Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 53

Thread: Browser/host problem after malware

  1. 2010-07-19, 02:29 #31
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    1. Open Notepad

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
c:\documents and settings\Jonathan\Local Settings\Application Data\hrjamelec

RegNull::
[HKEY_USERS\S-1-5-21-1543065676-3932340502-659597284-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1262AABE-8920-20ED-9D31-DE48F6154571}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new DDS log. Just DDS.txt. .
    IndiGenus
  2. 2010-07-22, 00:49 #32
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    ComboFix 10-07-21.01 - Jonathan 07/21/2010 18:24:33.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2630 [GMT -4:00]
    Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Jonathan\My Documents\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jonathan\Local Settings\Application Data\hrjamelec

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
    .

    2010-07-17 21:19 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-15 16:50 . 2010-07-15 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\documents and settings\Jonathan\Application Data\PeaZip
    2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\program files\PeaZip
    2010-07-05 17:27 . 2010-07-05 17:27 293376 ----a-w- C:\7fuz0599.exe
    2010-07-05 02:37 . 2010-07-05 02:37 -------- d-----w- c:\program files\Sun
    2010-07-05 02:36 . 2010-07-05 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-04 17:10 . 2010-07-04 17:10 -------- d-----w- c:\program files\ERUNT
    2010-07-02 23:25 . 2010-07-02 23:25 -------- d-----w- c:\program files\Trend Micro
    2010-07-02 23:17 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Threat Expert
    2010-07-02 22:59 . 2010-07-15 01:51 1435600 ----a-w- c:\windows\PCTBDCore.dll
    2010-07-02 22:57 . 2010-07-21 12:05 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-06-30 03:17 . 2010-06-30 03:17 -------- d-----w- C:\c3b08df3689e6543c69b76d6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-21 22:18 . 2009-02-15 21:43 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-07-21 12:05 . 2008-02-06 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-21 12:05 . 2008-02-06 20:48 -------- d-----w- c:\program files\Spyware Doctor
    2010-07-17 23:57 . 2006-08-04 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-17 13:35 . 2010-07-17 13:35 68224 ----a-w- c:\windows\system32\drivers\tsk35.tmp
    2010-07-17 13:11 . 2010-06-01 10:57 5645311 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-07-05 02:34 . 2006-07-29 13:13 -------- d-----w- c:\program files\Java
    2010-07-01 02:55 . 2010-07-01 03:01 1584128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB7B.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB79.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB7A.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB78.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB77.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB76.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB75.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB73.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB74.tmp
    2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB72.tmp
    2010-07-01 02:53 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB71.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB70.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6F.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6E.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB6D.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6B.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6C.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB69.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6A.tmp
    2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB68.tmp
    2010-07-01 02:51 . 2010-07-01 02:51 1584128 ----a-w- c:\windows\Internet Logs\xDBB32.tmp
    2010-07-01 02:50 . 2010-07-01 02:50 8192 ----a-w- c:\windows\Internet Logs\xDBB05.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAF3.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF4.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAF1.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF2.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEF.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF0.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAED.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEE.tmp
    2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEC.tmp
    2010-07-01 02:48 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAEA.tmp
    2010-07-01 02:48 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEB.tmp
    2010-07-01 02:48 . 2010-07-01 02:48 8704 ----a-w- c:\windows\Internet Logs\xDBAE9.tmp
    2010-07-01 02:48 . 2010-07-01 02:48 8192 ----a-w- c:\windows\Internet Logs\xDBAE8.tmp
    2010-07-01 02:48 . 2010-07-01 02:48 24064 ----a-w- c:\windows\Internet Logs\xDBAE7.tmp
    2010-06-29 21:26 . 2010-05-25 11:59 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-19 01:52 . 2007-12-08 23:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
    2010-06-19 01:52 . 2007-12-08 23:17 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
    2010-06-14 14:31 . 2004-08-11 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-05 13:53 . 2007-09-24 01:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
    2010-05-31 23:45 . 2010-05-31 23:45 503808 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcp71.dll
    2010-05-31 23:45 . 2010-05-31 23:45 499712 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\jmc.dll
    2010-05-31 23:45 . 2010-05-31 23:45 348160 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcr71.dll
    2010-05-31 23:45 . 2010-05-31 23:45 61440 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-sse.dll
    2010-05-31 23:45 . 2010-05-31 23:45 12800 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-d3d.dll
    2010-05-27 11:08 . 2010-05-27 11:08 49674 ----a-w- c:\windows\Internet Logs\GLB40_2nd_2010_05_27_00_01_01.dmp.zip
    2010-05-27 11:08 . 2010-05-27 11:08 49307 ----a-w- c:\windows\Internet Logs\GLB39_2nd_2010_05_26_23_59_44.dmp.zip
    2010-05-27 11:08 . 2010-05-27 11:08 49226 ----a-w- c:\windows\Internet Logs\GLB32_2nd_2010_05_26_23_59_31.dmp.zip
    2010-05-27 03:49 . 2009-02-15 18:34 -------- d-----w- c:\program files\AVG
    2010-05-27 03:47 . 2010-05-27 03:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\CheckPoint
    2010-05-27 03:46 . 2009-02-15 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\CheckPoint
    2010-05-27 03:45 . 2010-05-27 03:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2010-05-27 02:59 . 2006-08-04 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-05-27 02:11 . 2010-05-27 02:11 -------- d-----w- c:\documents and settings\Regina\Application Data\Malwarebytes
    2010-05-27 02:06 . 2010-05-27 02:06 -------- d-----w- c:\documents and settings\Regina\Application Data\Apple Computer
    2010-05-23 18:43 . 2010-05-23 18:43 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
    2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-23 18:09 . 2010-05-23 18:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSCTSQE
    2010-05-20 22:10 . 2010-05-27 03:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2010-05-20 22:10 . 2010-05-27 03:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
    2010-05-20 22:10 . 2010-05-27 03:45 103936 ----a-w- c:\windows\system32\zlcommdb.dll
    2010-05-06 10:41 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2004-08-11 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 19:39 . 2010-05-23 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2010-05-23 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-07-17_21.11.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-21 11:36 . 2010-07-21 11:36 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
    + 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys
    - 2004-08-04 03:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
    + 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\dllcache\pci.sys
    + 2010-07-21 11:40 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-21-2010\ERDNT.EXE
    + 2010-07-20 00:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-19-2010\ERDNT.EXE
    + 2010-07-18 12:25 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-18-2010\ERDNT.EXE
    + 2010-07-21 11:39 . 2010-07-21 11:39 3395584 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000002\UsrClass.dat
    + 2010-07-21 11:39 . 2010-07-21 11:39 9318400 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000001\NTUSER.DAT
    + 2010-07-20 00:36 . 2010-07-20 00:36 3395584 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000002\UsrClass.dat
    + 2010-07-20 00:36 . 2010-07-20 00:36 9318400 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000001\NTUSER.DAT
    + 2010-07-18 12:25 . 2010-07-18 12:25 3395584 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000002\UsrClass.dat
    + 2010-07-18 12:25 . 2010-07-18 12:25 9318400 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000001\NTUSER.DAT
    + 2006-08-23 12:59 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
    JHSecure VPN Client.lnk - c:\program files\JHSecure\VPN Client\vpngui.exe [2006-8-9 1524776]
    Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-8 118784]
    Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-29 921704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
    2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Jonathan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

    R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/29/2006 5:41 PM 25344]
    R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [8/4/2006 10:22 PM 19478]
    R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 9:50 PM 64160]
    R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [8/4/2006 10:22 PM 634798]
    R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [8/4/2006 10:22 PM 430670]
    R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [8/4/2006 4:26 PM 135168]
    R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/29/2006 9:15 AM 61526]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/31/2010 5:47 PM 102448]
    R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
    S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [8/4/2006 10:22 PM 64093]
    S2 gupdate1c99473f33209e4;Google Update Service (gupdate1c99473f33209e4);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 6:30 PM 133104]
    S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/24/2004 12:52 AM 7552]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - PCTSDInjDriver32

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]

    2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-21 18:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
    "ImagePath"="system32\drivers\tsk35.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1292)
    c:\windows\system32\PRISMAPI.DLL
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'lsass.exe'(1348)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

    - - - - - - - > 'explorer.exe'(4668)
    c:\windows\system32\WININET.dll
    c:\program files\Spyware Doctor\pctgmhk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-07-21 18:37:21
    ComboFix-quarantined-files.txt 2010-07-21 22:37
    ComboFix2.txt 2010-07-17 21:16

    Pre-Run: 76,570,664,960 bytes free
    Post-Run: 80,698,310,656 bytes free

    - - End Of File - - D9E15256B3C1D27A8116C8444039E85C
  3. 2010-07-22, 00:52 #33
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:51:37 PM, on 7/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\JHSecure\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PRISMSVC.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...rel&channel=us
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1278412954625
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://dcconnect.rand.org/dana-cach...erSetupSP1.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c99473f33209e4) (gupdate1c99473f33209e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 13896 bytes
  4. 2010-07-22, 03:10 #34
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Before moving on with the fix I would like you to check something.

    Start Notepad and copy/paste in the following code:
    Code:
    @echo off
If exist SELECT.txt del /s/q SELECT.txt
If exist peek*.txt del /s/q peek*.txt

regedit /a peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\Select"

type peek*.txt>>SELECT.txt
del peek*.txt
start notepad SELECT.txt
del %0
    Save as filename look.bat to your desktop, choose to save as type "All Files". Click OK.

    Double click on " look.bat " and copy/paste the log that pops up into your next reply.
    IndiGenus
  5. 2010-07-23, 14:16 #35
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\Select]
    "Current"=dword:00000001
    "Default"=dword:00000001
    "Failed"=dword:00000000
    "LastKnownGood"=dword:00000002
  6. 2010-07-23, 15:19 #36
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Some more investigating to do before we make any changes. This could be tricky to remove if we need to.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind 
pci.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    +++++++++++++++++++

    Please go to http://www.virustotal.com/en/indexf.html
    click on Browse, and upload the following file for analysis:

    C:\WINDOWS\SYSTEM32\DRIVERS\tsk35.tmp

    Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.
    IndiGenus
  7. 2010-07-23, 15:33 #37
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 09:29 on 23/07/2010 by Jonathan (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "pci.sys"
    C:\i386\pci.sys --a--- 68224 bytes [11:45 08/08/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
    C:\WINDOWS\$NtServicePackUninstall$\pci.sys -----c 68224 bytes [02:20 06/01/2009] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
    C:\WINDOWS\ServicePackFiles\i386\pci.sys ------ 68224 bytes [01:36 05/09/2008] [18:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
    C:\WINDOWS\system32\dllcache\pci.sys --a--- 68224 bytes [03:07 04/08/2004] [17:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
    C:\WINDOWS\system32\drivers\pci.sys --a--- 68224 bytes [03:07 04/08/2004] [17:36 13/04/2008] A219903CCF74233761D92BEF471A07B1
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:02 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
    C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:02 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
    C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:03 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234
    C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\pci.sys --a--- 68224 bytes [13:03 29/07/2006] [03:07 04/08/2004] 8086D9979234B603AD5BC2F5D890B234

    -=End Of File=-
  8. 2010-07-23, 15:57 #38
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    I hope you can read this. thanks

    AhnLab-V3 2010.07.23.01 2010.07.23 -
    AntiVir 8.2.4.26 2010.07.23 -
    Antiy-AVL 2.0.3.7 2010.07.23 -
    Authentium 5.2.0.5 2010.07.21 -
    Avast 4.8.1351.0 2010.07.23 -
    Avast5 5.0.332.0 2010.07.23 -
    AVG 9.0.0.851 2010.07.23 -
    BitDefender 7.2 2010.07.23 -
    CAT-QuickHeal 11.00 2010.07.23 -
    ClamAV 0.96.0.3-git 2010.07.23 -
    Comodo 5518 2010.07.23 -
    DrWeb 5.0.2.03300 2010.07.23 -
    Emsisoft 5.0.0.34 2010.07.23 -
    eSafe 7.0.17.0 2010.07.22 -
    eTrust-Vet 36.1.7732 2010.07.23 -
    F-Prot 4.6.1.107 2010.07.23 -
    F-Secure 9.0.15370.0 2010.07.23 -
    Fortinet 4.1.143.0 2010.07.23 -
    GData 21 2010.07.23 -
    Ikarus T3.1.1.84.0 2010.07.23 -
    Jiangmin 13.0.900 2010.07.23 -
    Kaspersky 7.0.0.125 2010.07.23 -
    McAfee 5.400.0.1158 2010.07.23 -
    McAfee-GW-Edition 2010.1 2010.07.23 Heuristic.LooksLike.Trojan.Patched.I
    Microsoft 1.6004 2010.07.23 -
    NOD32 5305 2010.07.23 -
    Norman 6.05.11 2010.07.23 -
    nProtect 2010-07-23.02 2010.07.23 -
    Panda 10.0.2.7 2010.07.23 -
    PCTools 7.0.3.5 2010.07.23 -
    Prevx 3.0 2010.07.23 -
    Rising 22.57.03.08 2010.07.23 -
    Sophos 4.55.0 2010.07.23 -
    Sunbelt 6624 2010.07.23 -
    SUPERAntiSpyware 4.40.0.1006 2010.07.23 -
    Symantec 20101.1.1.7 2010.07.23 -
    TheHacker 6.5.2.1.324 2010.07.23 -
    TrendMicro 9.120.0.1004 2010.07.23 -
    TrendMicro-HouseCall 9.120.0.1004 2010.07.23 -
    VBA32 3.12.12.6 2010.07.23 -
    ViRobot 2010.7.23.3956 2010.07.23 -
    VirusBuster 5.0.27.0 2010.07.22 -
    Additional information
    File size: 68224 bytes
    MD5...: a219903ccf74233761d92bef471a07b1
    SHA1..: a6fe7ca93616532f0b6305fc6878939830e45fe8
    SHA256: d4e6c360a1d2fca4d17c991b834d68bf20f5111dd06b1fab8b22984804cec269
    ssdeep: 1536:JsNVZQ0nyDUzrntj2LEGg8gzjQhP/66QqyYF:JsNryDUHtKjgxzjQhX6vqN
    F

    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xe004
    timedatestamp.....: 0x480252bb (Sun Apr 13 18:36:43 2008)
    machinetype.......: 0x14c (I386)

    ( 7 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x300 0x3e5c 0x3e80 6.55 2ee0bb5703c0492e8a88518fd90e4495
    .rdata 0x4180 0x5c4 0x600 5.65 917663f1296bf8e7e5e7c45c7587f383
    .data 0x4780 0x650 0x680 3.09 71bff54d87392d25d6c6154ae7db053a
    PAGE 0x4e00 0x8532 0x8580 6.54 c04c92f044de5af46c5bb778f700e7c6
    INIT 0xd380 0x15e8 0x1600 6.10 bd7074b0f2f6907be00e317f68af2a37
    .rsrc 0xe980 0x1788 0x1800 3.47 b18ff957dda881b64c93b1bd70cdfdaa
    .reloc 0x10180 0x88c 0x900 6.07 998b4fa0b69100c4007f6ce687f377d8

    ( 2 imports )
    > ntoskrnl.exe: RtlGetNextRange, RtlGetFirstRange, RtlFindRange, ExAllocatePoolWithTag, swprintf, IoGetDmaAdapter, ExFreePoolWithTag, KeBugCheckEx, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetAttachedDeviceReference, HalDispatchTable, VfFailDeviceNode, PoCallDriver, PoStartNextPowerIrp, IofCompleteRequest, KdEnableDebugger, KdDisableDebugger, ExIsProcessorFeaturePresent, DbgPrint, InitSafeBootMode, IoInvalidateDeviceRelations, IoDeleteDevice, IoDetachDevice, ZwClose, ZwQueryValueKey, IoOpenDeviceRegistryKey, IoAttachDeviceToDeviceStack, IoCreateDevice, HalPrivateDispatchTable, IoAssignResources, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, _vsnprintf, RtlAnsiStringToUnicodeString, sprintf, RtlIsRangeAvailable, RtlFindMessage, wcslen, RtlFreeRangeList, ZwEnumerateValueKey, ZwQueryKey, memmove, RtlInitUnicodeString, ZwEnumerateKey, _snwprintf, ZwOpenKey, IoUnregisterPlugPlayNotification, VfFailSystemBIOS, IoRegisterPlugPlayNotification, VfIsVerificationEnabled, PoSetPowerState, PoRequestPowerIrp, IoCancelIrp, IoReleaseCancelSpinLock, KeDelayExecutionThread, KeQueryTimeIncrement, KdPowerTransition, READ_REGISTER_BUFFER_ULONG, READ_REGISTER_BUFFER_UCHAR, _except_handler3, MmUnmapIoSpace, MmMapIoSpace, IoGetDeviceProperty, RtlAddRange, RtlInitializeRangeList, ZwSetValueKey, ZwCreateKey, IoBuildDeviceIoControlRequest, KeTickCount, _aulldiv, KeEnterCriticalRegion, KeWaitForSingleObject, KeSetEvent, KeLeaveCriticalRegion, ObfDereferenceObject, RtlInitAnsiString, ObfReferenceObject, RtlDeleteOwnersRanges, RtlCopyRangeList, _aullrem, RtlDeleteRange, _wcsicmp
    > HAL.dll: KeStallExecutionProcessor, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, HalGetBusDataByOffset, HalTranslateBusAddress, HalAdjustResourceList

    ( 0 exports )

    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Generic (68.0%)
    Generic Win/DOS Executable (15.9%)
    DOS Executable Generic (15.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    packers (Kaspersky): PE_Patch
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: NT Plug and Play PCI Enumerator
    original name: pci.sys
    internal name: pci.sys
    file version.: 5.1.2600.5512 (xpsp.080413-2111)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
  9. 2010-07-23, 16:16 #39
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Okay while I'm looking into this and trying to get my head wrapped around it can you run TDSSKiller like you did earlier back here and post the log.
    IndiGenus
  10. 2010-07-23, 17:25 #40
    jobrown
    jobrown is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    29

    Default

    1:23:33:828 2452 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
    11:23:33:828 2452 ================================================================================
    11:23:33:828 2452 SystemInfo:

    11:23:33:828 2452 OS Version: 5.1.2600 ServicePack: 3.0
    11:23:33:828 2452 Product type: Workstation
    11:23:33:828 2452 ComputerName: OPTIPLEX
    11:23:33:828 2452 UserName: Jonathan
    11:23:33:828 2452 Windows directory: C:\WINDOWS
    11:23:33:828 2452 System windows directory: C:\WINDOWS
    11:23:33:828 2452 Processor architecture: Intel x86
    11:23:33:828 2452 Number of processors: 2
    11:23:33:828 2452 Page size: 0x1000
    11:23:33:843 2452 Boot type: Normal boot
    11:23:33:843 2452 ================================================================================
    11:23:34:031 2452 Initialize success
    11:23:34:031 2452
    11:23:34:031 2452 Scanning Services ...
    11:23:34:515 2452 Raw services enum returned 398 services
    11:23:34:531 2452
    11:23:34:531 2452 Scanning Drivers ...
    11:23:35:343 2452 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    11:23:35:390 2452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:23:35:421 2452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    11:23:35:468 2452 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    11:23:35:546 2452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    11:23:35:609 2452 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    11:23:35:656 2452 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    11:23:35:718 2452 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    11:23:35:750 2452 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    11:23:35:765 2452 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    11:23:35:781 2452 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    11:23:35:812 2452 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    11:23:35:828 2452 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    11:23:35:843 2452 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    11:23:35:859 2452 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    11:23:35:890 2452 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    11:23:35:906 2452 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    11:23:35:921 2452 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    11:23:35:937 2452 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    11:23:35:953 2452 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    11:23:35:984 2452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:23:36:000 2452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:23:36:031 2452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:23:36:046 2452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:23:36:093 2452 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    11:23:36:109 2452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    11:23:36:234 2452 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    11:23:36:250 2452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:23:36:265 2452 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    11:23:36:421 2452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:23:36:453 2452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    11:23:36:484 2452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:23:36:515 2452 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    11:23:36:515 2452 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    11:23:36:562 2452 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    11:23:36:609 2452 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    11:23:36:625 2452 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    11:23:36:640 2452 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    11:23:36:687 2452 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
    11:23:36:703 2452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    11:23:36:734 2452 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    11:23:36:750 2452 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    11:23:36:765 2452 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    11:23:36:765 2452 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    11:23:36:781 2452 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    11:23:36:796 2452 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    11:23:36:812 2452 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    11:23:36:828 2452 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    11:23:36:843 2452 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    11:23:36:906 2452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    11:23:36:984 2452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    11:23:37:000 2452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    11:23:37:031 2452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    11:23:37:062 2452 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    11:23:37:093 2452 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    11:23:37:109 2452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    11:23:37:125 2452 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    11:23:37:125 2452 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    11:23:37:156 2452 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    11:23:37:281 2452 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    11:23:37:296 2452 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:23:37:312 2452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    11:23:37:328 2452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    11:23:37:375 2452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    11:23:37:390 2452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    11:23:37:406 2452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    11:23:37:437 2452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:23:37:437 2452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:23:37:484 2452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    11:23:37:515 2452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:23:37:515 2452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:23:37:531 2452 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    11:23:37:546 2452 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    11:23:37:593 2452 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    11:23:37:640 2452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    11:23:37:656 2452 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    11:23:37:671 2452 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    11:23:37:687 2452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:23:37:703 2452 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
    11:23:37:734 2452 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    11:23:37:765 2452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:23:37:796 2452 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    11:23:37:812 2452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    11:23:37:843 2452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:23:37:859 2452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    11:23:37:875 2452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:23:37:890 2452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:23:37:906 2452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:23:37:921 2452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:23:37:937 2452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:23:37:953 2452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:23:37:968 2452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:23:37:968 2452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    11:23:38:000 2452 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
    11:23:38:046 2452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    11:23:38:078 2452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    11:23:38:140 2452 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
    11:23:38:156 2452 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    11:23:38:187 2452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    11:23:38:203 2452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    11:23:38:218 2452 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    11:23:38:234 2452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:23:38:265 2452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:23:38:265 2452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    11:23:38:296 2452 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    11:23:38:296 2452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:23:38:328 2452 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:23:38:343 2452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    11:23:38:406 2452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:23:38:421 2452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:23:38:453 2452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    11:23:38:468 2452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:23:38:468 2452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    11:23:38:640 2452 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100720.002\naveng.sys
    11:23:38:687 2452 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100720.002\navex15.sys
    11:23:38:734 2452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    11:23:38:750 2452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:23:38:765 2452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:23:38:781 2452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:23:38:796 2452 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    11:23:38:828 2452 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
    11:23:38:843 2452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:23:38:859 2452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:23:38:937 2452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    11:23:39:109 2452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    11:23:39:203 2452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    11:23:39:281 2452 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    11:23:39:312 2452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:23:39:343 2452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:23:39:375 2452 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    11:23:39:406 2452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    11:23:39:421 2452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    11:23:39:453 2452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    11:23:39:453 2452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\drivers\tsk35.tmp
    11:23:39:468 2452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:23:39:515 2452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    11:23:39:562 2452 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    11:23:39:562 2452 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    11:23:39:578 2452 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
    11:23:39:625 2452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:23:39:625 2452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    11:23:39:640 2452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:23:39:656 2452 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    11:23:39:656 2452 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    11:23:39:671 2452 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    11:23:39:687 2452 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    11:23:39:703 2452 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    11:23:39:734 2452 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    11:23:39:750 2452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:23:39:765 2452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:23:39:781 2452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:23:39:781 2452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:23:39:812 2452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:23:39:828 2452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:23:39:859 2452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:23:39:875 2452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    11:23:39:890 2452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:23:40:015 2452 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys
    11:23:40:015 2452 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    11:23:40:046 2452 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
    11:23:40:093 2452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:23:40:125 2452 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    11:23:40:156 2452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:23:40:156 2452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    11:23:40:187 2452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    11:23:40:218 2452 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    11:23:40:250 2452 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    11:23:40:281 2452 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINDOWS\system32\DRIVERS\sonypvd2.sys
    11:23:40:343 2452 sonypvf2 (8984edfa4e4aae45892a2ba7929b360d) C:\WINDOWS\system32\drivers\sonypvf2.sys
    11:23:40:343 2452 sonypvl2 (ec7de9b70ca3218803b4b38d62e7dc39) C:\WINDOWS\system32\drivers\sonypvl2.sys
    11:23:40:359 2452 sonypvt2 (bf00283a4c71aae7b46c32a264cea22b) C:\WINDOWS\system32\drivers\sonypvt2.sys
    11:23:40:390 2452 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    11:23:40:453 2452 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    11:23:40:500 2452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    11:23:40:515 2452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    11:23:40:562 2452 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    11:23:40:609 2452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:23:40:640 2452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    11:23:40:671 2452 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    11:23:40:687 2452 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    11:23:40:718 2452 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    11:23:40:812 2452 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    11:23:40:859 2452 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    11:23:40:890 2452 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    11:23:40:921 2452 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    11:23:40:921 2452 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    11:23:40:953 2452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    11:23:40:984 2452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:23:41:031 2452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:23:41:062 2452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    11:23:41:078 2452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:23:41:093 2452 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    11:23:41:140 2452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    11:23:41:187 2452 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    11:23:41:218 2452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    11:23:41:281 2452 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
    11:23:41:328 2452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:23:41:343 2452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:23:41:359 2452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:23:41:406 2452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:23:41:437 2452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:23:41:453 2452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:23:41:484 2452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:23:41:500 2452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    11:23:41:546 2452 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    11:23:41:578 2452 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    11:23:41:609 2452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    11:23:41:656 2452 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    11:23:41:703 2452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:23:41:734 2452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    11:23:41:765 2452 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    11:23:41:781 2452 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    11:23:41:843 2452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    11:23:41:859 2452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    11:23:41:875 2452
    11:23:41:875 2452 Completed
    11:23:41:875 2452
    11:23:41:875 2452 Results:
    11:23:41:875 2452 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    11:23:41:875 2452 File objects infected / cured / cured on reboot: 0 / 0 / 0
    11:23:41:875 2452
    11:23:41:875 2452 KLMD(ARK) unloaded successfully
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules