Inactive Tidserv activity 2

Status
Not open for further replies.
I kept getting notified by Norton that I have been getting intrusion attempts resulting from: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE

Risk Name: System Infected: Tidserv Activity 2
Attacking Computer: 91.213.29.63,443

I noticed that my google searches were being re-directed to other websites such as living social, yellow pages, etc.

Last night I used Acronis to reset my computer (using a saved disc image from 2 months ago) but I immediately got the same warnings & my internet searches are still being re-directed.

Here are the results of my scans:

1) Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6853

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

14/06/2011 10:20:04 AM
mbam-log-2011-06-14 (10-20-04).txt

Scan type: Quick scan
Objects scanned: 328297
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\favorites\mp3 downloads piano music wedding songs christmas music listen online.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\Public\favorites\mp3 downloads piano music wedding songs christmas music listen online.url (Rogue.Link) -> Quarantined and deleted successfully.




2)GMER:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-14 10:34:12
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350063 rev.3.CH
Running: g5xn1qzs.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugroruob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

3) DDS:
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Owner at 10:37:20 on 2011-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.1559 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Norton\NUA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://www.myfastwebsearch.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [NortonUpdateAgent] c:\programdata\norton\NUA.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [00Hotkeys] "c:\program files\qliner hotkeys\HotKeys.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoWinKeys = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{013CEEF7-03C8-435A-BE0A-98259DDA8A1E} : DhcpNameServer = 192.168.1.254
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r84uzbwz.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r84uzbwz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r84uzbwz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r84uzbwz.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com
FF - Ext: Sothink SWF Catcher: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=848TrdTM&q=
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110610.006\IDSvix86.sys [2011-6-14 367736]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 CrossLoopService;CrossLoop Service;c:\users\owner\appdata\local\crossloop\CrossLoopService.exe [2010-11-3 560848]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-11-9 14416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-13 105592]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-3-11 1129344]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-2-12 207360]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-1-9 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-1-9 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-1-9 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-1-9 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-1-9 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2008-11-9 44344]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-9 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-14 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tvnserver;TightVNC Server;c:\users\owner\appdata\local\crossloop\tvnserver.exe [2010-11-3 814080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-14 14:07:36 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-06-14 14:07:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-14 14:07:30 -------- d-----w- c:\programdata\Malwarebytes
2011-06-14 14:07:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-14 14:07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-14 13:54:58 -------- d-----w- c:\program files\iPod
2011-06-14 13:54:55 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 10:38:14.84 ===============

DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/11/2008 5:05:14 PM
System Uptime: 14/06/2011 10:24:34 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 424 GiB total, 5.73 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 51.41 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 258.151 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
O: is FIXED (NTFS) - 466 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0009
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0009
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
ACI onPrint Lite
ACI onPrint Pro
Acronis True Image Home
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 5 Design Standard
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Illustrator CS5
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS5
Adobe Photoshop Elements 5.0
Adobe Photoshop Lightroom 3
Adobe Photoshop Lightroom 3.2
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements Updater 3.0.2
Adobe Reader 8.1.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aimersoft HD Video Converter(Build 2.2.0.37)
Aiseesoft Blu-ray Ripper
Akamai NetSession Interface
AnVir Task Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astroburn Pro
Audio Transcoder
Bonjour
BufferChm
C5500
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Color Efex Pro 3.0 Sampler 4
Compatibility Pack for the 2007 Office system
Convert AVI to MP4 1.3
CopyTrans Suite Remove Only
Corner-A ArtStudio
CPQ Color By You
CrossLoop 2.74
Custom Colour ROES
CutePDF Writer 2.7
CyberLink DVD Suite Deluxe
DecoBookEditor
DecoMagazine Desktop Editor
DecoMorphDesktopEditor
Destination Component
DeviceDiscovery
DivX Plus Web Player
Dropbox
Enhanced Multimedia Keyboard Solution
ExpressDigital Darkroom Core Edition V8.9
Eye-One Match 3.6.1
eZsuite
FlashPalette 04A Editor
FlipShare
FLV Player 2.0 (build 25)
Focus Magic 3.02
Folder Marker Pro v 3.0
FotoFusion v4
FotoFusionV4
Freecorder 4.0 Application
GearDrvs
Glary Utilities Pro 2.18.0.786
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
GPBaseService2
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 12.0
HP Easy Setup - Frontend
HP Imaging Device Functions 12.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
Ibind Designs
Imagenomic Portraiture 2.3 Plug-in (build 2308)
Inkscape 0.46
Inpaint 2.3
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 12
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
K-Lite Codec Pack 5.0.5 (Basic)
LabelPrint
LightScribe System Software
LightScribeTemplateLabeler
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
McAfee Security Scan Plus
McKenna Easy Order
MediaSPace
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Miuchiz 2.0 - Planet Mion
Mozilla Firefox (3.6.13)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
Noiseware Professional Plug-in
Norton 360
Norton Security Scan
NoteTab Light 6 (Remove only)
Nuclear Coffee - ConvertVid
NVIDIA Drivers
NVIDIA PhysX
PCHand Screen Capture (GOTD Version) 1.8.0.2
PCHand Screen Recorder (GOTD Version) 1.8.5.2
PCIe Soft Data Fax Modem with SmartCP
PDF Settings CS4
PDF Settings CS5
Picture Doctor version 1.7
Portrait Professional 8.0
Power2Go
PowerDirector
Process Lasso
PS_AIO_04_C5500_Software_Min
PSSWCORE
Python 2.5
Qliner Hotkeys 2.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
ROES.whcc
Scan
ScreenStream
Showit
SmartWebPrinting
SolutionCenter
Sothink SWF Decompiler
Sothink SWF Quicker
Sound Editor Deluxe v6.0.1
Status
Studio Art Suite
StuffIt Expander 2009
Symantec Technical Support Advanced Chat Controls
Tabbles
ThunderSoft Flash to Video Converter (1.1.5.1)
Toggl Desktop 2.6.4.1
Toolbox
Topaz Adjust 3
Topaz Adjust 4
Topaz Denoise
Topaz Detail
Totally Rad Dirty Pictures 1.5.1
TrayApp
Unity Web Player
UnloadSupport
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WeatherBug Gadget
WebEx
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinX DVD Ripper Platinum 5.1
Wondershare DemoCreator (Build 3.0.6)
Wondershare Music Converter(Build 1.2.1.0)
Wondershare Photo Recovery 1.0
Wondershare Video Studio Express(Build 1.2.0.6)
Xvid 1.2.2 final uninstall
Yahoo! Toolbar
Youtube Music Downloader V3.0
.
==== End Of File ===========================


Please advise. Thanks!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ok, I have done so:

2011/06/14 12:12:39.0153 13816 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 12:12:41.0166 13816 ================================================================================
2011/06/14 12:12:41.0166 13816 SystemInfo:
2011/06/14 12:12:41.0166 13816
2011/06/14 12:12:41.0166 13816 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/14 12:12:41.0166 13816 Product type: Workstation
2011/06/14 12:12:41.0166 13816 ComputerName: SCHWEITZERS
2011/06/14 12:12:41.0166 13816 UserName: Owner
2011/06/14 12:12:41.0166 13816 Windows directory: C:\Windows
2011/06/14 12:12:41.0166 13816 System windows directory: C:\Windows
2011/06/14 12:12:41.0166 13816 Processor architecture: Intel x86
2011/06/14 12:12:41.0166 13816 Number of processors: 4
2011/06/14 12:12:41.0166 13816 Page size: 0x1000
2011/06/14 12:12:41.0166 13816 Boot type: Normal boot
2011/06/14 12:12:41.0166 13816 ================================================================================
2011/06/14 12:12:46.0454 13816 Initialize success
2011/06/14 12:12:50.0962 11068 ================================================================================
2011/06/14 12:12:50.0962 11068 Scan started
2011/06/14 12:12:50.0962 11068 Mode: Manual;
2011/06/14 12:12:50.0962 11068 ================================================================================
2011/06/14 12:12:53.0271 11068 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/06/14 12:12:53.0396 11068 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/14 12:12:53.0552 11068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/14 12:12:53.0708 11068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/14 12:12:53.0755 11068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/14 12:12:53.0911 11068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/14 12:12:54.0020 11068 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/14 12:12:54.0145 11068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/14 12:12:54.0223 11068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/14 12:12:54.0285 11068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/14 12:12:54.0332 11068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/14 12:12:54.0363 11068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/14 12:12:54.0410 11068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/14 12:12:54.0441 11068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/14 12:12:54.0488 11068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/14 12:12:54.0535 11068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/14 12:12:54.0613 11068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/14 12:12:54.0644 11068 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/14 12:12:54.0706 11068 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/06/14 12:12:54.0784 11068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/14 12:12:54.0940 11068 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/06/14 12:12:55.0315 11068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/14 12:12:55.0486 11068 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/14 12:12:55.0549 11068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/14 12:12:55.0627 11068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/14 12:12:55.0798 11068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/14 12:12:55.0939 11068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/14 12:12:56.0017 11068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/14 12:12:56.0079 11068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/14 12:12:56.0251 11068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/14 12:12:56.0407 11068 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/06/14 12:12:56.0750 11068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/14 12:12:56.0859 11068 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/14 12:12:56.0968 11068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/14 12:12:57.0124 11068 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/14 12:12:57.0296 11068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/14 12:12:57.0546 11068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/06/14 12:12:57.0748 11068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/14 12:12:57.0826 11068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/14 12:12:57.0998 11068 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/14 12:12:58.0232 11068 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/14 12:12:58.0528 11068 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/14 12:12:58.0716 11068 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/14 12:12:58.0934 11068 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/14 12:12:59.0199 11068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/14 12:12:59.0293 11068 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/14 12:12:59.0340 11068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/14 12:12:59.0402 11068 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/14 12:12:59.0605 11068 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/14 12:12:59.0932 11068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/14 12:13:00.0198 11068 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/14 12:13:00.0322 11068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/14 12:13:00.0525 11068 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/14 12:13:00.0666 11068 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\Windows\system32\DRIVERS\eyeonedp.sys
2011/06/14 12:13:00.0853 11068 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/14 12:13:01.0040 11068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/14 12:13:01.0102 11068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/14 12:13:01.0290 11068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/14 12:13:01.0352 11068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/14 12:13:01.0664 11068 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/14 12:13:01.0992 11068 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/14 12:13:02.0132 11068 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/14 12:13:02.0194 11068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/14 12:13:02.0288 11068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/14 12:13:02.0506 11068 HCW85BDA (0e44dbf63bb0169d57446aec21881ff2) C:\Windows\system32\drivers\HCW85BDA.sys
2011/06/14 12:13:02.0678 11068 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/14 12:13:02.0725 11068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/14 12:13:02.0896 11068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/14 12:13:02.0943 11068 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/14 12:13:03.0037 11068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/14 12:13:03.0177 11068 HSF_DP (617732f6c0f86df3757b1d39211c15e5) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/14 12:13:03.0396 11068 HSXHWBS3 (b1322e002bc4a556f83e4edde8e2f30f) C:\Windows\system32\DRIVERS\HSXHWBS3.sys
2011/06/14 12:13:03.0583 11068 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/06/14 12:13:03.0630 11068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/14 12:13:03.0676 11068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/14 12:13:03.0739 11068 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\drivers\iastor.sys
2011/06/14 12:13:03.0848 11068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/14 12:13:04.0285 11068 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110610.006\IDSvix86.sys
2011/06/14 12:13:04.0519 11068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/14 12:13:04.0675 11068 IntcAzAudAddService (da6303bbaed73eec30c3433359e7a311) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/14 12:13:04.0878 11068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/14 12:13:04.0971 11068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/14 12:13:05.0002 11068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/14 12:13:05.0065 11068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/14 12:13:05.0127 11068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/14 12:13:05.0221 11068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/14 12:13:05.0377 11068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/14 12:13:05.0502 11068 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/14 12:13:05.0533 11068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/14 12:13:05.0611 11068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/14 12:13:05.0626 11068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/14 12:13:05.0704 11068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/14 12:13:05.0814 11068 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/14 12:13:06.0094 11068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/14 12:13:06.0235 11068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/14 12:13:06.0282 11068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/14 12:13:06.0438 11068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/14 12:13:06.0500 11068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/14 12:13:06.0547 11068 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/14 12:13:06.0734 11068 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/14 12:13:06.0874 11068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/14 12:13:06.0937 11068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/14 12:13:06.0984 11068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/14 12:13:07.0062 11068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/14 12:13:07.0124 11068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/14 12:13:07.0327 11068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/14 12:13:07.0530 11068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/14 12:13:07.0592 11068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/14 12:13:07.0654 11068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/14 12:13:07.0717 11068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/14 12:13:07.0732 11068 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/14 12:13:07.0764 11068 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/14 12:13:07.0795 11068 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/14 12:13:07.0842 11068 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/14 12:13:07.0873 11068 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/14 12:13:07.0904 11068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/14 12:13:07.0998 11068 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/06/14 12:13:08.0044 11068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/14 12:13:08.0216 11068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/14 12:13:08.0388 11068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/14 12:13:08.0544 11068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/14 12:13:08.0793 11068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/14 12:13:08.0965 11068 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/14 12:13:09.0261 11068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/14 12:13:09.0308 11068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/14 12:13:09.0339 11068 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/14 12:13:09.0604 11068 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/14 12:13:10.0010 11068 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110613.038\NAVENG.SYS
2011/06/14 12:13:10.0369 11068 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110613.038\NAVEX15.SYS
2011/06/14 12:13:10.0806 11068 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/14 12:13:10.0821 11068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/14 12:13:11.0008 11068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/14 12:13:11.0211 11068 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/14 12:13:11.0383 11068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/14 12:13:11.0461 11068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/14 12:13:11.0617 11068 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/14 12:13:11.0726 11068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/14 12:13:11.0757 11068 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/14 12:13:11.0773 11068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/14 12:13:11.0866 11068 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/14 12:13:12.0069 11068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/14 12:13:12.0288 11068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/14 12:13:12.0553 11068 nvlddmkm (0013f8cf1322487fb247eae56ef0ed90) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/14 12:13:13.0036 11068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/14 12:13:13.0192 11068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/14 12:13:13.0317 11068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/14 12:13:13.0489 11068 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/14 12:13:13.0520 11068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/14 12:13:13.0660 11068 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/14 12:13:13.0738 11068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/14 12:13:13.0879 11068 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/14 12:13:14.0019 11068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/14 12:13:14.0206 11068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/14 12:13:14.0284 11068 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\Windows\system32\drivers\pdihwctl.sys
2011/06/14 12:13:14.0503 11068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/14 12:13:14.0659 11068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/14 12:13:14.0830 11068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/14 12:13:14.0940 11068 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/14 12:13:15.0049 11068 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/14 12:13:15.0096 11068 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/14 12:13:15.0314 11068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/14 12:13:15.0486 11068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/14 12:13:15.0595 11068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/14 12:13:15.0657 11068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/14 12:13:15.0813 11068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/14 12:13:15.0844 11068 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/14 12:13:15.0860 11068 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/14 12:13:15.0891 11068 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/14 12:13:15.0922 11068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/14 12:13:15.0969 11068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/14 12:13:15.0985 11068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/14 12:13:16.0032 11068 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/14 12:13:16.0094 11068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/14 12:13:16.0172 11068 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/14 12:13:16.0234 11068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/14 12:13:16.0281 11068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/14 12:13:16.0344 11068 Sentinel (4b926f60ccce0c410591c66446675496) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/06/14 12:13:16.0422 11068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/14 12:13:16.0453 11068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/14 12:13:16.0484 11068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/14 12:13:16.0515 11068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/14 12:13:16.0546 11068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/14 12:13:16.0578 11068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/14 12:13:16.0624 11068 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/14 12:13:17.0420 11068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/14 12:13:17.0467 11068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/14 12:13:17.0498 11068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/14 12:13:17.0529 11068 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/14 12:13:17.0592 11068 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/14 12:13:17.0685 11068 SNTNLUSB (1475a9533649935a048ea5e27f8c3b37) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/06/14 12:13:17.0810 11068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/14 12:13:18.0013 11068 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/06/14 12:13:18.0169 11068 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/06/14 12:13:18.0262 11068 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/06/14 12:13:18.0340 11068 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/14 12:13:18.0356 11068 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/14 12:13:18.0434 11068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/14 12:13:18.0481 11068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/14 12:13:18.0574 11068 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/06/14 12:13:18.0668 11068 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/14 12:13:18.0730 11068 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/06/14 12:13:18.0871 11068 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/06/14 12:13:19.0027 11068 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
2011/06/14 12:13:19.0198 11068 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/06/14 12:13:19.0292 11068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/14 12:13:19.0323 11068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/14 12:13:19.0401 11068 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/06/14 12:13:19.0573 11068 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/14 12:13:19.0620 11068 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/14 12:13:19.0635 11068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/14 12:13:19.0666 11068 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\Windows\system32\DRIVERS\tdrpman.sys
2011/06/14 12:13:19.0791 11068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/14 12:13:19.0822 11068 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/14 12:13:19.0854 11068 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/14 12:13:19.0932 11068 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/06/14 12:13:19.0994 11068 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/14 12:13:20.0103 11068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/14 12:13:20.0134 11068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/14 12:13:20.0150 11068 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/14 12:13:20.0197 11068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/14 12:13:20.0228 11068 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/14 12:13:20.0290 11068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/14 12:13:20.0353 11068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/14 12:13:20.0384 11068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/14 12:13:20.0415 11068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/14 12:13:20.0446 11068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/14 12:13:20.0509 11068 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/14 12:13:20.0618 11068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/14 12:13:20.0649 11068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/14 12:13:20.0696 11068 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/14 12:13:20.0727 11068 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/14 12:13:20.0774 11068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/14 12:13:20.0836 11068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/14 12:13:20.0883 11068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/14 12:13:20.0961 11068 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/14 12:13:20.0977 11068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/14 12:13:21.0070 11068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/14 12:13:21.0102 11068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/14 12:13:21.0117 11068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/14 12:13:21.0148 11068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/14 12:13:21.0180 11068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/14 12:13:21.0211 11068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/14 12:13:21.0289 11068 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/14 12:13:21.0367 11068 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/14 12:13:21.0445 11068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/14 12:13:21.0507 11068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/14 12:13:21.0554 11068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 12:13:21.0585 11068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/14 12:13:21.0648 11068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/14 12:13:21.0726 11068 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/14 12:13:21.0882 11068 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/14 12:13:21.0975 11068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/14 12:13:22.0053 11068 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/14 12:13:22.0100 11068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/14 12:13:22.0162 11068 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/06/14 12:13:22.0272 11068 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/06/14 12:13:22.0350 11068 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/06/14 12:13:22.0443 11068 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/06/14 12:13:22.0506 11068 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/06/14 12:13:22.0615 11068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/14 12:13:22.0802 11068 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/14 12:13:22.0927 11068 MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
2011/06/14 12:13:22.0958 11068 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/14 12:13:22.0974 11068 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/06/14 12:13:23.0457 11068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
2011/06/14 12:13:23.0457 11068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
2011/06/14 12:13:23.0488 11068 ================================================================================
2011/06/14 12:13:23.0488 11068 Scan finished
2011/06/14 12:13:23.0488 11068 ================================================================================
2011/06/14 12:13:23.0488 11528 Detected object count: 1
2011/06/14 12:13:23.0488 11528 Actual detected object count: 1
2011/06/14 12:13:34.0923 11528 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/14 12:13:34.0923 11528 \Device\Harddisk0\DR0 - ok
2011/06/14 12:13:34.0970 11528 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/14 12:13:42.0130 15068 Deinitialize success
 
Well done :)

Is Norton still complaining?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

===================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:
 
Norton has been quiet for the past few minutes :)

If you don't mind answering I am confused as to why the acronis reset didn't resolve this? Does the virus attach to external drives?

Here are the logs:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x8EA02000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7741440 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 181.22 )
0x82042000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82042000 PnpManager 3903488 bytes
0x82042000 RAW 3903488 bytes
0x82042000 WMIxWDM 3903488 bytes
0x8FC00000 C:\Windows\system32\drivers\RTKVHDA.sys 2256896 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x81220000 Win32k 2105344 bytes
0x81220000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAD65B000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110613.038\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0x8F600000 C:\Windows\system32\drivers\HCW85BDA.sys 1130496 bytes (Hauppauge Computer Works, CX23885 BDA driver)
0x8A601000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x82C0C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F408000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x82E08000 C:\Windows\System32\drivers\tcpip.sys 946176 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CC000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA02E0000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E800000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x8260D000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F50B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9DA31000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8E8ED000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8060B000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x9070E000 C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x8276A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9DB03000 C:\Windows\system32\drivers\HTTP.sys 438272 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82F0A000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0x80412000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x90667000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9060A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110610.006\IDSvix86.sys 380928 bytes (Symantec Corporation, IDS Core Driver)
0x8A749000 C:\Windows\system32\DRIVERS\tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xAD608000 C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0x82716000 C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x81460000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0278000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x80730000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FF54000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80694000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90789000 C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x8048B000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x82FBD000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F17E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E98C000 C:\Windows\system32\DRIVERS\HSXHWBS3.sys 249856 bytes (Conexant Systems, Inc., HSF_HWB3 WDM driver)
0x805AC000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82D42000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA0200000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A710000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FEC3000 C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x8078A000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8200F000 ACPI_HAL 208896 bytes
0x8200F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x826D4000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FF9C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F7A6000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F5CD000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82D17000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E9C9000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8A7D7000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA0251000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FEF7000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x82D7C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F717000 C:\Windows\system32\DRIVERS\Rtlh86.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x82DB8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82F86000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8FE5A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9DBB9000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9DBD9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x906D9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8A7AA000 C:\Windows\system32\DRIVERS\snapman.sys 122880 bytes (Acronis, Acronis Snapshot API)
0x9DB6E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82EEF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9DA0C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9DB8B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F788000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0239000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x906F7000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82DA1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAD7E6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FFD7000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FEAD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9DBA4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x827DB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA02C4000 C:\Windows\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0x8FF2B000 C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xA03D4000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xAD7D2000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110613.038\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x82DEA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FF40000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F75A000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9DAF0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x807DD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F1CB000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x906C5000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA03E9000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82F75000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x807BE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80472000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82706000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9DAE0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8077A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8F73C000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x827F0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E8DE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x907E9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A7C8000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80712000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82DDB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F1BC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80721000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F74C000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x814B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x807CF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FE96000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8FF1D000 C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x907D2000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F5C0000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82600000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F166000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80687000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA03C8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FE4E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F772000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F77D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8FE8B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F1F1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F7D4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E8CA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F173000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x907DF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E9F3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x82C00000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA03BE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FFF6000 C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x9DA27000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0x8F7DF000 C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0x8F7E9000 C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0x8F7F3000 C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0x8F1DD000 C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0x8F1E7000 C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
0x9DA00000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x82FA7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FE27000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FEA4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8FFED000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x81440000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8E8D5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8FFCE000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x80483000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8040A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x806E3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FE7B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FE83000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A7A2000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9DBF8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8FE37000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FE47000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FE30000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x907CB000 C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 28672 bytes (SafeNet, Inc., Sentinel USB Security Device Driver)
0x8F7A0000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F76D000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0x82765000 C:\Windows\System32\Drivers\PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA02D9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F714000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xA02DD000 C:\Windows\system32\drivers\pdihwctl.sys 12288 bytes (Portrait Displays, Inc., PdiHwCtl NT kernel-mode driver)
0x8F164000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 181.22 )
0x8F7FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x906D7000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-14 12:42:13
-----------------------------
12:42:13.701 OS Version: Windows 6.0.6001 Service Pack 1
12:42:13.701 Number of processors: 4 586 0xF0B
12:42:13.702 ComputerName: SCHWEITZERS UserName: Owner
12:42:16.728 Initialize success
12:42:21.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:42:21.663 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 3
12:42:21.665 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:42:21.667 Disk 1 Vendor: ST350063 3.CH Size: 476940MB BusType: 3
12:42:21.669 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
12:42:21.672 Disk 2 Vendor: WDC_WD15 01.0 Size: 1430799MB BusType: 3
12:42:21.716 Disk 0 MBR read successfully
12:42:21.718 Disk 0 MBR scan
12:42:21.721 Disk 0 unknown MBR code
12:42:21.736 Disk 0 scanning sectors +976768065
12:42:21.760 Disk 0 scanning C:\Windows\system32\drivers
12:42:27.644 Service scanning
12:42:29.187 Disk 0 trace - called modules:
12:42:29.198 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:42:29.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b5b140]
12:42:29.533 3 CLASSPNP.SYS[82f8b745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859b8030]
12:42:29.537 Scan finished successfully
12:42:43.806 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
12:42:43.813 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
 
I am confused as to why the acronis reset didn't resolve this?
Not really easy to say.
Possibly, the rootkit was already there, but previous Norton versions were not detecting it.

In any case, the above logs look clean now, but we'll do more checking...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I tried following your instructions but ended up blue screening. I tried disabling norton by unchecking all the boxes but the program still warned me that norton was still active.
Fortunately there have been no issues I can detect today. Thank-you for all your help so far, please advise if I need to try anything else.
 
Please, re-read my previous instructions, starting at:
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
We have to make sure, your computer is clean.
 
Status
Not open for further replies.
Back