18:11:16.0343 2956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:11:16.0343 2956 drmkaud - ok
18:11:16.0375 2956 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:11:16.0390 2956 eeCtrl - ok
18:11:16.0406 2956 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
18:11:16.0421 2956 enodpl - ok
18:11:16.0437 2956 EraserUtilDrvI13 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
18:11:16.0437 2956 EraserUtilDrvI13 - ok
18:11:16.0468 2956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:11:16.0468 2956 Fastfat - ok
18:11:16.0500 2956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:11:16.0500 2956 Fdc - ok
18:11:16.0546 2956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:11:16.0546 2956 Fips - ok
18:11:16.0562 2956 FixTDSS - ok
18:11:16.0562 2956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:11:16.0562 2956 Flpydisk - ok
18:11:16.0625 2956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:11:16.0625 2956 FltMgr - ok
18:11:16.0656 2956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:11:16.0656 2956 Fs_Rec - ok
18:11:16.0656 2956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:11:16.0656 2956 Ftdisk - ok
18:11:16.0687 2956 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:11:16.0687 2956 GEARAspiWDM - ok
18:11:16.0718 2956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:11:16.0718 2956 Gpc - ok
18:11:16.0765 2956 gtermddo - ok
18:11:16.0781 2956 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:11:16.0781 2956 HDAudBus - ok
18:11:16.0796 2956 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:11:16.0796 2956 hidusb - ok
18:11:16.0812 2956 hpn - ok
18:11:16.0875 2956 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:11:16.0875 2956 HPZid412 - ok
18:11:16.0921 2956 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:11:16.0921 2956 HPZipr12 - ok
18:11:16.0937 2956 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:11:16.0937 2956 HPZius12 - ok
18:11:16.0953 2956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:11:16.0953 2956 HTTP - ok
18:11:16.0968 2956 i2omgmt - ok
18:11:16.0984 2956 i2omp - ok
18:11:17.0000 2956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:11:17.0000 2956 i8042prt - ok
18:11:17.0093 2956 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111214.001\IDSxpx86.sys
18:11:17.0093 2956 IDSxpx86 - ok
18:11:17.0125 2956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:11:17.0125 2956 Imapi - ok
18:11:17.0140 2956 ini910u - ok
18:11:17.0156 2956 IntelIde - ok
18:11:17.0203 2956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:11:17.0203 2956 intelppm - ok
18:11:17.0296 2956 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:11:17.0296 2956 ip6fw - ok
18:11:17.0343 2956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:11:17.0343 2956 IpFilterDriver - ok
18:11:17.0359 2956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:11:17.0359 2956 IpInIp - ok
18:11:17.0390 2956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:11:17.0390 2956 IpNat - ok
18:11:17.0437 2956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:11:17.0437 2956 IPSec - ok
18:11:17.0484 2956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:11:17.0484 2956 IRENUM - ok
18:11:17.0484 2956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:11:17.0484 2956 isapnp - ok
18:11:17.0500 2956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:11:17.0500 2956 Kbdclass - ok
18:11:17.0531 2956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:11:17.0531 2956 kbdhid - ok
18:11:17.0546 2956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:11:17.0546 2956 kmixer - ok
18:11:17.0562 2956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:11:17.0562 2956 KSecDD - ok
18:11:17.0578 2956 lbrtfdc - ok
18:11:17.0609 2956 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:11:17.0609 2956 MBAMProtector - ok
18:11:17.0718 2956 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
18:11:17.0718 2956 mcdbus - ok
18:11:17.0718 2956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:11:17.0718 2956 mnmdd - ok
18:11:17.0750 2956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:11:17.0750 2956 Modem - ok
18:11:17.0796 2956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:11:17.0796 2956 Mouclass - ok
18:11:17.0843 2956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:11:17.0843 2956 mouhid - ok
18:11:17.0859 2956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:11:17.0859 2956 MountMgr - ok
18:11:17.0859 2956 mraid35x - ok
18:11:17.0875 2956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:11:17.0875 2956 MRxDAV - ok
18:11:17.0937 2956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:11:17.0937 2956 MRxSmb - ok
18:11:17.0953 2956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:11:17.0953 2956 Msfs - ok
18:11:17.0984 2956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:11:17.0984 2956 MSKSSRV - ok
18:11:18.0000 2956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:11:18.0000 2956 MSPCLOCK - ok
18:11:18.0015 2956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:11:18.0015 2956 MSPQM - ok
18:11:18.0031 2956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:11:18.0031 2956 mssmbios - ok
18:11:18.0046 2956 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:11:18.0046 2956 MTsensor - ok
18:11:18.0093 2956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:11:18.0093 2956 Mup - ok
18:11:18.0125 2956 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVENG.SYS
18:11:18.0125 2956 NAVENG - ok
18:11:18.0171 2956 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111215.002\NAVEX15.SYS
18:11:18.0187 2956 NAVEX15 - ok
