Bigger
-
Posts
17 -
Joined
-
Last visited
-
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
I have still redirects using my "standardized" Google test search of large face images of "Michele Bachmann". -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
Results from the Dr.Web CureIt complete scan. Notice that I have chosen not to transfer threats from the Norton quarantine into the Dr. Web quarantine. 07575466.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLW.Autoruner.2640;; 0B134D4B.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoad.37236;; 110460BD.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Fakealert.569;; 12674135.dll;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Bulknet.208;; 16CF0C9C.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Siggen1.61298;; 17763E64.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.GoldSpy.2255;; 17B13223.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Inject.3763;; 187B5D45.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLW.Autoruner.2640;; 18836712.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoad1.18395;; 19AF5EE9.htm\Script.1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19AF5EE9.htm;VBS.Psyme.501;; 19AF5EE9.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;; 1AB31B17.htm\javascript.1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AB31B17.htm;Trojan.DownLoader.59083;; 1AB31B17.htm;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Container contains infected objects;; 250E768C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 2623675A.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 263A0D41.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 26580721.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 266E2D07.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 268C26E7.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 26DD1B29.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Oficla.26;; 297A62E3.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.38006;; 29B11972.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 29F2612B.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.32557;; 2C39398F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.GoldSpy.2255;; 2CD521AA.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.GoldSpy.2268;; 2E7C1DB7.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoad.41551;; 32EC13AF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.35279;; 333A0359.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.35279;; 334B5547.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.35279;; 396D29D9.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.GoldSpy.2268;; 397A592D.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Packed.1214;; 39D41139.swf;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.SWF.165;; 3BB37E9F.sys;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Bulknet.234;; 3BBE041D.swf;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Click.4968;; 3D7579F3.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Groan;; 3F4219F8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Groan;; 406E30AE.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Groan;; 421A5510.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.Panda.122;; 49734CFA.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.PWS.Panda.122;; 51DF779F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Java.Downloader.123;; 5E2B24B1.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Fakealert.569;; 61916547.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.38006;; 6258666C.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Probably Trojan.Packed.Based;; 627B13F2.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Rntm.8;; 63C21ADD.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Probably Trojan.Packed.Based;; 65047713.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;BackDoor.Minirem.29;; 65714103.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Probably Trojan.Packed.Based;; 6A535349.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Proxy.3017;; 6BE7038D.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.26572;; 6F6F5B88.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.Packed.683;; -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
SP3 upgrade scheduled for this weekend. I just verified the upgrade yesterday on another system. IE was successfully reset to factory default with all addins deactivated. The ESIHDRV service was successfully deleted. However, it is part of the ESET Online Scanner, which was run several times under your colleague. IE lists the proxy servwr of the University of Zurich. Notice, however that the proxy wasn't activated, neither before or after the IE reset. I some times activate it if I want to use some of their internal resources. I access the Net normally directly. The TFC temp file cleaner is also scheduled to run over the weekend as, before data is deleted from undefined locations, a full data backup needs to be performed. I'm reading in this forum and in others that the tool is buggy, i.e. falsely deleting browser bookmarks or even deleting large chunks of legitim data. Do you have documentation on the tool? Dr. Web CureIt scanning is currently running. I keep you posted. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
The assessment of point 5 is obviously crucial. As if one assesses that what I and other users are seeing on their systems is actually a contamination at Google and other search providers. What's the assessment? -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
Thanks for joining in. Please also comment on my 5th point. I reappend it: (5) How do you assess the following redirects? Search for large-sized face images of "Michele Bachmann" (a member of the U.S. Congress). In the first search page, you find several images listed with "malkevnia.com" and "friendsforlife.in" domains. Notice that all of these images have legitim "imgurl" parameters but malicious "imgrefurl" parameters added. I have replicated these phenomena on highly secure government systems. We and many others in this forum may be on a wild goose chase. Google might have a gigantic problem. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
So, what's the news? -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
We have to review several topics here. (1) IE8 is a security risk. XP SP2 is currently still under patch cover. (2) What's the assessment of the RootRepeal log entries? Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB9F07000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A69000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB58C7000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! (3) What's the assessment of the DDS log entries? ==================== Find3M ==================== 2011-02-11 00:48:40 66 ----a-w- c:\docume~1\marcel~1\applic~1\isfree4_0.tmp 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll (4) What's the post-review of the following Combofix deletions? C:\install.exe c:\windows\My.ini c:\windows\system32\scvideo.dll c:\windows\system32\twunk_32.exe d:\\DPE.DUS (5) How do you assess the following redirects? Search for large-sized face images of "Michele Bachmann" (a member of the U.S. Congress). In the first search page, you find several images listed with "malkevnia.com" and "friendsforlife.in" domains. Notice that all of these images have legitim "imgurl" parameters but malicious "imgrefurl" parameters added. I have replicated these phenomena on highly secure government systems. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6110 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 03.20.2011 2:01:34 PM mbam-log-2011-03-20 (14-01-29).txt Scan type: Quick scan Objects scanned: 195948 Time elapsed: 6 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Under Safe Mode with Networking, the MSIE 7 Google redirects persist. I do not have and do not want to install another Web browser. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
Sorry, but the domain rootkit.com (to get "Rootkit Unhooker") has been unreachable for the last 3 days. What to do? -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2011/03/17 21:54 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB9F07000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A69000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB58C7000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x86a78170 #: 013 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x86a78c78 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x86e98e80 #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x86b932e0 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xba3e4020 #: 043 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x86e9b3c0 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x86b31eb0 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xba3e42a0 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xba3e4800 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x86e9ab58 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x86e63c78 #: 091 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x86edac78 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x86e33fb0 #: 114 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x86ad5168 #: 123 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x86b92380 #: 129 Function Name: NtOpenThreadToken Status: Hooked by "<unknown>" at address 0x86ed71b8 #: 177 Function Name: NtQueryValueKey Status: Hooked by "<unknown>" at address 0x86ed9ad8 #: 206 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x86b99e98 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x86a18170 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x86e9ada0 #: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x86d8ea08 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xba3e4a50 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x86e4b360 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x86a82ae0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x86b92348 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x869dc170 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x86a80c78 "Rootkit Unhooker" will follow tomorrow. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
2011/03/13 10:15:11.0312 5960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/13 10:15:11.0687 5960 ================================================================================ 2011/03/13 10:15:11.0687 5960 SystemInfo: 2011/03/13 10:15:11.0687 5960 2011/03/13 10:15:11.0687 5960 OS Version: 5.1.2600 ServicePack: 2.0 2011/03/13 10:15:11.0687 5960 Product type: Workstation 2011/03/13 10:15:11.0687 5960 ComputerName: MARCEL 2011/03/13 10:15:11.0687 5960 UserName: Marcel Bigger 2011/03/13 10:15:11.0687 5960 Windows directory: C:\WINDOWS 2011/03/13 10:15:11.0687 5960 System windows directory: C:\WINDOWS 2011/03/13 10:15:11.0687 5960 Processor architecture: Intel x86 2011/03/13 10:15:11.0687 5960 Number of processors: 2 2011/03/13 10:15:11.0687 5960 Page size: 0x1000 2011/03/13 10:15:11.0687 5960 Boot type: Normal boot 2011/03/13 10:15:11.0687 5960 ================================================================================ 2011/03/13 10:15:11.0968 5960 Initialize success 2011/03/13 10:15:16.0296 6004 ================================================================================ 2011/03/13 10:15:16.0296 6004 Scan started 2011/03/13 10:15:16.0296 6004 Mode: Manual; 2011/03/13 10:15:16.0296 6004 ================================================================================ 2011/03/13 10:15:18.0093 6004 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/03/13 10:15:18.0187 6004 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 2011/03/13 10:15:18.0234 6004 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/13 10:15:18.0281 6004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/13 10:15:18.0343 6004 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 2011/03/13 10:15:18.0406 6004 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/03/13 10:15:18.0453 6004 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/03/13 10:15:18.0515 6004 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/03/13 10:15:18.0562 6004 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 2011/03/13 10:15:18.0593 6004 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys 2011/03/13 10:15:18.0640 6004 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 2011/03/13 10:15:18.0671 6004 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 2011/03/13 10:15:18.0718 6004 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 2011/03/13 10:15:18.0781 6004 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 2011/03/13 10:15:18.0843 6004 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 2011/03/13 10:15:18.0906 6004 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys 2011/03/13 10:15:18.0937 6004 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys 2011/03/13 10:15:19.0000 6004 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 2011/03/13 10:15:19.0062 6004 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/13 10:15:19.0093 6004 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 2011/03/13 10:15:19.0140 6004 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 2011/03/13 10:15:19.0171 6004 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 2011/03/13 10:15:19.0250 6004 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/13 10:15:19.0296 6004 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/13 10:15:19.0468 6004 ati2mtag (b70ecb6bd20e13f0ce3c0bc95f5c3a9a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/03/13 10:15:19.0578 6004 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/13 10:15:19.0625 6004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/13 10:15:19.0687 6004 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/03/13 10:15:19.0734 6004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/13 10:15:19.0875 6004 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 2011/03/13 10:15:19.0906 6004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/13 10:15:19.0953 6004 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/13 10:15:20.0031 6004 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 2011/03/13 10:15:20.0062 6004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/13 10:15:20.0109 6004 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/13 10:15:20.0156 6004 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/13 10:15:20.0250 6004 CLBStor (3b15740f137b2b243fdae2e7b9c391f7) C:\WINDOWS\system32\drivers\CLBStor.sys 2011/03/13 10:15:20.0281 6004 CLBUDF (f5c65ca7c0d348820caf9b499d783243) C:\WINDOWS\system32\drivers\CLBUDF.sys 2011/03/13 10:15:20.0328 6004 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 2011/03/13 10:15:20.0406 6004 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 2011/03/13 10:15:20.0484 6004 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys 2011/03/13 10:15:20.0531 6004 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys 2011/03/13 10:15:20.0593 6004 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys 2011/03/13 10:15:20.0640 6004 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys 2011/03/13 10:15:20.0671 6004 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys 2011/03/13 10:15:20.0718 6004 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 2011/03/13 10:15:20.0781 6004 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 2011/03/13 10:15:20.0843 6004 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/13 10:15:20.0906 6004 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/13 10:15:20.0968 6004 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/13 10:15:21.0015 6004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/13 10:15:21.0062 6004 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/13 10:15:21.0109 6004 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 2011/03/13 10:15:21.0140 6004 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/13 10:15:21.0187 6004 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/03/13 10:15:21.0234 6004 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/03/13 10:15:21.0281 6004 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/03/13 10:15:21.0359 6004 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/03/13 10:15:21.0406 6004 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2011/03/13 10:15:21.0468 6004 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys 2011/03/13 10:15:21.0500 6004 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/03/13 10:15:21.0625 6004 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/13 10:15:21.0671 6004 fc0dp3bw (04f76bc3aff4dd42a0ff860c8e70acc8) C:\WINDOWS\system32\Drivers\fc0dp3bw.sys 2011/03/13 10:15:21.0734 6004 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/13 10:15:21.0781 6004 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/13 10:15:21.0812 6004 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/13 10:15:21.0859 6004 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/13 10:15:21.0906 6004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/13 10:15:21.0953 6004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/13 10:15:22.0000 6004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/03/13 10:15:22.0031 6004 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/13 10:15:22.0109 6004 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys 2011/03/13 10:15:22.0156 6004 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys 2011/03/13 10:15:22.0218 6004 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/13 10:15:22.0281 6004 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 2011/03/13 10:15:22.0328 6004 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/13 10:15:22.0375 6004 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/03/13 10:15:22.0421 6004 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys 2011/03/13 10:15:22.0468 6004 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/13 10:15:22.0515 6004 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2011/03/13 10:15:22.0562 6004 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2011/03/13 10:15:22.0593 6004 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2011/03/13 10:15:22.0640 6004 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2011/03/13 10:15:22.0671 6004 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2011/03/13 10:15:22.0734 6004 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2011/03/13 10:15:22.0781 6004 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2011/03/13 10:15:22.0812 6004 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2011/03/13 10:15:22.0890 6004 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2011/03/13 10:15:22.0921 6004 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2011/03/13 10:15:22.0984 6004 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/13 10:15:23.0062 6004 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 2011/03/13 10:15:23.0140 6004 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys 2011/03/13 10:15:23.0203 6004 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/13 10:15:23.0234 6004 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/13 10:15:23.0281 6004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/13 10:15:23.0312 6004 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/13 10:15:23.0359 6004 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/13 10:15:23.0406 6004 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/13 10:15:23.0453 6004 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/13 10:15:23.0500 6004 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/13 10:15:23.0531 6004 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/13 10:15:23.0562 6004 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/03/13 10:15:23.0625 6004 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/13 10:15:23.0671 6004 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/13 10:15:23.0859 6004 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/03/13 10:15:23.0984 6004 MaxImIO (d84fb8f14981f9ddc834dd143376e608) C:\WINDOWS\system32\Drivers\maximio.sys 2011/03/13 10:15:24.0062 6004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/13 10:15:24.0109 6004 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/13 10:15:24.0140 6004 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/13 10:15:24.0203 6004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/13 10:15:24.0234 6004 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/13 10:15:24.0281 6004 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 2011/03/13 10:15:24.0343 6004 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/13 10:15:24.0421 6004 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/13 10:15:24.0484 6004 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/03/13 10:15:24.0531 6004 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/13 10:15:24.0578 6004 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/13 10:15:24.0609 6004 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/13 10:15:24.0640 6004 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/13 10:15:24.0687 6004 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/13 10:15:24.0750 6004 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/13 10:15:24.0796 6004 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys 2011/03/13 10:15:24.0828 6004 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys 2011/03/13 10:15:24.0859 6004 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/13 10:15:24.0906 6004 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/13 10:15:25.0015 6004 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110312.002\NAVENG.Sys 2011/03/13 10:15:25.0078 6004 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110312.002\NavEx15.Sys 2011/03/13 10:15:25.0140 6004 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/13 10:15:25.0171 6004 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/13 10:15:25.0203 6004 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/13 10:15:25.0250 6004 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/13 10:15:25.0281 6004 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/13 10:15:25.0328 6004 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/13 10:15:25.0390 6004 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/13 10:15:25.0453 6004 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/13 10:15:25.0531 6004 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/13 10:15:25.0578 6004 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/03/13 10:15:25.0609 6004 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/13 10:15:25.0687 6004 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/13 10:15:25.0765 6004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/13 10:15:25.0859 6004 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/13 10:15:25.0953 6004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/13 10:15:26.0000 6004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/13 10:15:26.0031 6004 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/13 10:15:26.0109 6004 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys 2011/03/13 10:15:26.0171 6004 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys 2011/03/13 10:15:26.0218 6004 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/03/13 10:15:26.0250 6004 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/13 10:15:26.0281 6004 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/13 10:15:26.0328 6004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/13 10:15:26.0359 6004 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/13 10:15:26.0437 6004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/13 10:15:26.0500 6004 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/13 10:15:26.0750 6004 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 2011/03/13 10:15:26.0796 6004 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 2011/03/13 10:15:26.0875 6004 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys 2011/03/13 10:15:26.0953 6004 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/13 10:15:27.0000 6004 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/13 10:15:27.0046 6004 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/13 10:15:27.0093 6004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/13 10:15:27.0140 6004 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2011/03/13 10:15:27.0187 6004 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 2011/03/13 10:15:27.0250 6004 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 2011/03/13 10:15:27.0296 6004 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 2011/03/13 10:15:27.0359 6004 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 2011/03/13 10:15:27.0390 6004 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 2011/03/13 10:15:27.0453 6004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/13 10:15:27.0500 6004 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/13 10:15:27.0531 6004 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/13 10:15:27.0578 6004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/13 10:15:27.0625 6004 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/13 10:15:27.0656 6004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/13 10:15:27.0703 6004 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/13 10:15:27.0765 6004 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/13 10:15:27.0812 6004 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/13 10:15:27.0890 6004 SaiClass (dd3bba364c3b89ccb1fd8fd427c7b37f) C:\WINDOWS\system32\drivers\SaiNtBus.sys 2011/03/13 10:15:27.0937 6004 SaiMini (20a15c1468f8961aa5e62966c38cb9e8) C:\WINDOWS\system32\drivers\SaiMini.sys 2011/03/13 10:15:27.0984 6004 SaiNtHid (a007103ef0e50fb0e0ed08b511d721d7) C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys 2011/03/13 10:15:28.0078 6004 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 2011/03/13 10:15:28.0109 6004 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 2011/03/13 10:15:28.0171 6004 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/03/13 10:15:28.0234 6004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/13 10:15:28.0281 6004 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/13 10:15:28.0328 6004 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/13 10:15:28.0390 6004 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys 2011/03/13 10:15:28.0421 6004 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys 2011/03/13 10:15:28.0468 6004 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/13 10:15:28.0500 6004 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys 2011/03/13 10:15:28.0609 6004 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys 2011/03/13 10:15:28.0671 6004 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/13 10:15:28.0734 6004 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys 2011/03/13 10:15:28.0828 6004 snapman (e48716ca3b919f949b3ed6d79026997f) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/03/13 10:15:28.0890 6004 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 2011/03/13 10:15:28.0968 6004 SPBBCDrv (ad312daf605152576530dc916f7227b7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/03/13 10:15:29.0031 6004 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/13 10:15:29.0093 6004 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/13 10:15:29.0171 6004 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/13 10:15:29.0234 6004 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/03/13 10:15:29.0265 6004 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/03/13 10:15:29.0312 6004 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/13 10:15:29.0343 6004 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/13 10:15:29.0406 6004 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/13 10:15:29.0484 6004 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 2011/03/13 10:15:29.0515 6004 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 2011/03/13 10:15:29.0578 6004 SYMDNS (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 2011/03/13 10:15:29.0625 6004 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/03/13 10:15:29.0656 6004 SYMFW (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS 2011/03/13 10:15:29.0718 6004 SYMIDS (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 2011/03/13 10:15:29.0828 6004 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110307.001\symidsco.sys 2011/03/13 10:15:29.0906 6004 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys 2011/03/13 10:15:29.0953 6004 SYMNDIS (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 2011/03/13 10:15:30.0000 6004 SYMREDRV (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/03/13 10:15:30.0031 6004 SYMTDI (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/03/13 10:15:30.0093 6004 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 2011/03/13 10:15:30.0156 6004 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 2011/03/13 10:15:30.0203 6004 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/13 10:15:30.0281 6004 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/13 10:15:30.0328 6004 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/13 10:15:30.0390 6004 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/13 10:15:30.0453 6004 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/13 10:15:30.0515 6004 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/03/13 10:15:30.0562 6004 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/03/13 10:15:30.0593 6004 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/03/13 10:15:30.0625 6004 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys 2011/03/13 10:15:30.0656 6004 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/03/13 10:15:30.0703 6004 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/03/13 10:15:30.0750 6004 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/03/13 10:15:30.0796 6004 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/03/13 10:15:30.0828 6004 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/03/13 10:15:30.0890 6004 tifsfilter (8090576bda8aaa5973004fa9c78d8fb7) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2011/03/13 10:15:30.0937 6004 timounter (c0e598520f825b946eccb7e1d4c0ce32) C:\WINDOWS\system32\DRIVERS\timntr.sys 2011/03/13 10:15:30.0984 6004 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 2011/03/13 10:15:31.0046 6004 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/13 10:15:31.0109 6004 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 2011/03/13 10:15:31.0156 6004 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/13 10:15:31.0218 6004 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/13 10:15:31.0265 6004 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/03/13 10:15:31.0328 6004 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/13 10:15:31.0359 6004 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/13 10:15:31.0406 6004 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/13 10:15:31.0437 6004 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/13 10:15:31.0484 6004 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/13 10:15:31.0531 6004 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/13 10:15:31.0562 6004 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/03/13 10:15:31.0609 6004 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/03/13 10:15:31.0640 6004 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/03/13 10:15:31.0687 6004 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys 2011/03/13 10:15:31.0718 6004 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys 2011/03/13 10:15:31.0781 6004 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/13 10:15:31.0859 6004 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/13 10:15:31.0937 6004 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/13 10:15:32.0078 6004 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/13 10:15:32.0187 6004 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\CyberLink\PowerDVD\000.fcl 2011/03/13 10:15:32.0343 6004 ================================================================================ 2011/03/13 10:15:32.0343 6004 Scan finished 2011/03/13 10:15:32.0343 6004 ================================================================================ MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 177): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806FD000 \WINDOWS\system32\hal.dll 0xF79E1000 \WINDOWS\system32\KDCOM.DLL 0xF78F1000 \WINDOWS\system32\BOOTVID.dll 0xF7761000 fc0dp3bw.sys 0xF7492000 ACPI.sys 0xF79E3000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7481000 pci.sys 0xF74E1000 isapnp.sys 0xF7AA9000 pciide.sys 0xF7769000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF74F1000 MountMgr.sys 0xF7462000 ftdisk.sys 0xF79E5000 dmload.sys 0xF743C000 dmio.sys 0xF7771000 PartMgr.sys 0xF7779000 sfsync02.sys 0xF7501000 VolSnap.sys 0xF7424000 atapi.sys 0xF7511000 disk.sys 0xF7521000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7404000 fltmgr.sys 0xF73F2000 sr.sys 0xF7531000 PxHelp20.sys 0xF73DD000 drvmcdb.sys 0xF73C6000 KSecDD.sys 0xF7339000 Ntfs.sys 0xF730C000 NDIS.sys 0xF72DA000 timntr.sys 0xF72C6000 snapman.sys 0xF7781000 sfhlp02.sys 0xF72B5000 sfdrv01.sys 0xF7551000 ohci1394.sys 0xF7561000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF729A000 Mup.sys 0xF7571000 agp440.sys 0xF7591000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xF7691000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF6D9A000 \SystemRoot\System32\DRIVERS\ati2mtag.sys 0xF6D86000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF7801000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF6D63000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF7809000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF6CF3000 \SystemRoot\system32\drivers\ctaud2k.sys 0xF6CCF000 \SystemRoot\system32\drivers\portcls.sys 0xF76D1000 \SystemRoot\system32\drivers\drmk.sys 0xF6CAC000 \SystemRoot\system32\drivers\ks.sys 0xF6C81000 \SystemRoot\system32\drivers\ctoss2k.sys 0xF79FD000 \SystemRoot\System32\drivers\ctprxy2k.sys 0xF6C5D000 \SystemRoot\System32\DRIVERS\e100b325.sys 0xF7811000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF76E1000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF7819000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF76F1000 \SystemRoot\System32\DRIVERS\serial.sys 0xF725D000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF6C49000 \SystemRoot\System32\DRIVERS\parport.sys 0xF7259000 \SystemRoot\System32\Drivers\CLBStor.SYS 0xF7701000 \SystemRoot\System32\Drivers\AFS2K.SYS 0xF79FF000 \SystemRoot\system32\drivers\sscdbhk5.sys 0xF7711000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF7721000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7821000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7731000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF7C2A000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF7741000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF7251000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF6C0A000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7751000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7541000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7829000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF6B59000 \SystemRoot\System32\DRIVERS\psched.sys 0xF75A1000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF7831000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7839000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF6B28000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xF75B1000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7841000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF7849000 \SystemRoot\system32\drivers\SaiNtBus.sys 0xF7A01000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF6ACF000 \SystemRoot\System32\DRIVERS\update.sys 0xF7851000 \SystemRoot\System32\DRIVERS\omci.sys 0xF7239000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF75E1000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF721D000 \SystemRoot\system32\drivers\SaiMini.sys 0xF75F1000 \SystemRoot\system32\drivers\HIDCLASS.SYS 0xF7859000 \SystemRoot\system32\drivers\HIDPARSE.SYS 0xF7219000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xF79A9000 \SystemRoot\System32\DRIVERS\kbdhid.sys 0xF7601000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF7A03000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xBA71B000 \SystemRoot\System32\drivers\ha10kx2k.sys 0xBA700000 \SystemRoot\System32\drivers\emupia2k.sys 0xBA6E1000 \SystemRoot\System32\drivers\ctsfm2k.sys 0xBA6C1000 \SystemRoot\System32\drivers\ctac32k.sys 0xBA6A1000 \SystemRoot\System32\drivers\hap16v2k.sys 0xF7869000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF79D5000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xF7881000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF7A0D000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xBA581000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 0xBA55C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 0xBA548000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 0xBA3FD000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110312.002\NavEx15.Sys 0xBA3E9000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110312.002\NAVENG.Sys 0xF7A1D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7BA6000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A27000 \SystemRoot\System32\Drivers\Beep.SYS 0xF78C9000 \SystemRoot\system32\drivers\ssrtln.sys 0xF78D1000 \SystemRoot\System32\drivers\vga.sys 0xF7A31000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF78D9000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF78E1000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA7F8000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xBA3B6000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xBA35E000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xBA325000 \SystemRoot\System32\Drivers\SYMTDI.SYS 0xBA304000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF7681000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF76B1000 \SystemRoot\System32\Drivers\SYMREDRV.SYS 0xF76A1000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xF7791000 \SystemRoot\System32\Drivers\SYMDNS.SYS 0xF76C1000 \SystemRoot\System32\Drivers\SYMNDIS.SYS 0xBA2B6000 \SystemRoot\System32\Drivers\SYMFW.SYS 0xF6BFA000 \SystemRoot\System32\Drivers\SYMIDS.SYS 0xBA26F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110307.001\symidsco.sys 0xBA247000 \SystemRoot\System32\DRIVERS\netbt.sys 0xBA225000 \SystemRoot\System32\drivers\afd.sys 0xF6BEA000 \SystemRoot\System32\DRIVERS\netbios.sys 0xBA1C2000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 0xBA197000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xBA128000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF6BBA000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA0CA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xBA0AD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0xF6B9A000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA095000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A51000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA681000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77D1000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7BCE000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF061000 \SystemRoot\System32\ati2cqag.dll 0xBF0E9000 \SystemRoot\System32\atikvmag.dll 0xBF14F000 \SystemRoot\System32\atiok3x2.dll 0xBF18F000 \SystemRoot\System32\ati3duag.dll 0xBF4E6000 \SystemRoot\System32\ativvaxx.dll 0xBA5D9000 \SystemRoot\system32\drivers\drvnddm.sys 0xF7861000 \SystemRoot\System32\DRIVERS\tifsfilt.sys 0xF7B66000 \SystemRoot\system32\dla\tfsndres.sys 0xB7F18000 \SystemRoot\system32\dla\tfsnifs.sys 0xBA2FC000 \SystemRoot\system32\dla\tfsnopio.sys 0xF7A77000 \SystemRoot\system32\dla\tfsnpool.sys 0xB7EA1000 \SystemRoot\System32\Drivers\CLBUDF.SYS 0xB7E90000 \SystemRoot\System32\Drivers\Udfs.SYS 0xF7891000 \SystemRoot\system32\dla\tfsnboio.sys 0xF7641000 \SystemRoot\system32\dla\tfsncofs.sys 0xF7B91000 \SystemRoot\system32\dla\tfsndrct.sys 0xB7E78000 \SystemRoot\system32\dla\tfsnudf.sys 0xB7E5F000 \SystemRoot\system32\dla\tfsnudfa.sys 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB7DA7000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB7B3B000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF7A11000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF7A2B000 \SystemRoot\System32\Drivers\maximio.sys 0xB7954000 \SystemRoot\System32\DRIVERS\srv.sys 0xB7864000 \SystemRoot\system32\drivers\wdmaud.sys 0xB79F3000 \SystemRoot\system32\drivers\sysaudio.sys 0xB7939000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys 0xB7AAB000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xB7EE0000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys 0xB7665000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl 0xB5F36000 \SystemRoot\System32\Drivers\HTTP.sys 0xB551F000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll Processes (total 55): 0 System Idle Process 4 System 816 C:\WINDOWS\SYSTEM32\smss.exe 880 csrss.exe 912 C:\WINDOWS\SYSTEM32\winlogon.exe 964 C:\WINDOWS\SYSTEM32\services.exe 976 C:\WINDOWS\SYSTEM32\lsass.exe 1188 C:\WINDOWS\SYSTEM32\ati2evxx.exe 1208 C:\WINDOWS\SYSTEM32\svchost.exe 1308 svchost.exe 1420 C:\WINDOWS\SYSTEM32\svchost.exe 1472 C:\WINDOWS\SYSTEM32\ati2evxx.exe 1548 svchost.exe 1652 svchost.exe 1828 C:\WINDOWS\SYSTEM32\spoolsv.exe 600 svchost.exe 632 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 656 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 696 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 720 C:\Program Files\Bonjour\mDNSResponder.exe 736 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE 1228 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE 1240 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE 1376 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1592 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe 1932 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE 280 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 532 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 568 C:\WINDOWS\SYSTEM32\svchost.exe 500 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 788 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe 1488 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE 2408 alg.exe 2764 C:\WINDOWS\explorer.exe 2952 C:\Program Files\Saitek\Software\SaiSmart.exe 2964 C:\Program Files\Saitek\Software\Profiler.exe 2976 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe 3076 C:\WINDOWS\SYSTEM32\CTHELPER.EXE 3088 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe 3160 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE 3464 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe 3476 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 3588 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3664 C:\Program Files\iTunes\iTunesHelper.exe 3828 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 3844 C:\WINDOWS\SYSTEM32\ctfmon.exe 3936 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 2280 C:\Program Files\iPod\bin\iPodService.exe 1348 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3356 C:\Program Files\Internet Explorer\iexplore.exe 4036 C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE 464 C:\WINDOWS\SYSTEM32\notepad.exe 1584 C:\Program Files\Messenger\msmsgs.exe 4260 C:\Documents and Settings\Marcel Bigger\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD740GD-75FLA0, Rev: 21.08U21 PhysicalDrive1 Model Number: WDCWD740GD-75FLA0, Rev: 21.08U21 Size Device Name MBR Status -------------------------------------------- 68 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 68 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
No, I'm still getting redirects. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
# version=7 # iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=9f640cc4bf0f274ba365d0ff0af1a009 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-10 10:10:22 # local_time=2011-03-10 11:10:22 (+0100, W. Europe Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3586 16764885 100 88 3920 303121050 0 0 # compatibility_mode=8192 67108863 100 0 1137046 1137046 0 0 # scanned=347193 # found=0 # cleaned=0 # scan_time=9299 Results of screen317's Security Check version 0.99.9 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Adobe After Effects CS3 Presets Norton AntiVirus 2006 Norton Internet Security 2006 (Symantec Corporation) Norton Internet Security Airscanner Mobile Antivirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 9 (Out of date Flash Player installed!) Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Norton Internet Security Norton AntiVirus navapsvc.exe ``````````End of Log```````````` I will observe for the next 24 hours if I still have redirects and report back. -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
ComboFix 11-03-05.02 - Marcel Bigger 03.06.2011 21:32:43.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.517 [GMT 1:00] Running from: c:\documents and settings\Marcel Bigger\Desktop\ComboFix.exe AV: Norton Internet Security 2006 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\My.ini c:\windows\system32\scvideo.dll c:\windows\system32\twunk_32.exe d:\\DPE.DUS . . ((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 ))))))))))))))))))))))))))))))) . . 2011-02-26 14:15 . 2011-02-26 14:15 35904 ----a-w- c:\windows\system32\drivers\fc0dp3bw.sys 2011-02-25 15:44 . 2011-02-25 15:44 -------- d-----w- c:\program files\ESET 2011-02-21 19:41 . 2011-02-21 19:41 -------- d-----w- c:\documents and settings\Marcel Bigger\Application Data\Malwarebytes 2011-02-21 19:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-21 19:41 . 2011-02-21 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-21 19:41 . 2011-02-21 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-21 19:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-05 23:11 . 2011-02-05 23:11 -------- d-----w- c:\program files\iPod . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-11 00:48 . 2009-05-14 18:49 66 ----a-w- c:\documents and settings\Marcel Bigger\Application Data\isfree4_0.tmp 2006-05-03 09:06 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "apod"="c:\progra~1\APOD\apod.exe" [2008-03-07 500736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016] "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTHelper"="CTHELPER.EXE" [2003-02-20 28672] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 53096] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-24 335872] "AsioReg"="CTASIO.DLL" [2003-02-20 110592] "Acronis -
New rootkit, not detected, symptom search redirects
Bigger replied to Bigger's topic in Resolved Malware Removal Logs
c:\program files\brownie\BrstsWnd.exe File name: BrstsWnd.exe Submission date: 2011-03-02 17:05:50 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) AhnLab-V3 2011.03.03.00 2011.03.02 - AntiVir 7.11.4.30 2011.03.02 - Antiy-AVL 2.0.3.7 2011.03.02 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.02.23 - AVG 10.0.0.1190 2011.03.02 - BitDefender 7.2 2011.03.02 - CAT-QuickHeal 11.00 2011.03.01 - ClamAV 0.96.4.0 2011.03.02 - Commtouch 5.2.11.5 2011.03.02 - Comodo 7852 2011.03.02 - DrWeb 5.0.2.03300 2011.03.02 - Emsisoft 5.1.0.2 2011.03.02 - eSafe 7.0.17.0 2011.03.02 - eTrust-Vet 36.1.8192 2011.03.02 - F-Prot 4.6.2.117 2011.03.02 - F-Secure 9.0.16160.0 2011.03.02 - Fortinet 4.2.254.0 2011.03.02 - GData 21 2011.03.02 - Ikarus T3.1.1.97.0 2011.03.02 - Jiangmin 13.0.900 2011.03.02 - K7AntiVirus 9.91.4006 2011.03.02 - Kaspersky 7.0.0.125 2011.03.02 - McAfee 5.400.0.1158 2011.03.02 - McAfee-GW-Edition 2010.1C 2011.03.02 - Microsoft 1.6603 2011.03.02 - NOD32 5920 2011.03.02 - Norman 6.07.03 2011.03.01 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.03.01 - PCTools 7.0.3.5 2011.03.02 - Prevx 3.0 2011.03.02 - Rising 23.47.02.06 2011.03.02 - Sophos 4.61.0 2011.03.02 - SUPERAntiSpyware 4.40.0.1006 2011.03.02 - Symantec 20101.3.0.103 2011.03.02 - TheHacker 6.7.0.1.143 2011.03.02 - TrendMicro 9.200.0.1012 2011.03.02 - TrendMicro-HouseCall 9.200.0.1012 2011.03.02 - VBA32 3.12.14.3 2011.03.02 - VIPRE 8585 2011.03.02 - ViRobot 2011.3.2.4335 2011.03.02 - VirusBuster 13.6.231.0 2011.03.02 - c:\program files\apod\apod.exe Please note that APOD is Astronomy Picture of the Day, a popular NASA app (http://apod.nasa.gov/). File name: apod.exe Submission date: 2011-03-02 17:12:05 (UTC) Current status: queued (#26) queued analysing finished Result: 1/ 43 (2.3%) AhnLab-V3 2011.03.03.00 2011.03.02 - AntiVir 7.11.4.30 2011.03.02 - Antiy-AVL 2.0.3.7 2011.03.02 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.02.23 - AVG 10.0.0.1190 2011.03.02 - BitDefender 7.2 2011.03.02 - CAT-QuickHeal 11.00 2011.03.01 - ClamAV 0.96.4.0 2011.03.02 - Commtouch 5.2.11.5 2011.03.02 - Comodo 7852 2011.03.02 - DrWeb 5.0.2.03300 2011.03.02 - Emsisoft 5.1.0.2 2011.03.02 - eSafe 7.0.17.0 2011.03.02 - eTrust-Vet 36.1.8192 2011.03.02 - F-Prot 4.6.2.117 2011.03.02 - F-Secure 9.0.16160.0 2011.03.02 - Fortinet 4.2.254.0 2011.03.02 - GData 21 2011.03.02 - Ikarus T3.1.1.97.0 2011.03.02 - Jiangmin 13.0.900 2011.03.02 - K7AntiVirus 9.91.4006 2011.03.02 - Kaspersky 7.0.0.125 2011.03.02 - McAfee 5.400.0.1158 2011.03.02 - McAfee-GW-Edition 2010.1C 2011.03.02 - Microsoft 1.6603 2011.03.02 - NOD32 5920 2011.03.02 - Norman 6.07.03 2011.03.01 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.03.02 - PCTools 7.0.3.5 2011.03.02 - Prevx 3.0 2011.03.02 - Rising 23.47.02.06 2011.03.02 - Sophos 4.61.0 2011.03.02 - SUPERAntiSpyware 4.40.0.1006 2011.03.02 - Symantec 20101.3.0.103 2011.03.02 - TheHacker 6.7.0.1.143 2011.03.02 - TrendMicro 9.200.0.1012 2011.03.02 - TrendMicro-HouseCall 9.200.0.1012 2011.03.02 - VBA32 3.12.14.3 2011.03.02 suspected of Trojan.Downloader.gen.h VIPRE 8585 2011.03.02 - ViRobot 2011.3.2.4335 2011.03.02 - VirusBuster 13.6.231.0 2011.03.02 - Regards, -- Marcel