18:11:18.0203 2956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:11:18.0203 2956 NDIS - ok
18:11:18.0296 2956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:11:18.0296 2956 NdisTapi - ok
18:11:18.0312 2956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:11:18.0312 2956 Ndisuio - ok
18:11:18.0328 2956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:11:18.0328 2956 NdisWan - ok
18:11:18.0359 2956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:11:18.0359 2956 NDProxy - ok
18:11:18.0375 2956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:11:18.0375 2956 NetBIOS - ok
18:11:18.0390 2956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:11:18.0390 2956 NetBT - ok
18:11:18.0406 2956 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:11:18.0406 2956 NIC1394 - ok
18:11:18.0453 2956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:11:18.0453 2956 Npfs - ok
18:11:18.0484 2956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:11:18.0484 2956 Ntfs - ok
18:11:18.0500 2956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:11:18.0500 2956 Null - ok
18:11:18.0781 2956 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:11:18.0843 2956 nv - ok
18:11:18.0875 2956 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
18:11:18.0875 2956 NVHDA - ok
18:11:18.0906 2956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:11:18.0906 2956 NwlnkFlt - ok
18:11:18.0937 2956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:11:18.0937 2956 NwlnkFwd - ok
18:11:18.0953 2956 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:11:18.0953 2956 ohci1394 - ok
18:11:19.0000 2956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:11:19.0000 2956 Parport - ok
18:11:19.0000 2956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:11:19.0000 2956 PartMgr - ok
18:11:19.0031 2956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:11:19.0031 2956 ParVdm - ok
18:11:19.0046 2956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:11:19.0046 2956 PCI - ok
18:11:19.0046 2956 PCIDump - ok
18:11:19.0062 2956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:11:19.0078 2956 PCIIde - ok
18:11:19.0093 2956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:11:19.0093 2956 Pcmcia - ok
18:11:19.0109 2956 PDCOMP - ok
18:11:19.0109 2956 PDFRAME - ok
18:11:19.0125 2956 PDRELI - ok
18:11:19.0140 2956 PDRFRAME - ok
18:11:19.0140 2956 perc2 - ok
18:11:19.0156 2956 perc2hib - ok
18:11:19.0187 2956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:11:19.0187 2956 PptpMiniport - ok
18:11:19.0218 2956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:11:19.0218 2956 Processor - ok
18:11:19.0234 2956 prodrv06 - ok
18:11:19.0265 2956 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
18:11:19.0265 2956 prohlp02 - ok
18:11:19.0281 2956 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
18:11:19.0281 2956 prosync1 - ok
18:11:19.0296 2956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:11:19.0296 2956 PSched - ok
18:11:19.0312 2956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:11:19.0312 2956 Ptilink - ok
18:11:19.0328 2956 ql1080 - ok
18:11:19.0328 2956 Ql10wnt - ok
18:11:19.0343 2956 ql12160 - ok
18:11:19.0359 2956 ql1240 - ok
18:11:19.0359 2956 ql1280 - ok
18:11:19.0390 2956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:11:19.0390 2956 RasAcd - ok
18:11:19.0406 2956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:11:19.0406 2956 Rasl2tp - ok
18:11:19.0421 2956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:11:19.0421 2956 RasPppoe - ok
18:11:19.0421 2956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:11:19.0421 2956 Raspti - ok
18:11:19.0484 2956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:11:19.0484 2956 Rdbss - ok
18:11:19.0500 2956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:11:19.0500 2956 RDPCDD - ok
18:11:19.0546 2956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:11:19.0562 2956 RDPWD - ok
18:11:19.0593 2956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:11:19.0593 2956 redbook - ok
18:11:19.0687 2956 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:11:19.0687 2956 SASDIFSV - ok
18:11:19.0703 2956 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:11:19.0703 2956 SASENUM - ok
18:11:19.0703 2956 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:11:19.0703 2956 SASKUTIL - ok
18:11:19.0734 2956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:11:19.0734 2956 Secdrv - ok
18:11:19.0781 2956 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
18:11:19.0781 2956 SenFiltService - ok
18:11:19.0796 2956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:11:19.0796 2956 Serial - ok
18:11:19.0828 2956 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:11:19.0828 2956 sfhlp01 - ok
18:11:19.0828 2956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:11:19.0828 2956 Sfloppy - ok
18:11:19.0843 2956 Simbad - ok
18:11:19.0859 2956 Sparrow - ok
18:11:19.0906 2956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:11:19.0906 2956 splitter - ok
18:11:19.0968 2956 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
18:11:19.0968 2956 sptd - ok
18:11:19.0984 2956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:11:19.0984 2956 sr - ok
18:11:20.0031 2956 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
18:11:20.0031 2956 SRTSP - ok
18:11:20.0046 2956 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:11:20.0046 2956 SRTSPX - ok
18:11:20.0062 2956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:11:20.0062 2956 Srv - ok
18:11:20.0109 2956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:11:20.0109 2956 swenum - ok
18:11:20.0140 2956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:11:20.0140 2956 swmidi - ok
18:11:20.0140 2956 symc810 - ok
18:11:20.0156 2956 symc8xx - ok
18:11:20.0187 2956 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:11:20.0203 2956 SymDS - ok
18:11:20.0234 2956 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:11:20.0234 2956 SymEFA - ok
18:11:20.0281 2956 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:11:20.0281 2956 SymEvent - ok
18:11:20.0281 2956 SYMFW - ok
18:11:20.0296 2956 SYMIDS - ok
18:11:20.0312 2956 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:11:20.0312 2956 SymIM - ok
18:11:20.0312 2956 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:11:20.0312 2956 SymIMMP - ok
18:11:20.0328 2956 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:11:20.0328 2956 SymIRON - ok
18:11:20.0343 2956 SYMNDIS - ok
18:11:20.0359 2956 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
18:11:20.0359 2956 SYMTDI - ok
18:11:20.0375 2956 sym_hi - ok
18:11:20.0375 2956 sym_u3 - ok
18:11:20.0406 2956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:11:20.0406 2956 sysaudio - ok
18:11:20.0453 2956 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
18:11:20.0453 2956 tandpl - ok
18:11:20.0468 2956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:11:20.0468 2956 Tcpip - ok
18:11:20.0531 2956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:11:20.0531 2956 TDPIPE - ok
18:11:20.0546 2956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:11:20.0562 2956 TDTCP - ok
18:11:20.0562 2956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:11:20.0562 2956 TermDD - ok
18:11:20.0578 2956 TosIde - ok
18:11:20.0593 2956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:11:20.0593 2956 Udfs - ok
18:11:20.0609 2956 ultra - ok
18:11:20.0703 2956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:11:20.0703 2956 Update - ok
18:11:20.0718 2956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:11:20.0718 2956 usbccgp - ok
18:11:20.0734 2956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:11:20.0734 2956 usbehci - ok
18:11:20.0750 2956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:11:20.0750 2956 usbhub - ok
18:11:20.0765 2956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:11:20.0765 2956 usbprint - ok
18:11:20.0781 2956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:11:20.0781 2956 usbscan - ok
18:11:20.0796 2956 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:11:20.0796 2956 usbstor - ok
18:11:20.0812 2956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:11:20.0812 2956 usbuhci - ok
18:11:20.0843 2956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:11:20.0843 2956 VgaSave - ok
18:11:20.0843 2956 ViaIde - ok
18:11:20.0875 2956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:11:20.0875 2956 VolSnap - ok
18:11:20.0890 2956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:11:20.0890 2956 Wanarp - ok
18:11:20.0937 2956 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:11:20.0937 2956 Wdf01000 - ok
18:11:20.0953 2956 WDICA - ok
18:11:20.0984 2956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:11:20.0984 2956 wdmaud - ok
18:11:21.0031 2956 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
18:11:21.0031 2956 WmBEnum - ok
18:11:21.0062 2956 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
18:11:21.0062 2956 WmFilter - ok
18:11:21.0093 2956 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
18:11:21.0093 2956 WmVirHid - ok
18:11:21.0093 2956 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
18:11:21.0093 2956 WmXlCore - ok
18:11:21.0140 2956 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:11:21.0140 2956 WpdUsb - ok
18:11:21.0171 2956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:11:21.0187 2956 WudfPf - ok
18:11:21.0203 2956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:11:21.0203 2956 WudfRd - ok
18:11:21.0281 2956 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:11:21.0281 2956 xusb21 - ok
18:11:21.0296 2956 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:11:21.0312 2956 yukonwxp - ok
18:11:21.0328 2956 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
18:11:21.0343 2956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:11:21.0468 2956 \Device\Harddisk0\DR0 - ok
18:11:21.0484 2956 MBR (0x1B8) (c5a77ec66a1552fdc102d2d4dc22f0d4) \Device\Harddisk1\DR1
18:11:21.0484 2956 \Device\Harddisk1\DR1 - ok
18:11:21.0500 2956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
18:11:21.0578 2956 \Device\Harddisk2\DR2 - ok
18:11:21.0578 2956 Boot (0x1200) (0792fbef5a0adc1dd7074727a12d89c4) \Device\Harddisk0\DR0\Partition0
18:11:21.0578 2956 \Device\Harddisk0\DR0\Partition0 - ok
18:11:21.0578 2956 Boot (0x1200) (9790eb65568029ddd77293421c13de65) \Device\Harddisk1\DR1\Partition0
18:11:21.0578 2956 \Device\Harddisk1\DR1\Partition0 - ok
18:11:21.0578 2956 Boot (0x1200) (b18f2931b4b26bddd802b38688ba7439) \Device\Harddisk2\DR2\Partition0
18:11:21.0578 2956 \Device\Harddisk2\DR2\Partition0 - ok
18:11:21.0578 2956 ============================================================
18:11:21.0578 2956 Scan finished
18:11:21.0578 2956 ============================================================
18:11:21.0593 3420 Detected object count: 1
18:11:21.0593 3420 Actual detected object count: 1
18:11:24.0718 3420 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
18:11:25.0140 3420 Backup copy found, using it..
18:11:25.0281 3420 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
18:11:27.0718 3420 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
18:11:54.0046 0720 Deinitialize success

fractoral, Dec 16, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 3

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved