Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Attack from lj1i16b0.com and svchost error


  • Please log in to reply

#1
surfvibe

surfvibe

    New Member

  • Member
  • Pip
  • 2 posts
Hello, I have seen recent posts about this same issue that I'm having too.

My computer is under constant attack from 19js810300z.com , lj1i16b0.com, 85.12.46.155, zz87jhfda88.com and 91.213.174.35. Norton 360 is detecting an attack every 10 min or so and indicates that the intrusion is attempting to access this path, DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE. Additionally since this started (last week some time) my system is running very slow at startup. Task manager shows that my CPU usage is maxed while svchost services run and the system takes a good 10 minutes to fully load up. Iím also getting this error "generic host process for win32 device has encountered a problem". This happens while in internet explorer and most of the time this will lock up the computer to the point where a soft boot is required to restart.

I reviewed the posts and help given to the user Poison Ivy over the last week, I also performed the recommended scans using the Malware and spyware cleaning guide, but after performing these tasks, I'm still having the same problem.

The scans detected a number of things, which were taken care of. When running them now I donít see anything that stands out as a problem, but I admit that I do not understand most of it.

I am attaching here my most recent logs, but if you would prefer to see the older ones that found issues please let me know. Note that I'm having problems posting with all the log texted pasted into the message, so I'm including the rest in attachements.

Thank you in advance for any help you can provide. This site has already been a great resource and learning experience.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4274

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/4/2010 11:01:16 AM
mbam-log-2010-07-04 (11-01-16).txt

Scan type: Quick scan
Objects scanned: 132127
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-04 12:40:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\afpdqaog.sys


---- System - GMER 1.0.15 ----

SSDT 892C0918 ZwAlertResumeThread
SSDT 8A13F9E0 ZwAlertThread
SSDT 893B8908 ZwAllocateVirtualMemory
SSDT 8A12F1E8 ZwAssignProcessToJobObject
SSDT 8A2BA938 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9F78C130]
SSDT 8925D870 ZwCreateMutant
SSDT 8A15CF18 ZwCreateSymbolicLinkObject
SSDT 88FF08F8 ZwCreateThread
SSDT 8A1EEDE8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9F78C3B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9F78C910]
SSDT 8A1FCE88 ZwDuplicateObject
SSDT 893A6950 ZwFreeVirtualMemory
SSDT 8925D960 ZwImpersonateAnonymousToken
SSDT 892C0838 ZwImpersonateThread
SSDT 8A16C0B0 ZwLoadDriver
SSDT 8A20D910 ZwMapViewOfSection
SSDT 892DE980 ZwOpenEvent
SSDT 89240968 ZwOpenProcess
SSDT 8A1FCDC8 ZwOpenProcessToken
SSDT 8A1EEFD0 ZwOpenSection
SSDT 8A30C4F8 ZwOpenThread
SSDT 8A12F0F8 ZwProtectVirtualMemory
SSDT 8A111648 ZwResumeThread
SSDT 8930B860 ZwSetContextThread
SSDT 8930B920 ZwSetInformationProcess
SSDT 8A1EEE88 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9F78CB60]
SSDT 892DE8A0 ZwSuspendProcess
SSDT 8A13FAC0 ZwSuspendThread
SSDT 8932F7B0 ZwTerminateProcess
SSDT 8A13FBA0 ZwTerminateThread
SSDT 890628D8 ZwUnmapViewOfSection
SSDT 89332928 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23B8 80501BF0 4 Bytes CALL B8DA2EE6
.text ntkrnlpa.exe!ZwCallbackReturn + 2450 80501C88 4 Bytes CALL 8CDA3B7A
.text ntkrnlpa.exe!ZwCallbackReturn + 2534 80501D6C 4 Bytes JMP 5598A69E
.text ntkrnlpa.exe!ZwCallbackReturn + 2760 80501F98 8 Bytes CALL 7B10A8CA
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1928] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1928] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0097000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\J8YMCECH\AdPlayer[1].swf 1044 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZORUM9O1\013105[1].htm 6618 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZORUM9O1\afr[1].php 1252 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZORUM9O1\p-01-0VIaSjnOLg[1].gif 35 bytes

---- EOF - GMER 1.0.15 ----

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


  • 0

Advertisements


#2
surfvibe

surfvibe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Update, after further review of other posts it came to my attention that my problem was originating from the tidserve infections.

I followed the instructions given to another member and ran TDSSKILLER application which found an infection and removed it. (see log file for anyone interested).

Since then i have not received any intrusion attempts and the svchost errors appear to have stopped.

I am now following the instruction to better secure my computer and provide for a safer computing environment.

I greatly appreciate the expert advice shown on this web site, thank you.


09:21:45:031 2728 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:21:45:031 2728 ================================================================================
09:21:45:031 2728 SystemInfo:

09:21:45:031 2728 OS Version: 5.1.2600 ServicePack: 3.0
09:21:45:031 2728 Product type: Workstation
09:21:45:031 2728 ComputerName: DLBLANTO-2D711E
09:21:45:031 2728 UserName: Daniel L Blanton
09:21:45:031 2728 Windows directory: C:\WINDOWS
09:21:45:031 2728 System windows directory: C:\WINDOWS
09:21:45:031 2728 Processor architecture: Intel x86
09:21:45:031 2728 Number of processors: 1
09:21:45:031 2728 Page size: 0x1000
09:21:45:031 2728 Boot type: Normal boot
09:21:45:031 2728 ================================================================================
09:21:45:750 2728 Initialize success
09:21:45:750 2728
09:21:45:750 2728 Scanning Services ...
09:21:45:781 2728 Raw services enum returned 400 services
09:21:45:796 2728
09:21:45:796 2728 Scanning Drivers ...
09:21:46:953 2728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:21:47:046 2728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:21:47:156 2728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:21:47:218 2728 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:21:47:265 2728 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:21:47:437 2728 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:21:47:640 2728 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:21:47:718 2728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:21:47:765 2728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:21:47:906 2728 ati2mtag (a48792acefc965ceef1b634b533c334e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:21:47:984 2728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:21:48:046 2728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:21:48:078 2728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:21:48:156 2728 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
09:21:48:281 2728 BTKRNL (27129543ef92461bd07cd5a539986681) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:21:48:359 2728 btwhid (164e59a70d97db0d9d977787125bfaf0) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:21:48:453 2728 BTWUSB (8b91bb13268916f8f6f2e1af680ef784) C:\WINDOWS\system32\Drivers\btwusb.sys
09:21:48:625 2728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:21:48:750 2728 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
09:21:48:812 2728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:21:48:859 2728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:21:48:890 2728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:21:49:015 2728 DFUBTUSB (6906f7e0b7047b95eb194ecf264911c0) C:\WINDOWS\system32\Drivers\frmupgr.sys
09:21:49:078 2728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:21:49:156 2728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:21:49:265 2728 dmio (eaac646d7aa173c14efef777e581eed9) C:\WINDOWS\system32\drivers\dmio.sys
09:21:49:265 2728 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: eaac646d7aa173c14efef777e581eed9, Fake md5: 7c824cf7bbde77d95c08005717a95f6f
09:21:49:265 2728 File "C:\WINDOWS\system32\drivers\dmio.sys" infected by TDSS rootkit ... 09:21:51:375 2728 Backup copy found, using it..
09:21:51:546 2728 will be cured on next reboot
09:21:51:625 2728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:21:51:671 2728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:21:51:718 2728 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
09:21:51:796 2728 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
09:21:51:843 2728 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
09:21:51:906 2728 dot4ufd (93d1350f8f641c894ee4c5e8a2a4a0d4) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
09:21:51:968 2728 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
09:21:52:031 2728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:21:52:125 2728 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:21:52:468 2728 EGATHDRV (938f1ec77ba35858248e584b2d2e9776) C:\WINDOWS\system32\EGATHDRV.SYS
09:21:52:546 2728 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:21:52:656 2728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:21:52:750 2728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:21:52:796 2728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:21:52:859 2728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:21:52:953 2728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:21:52:984 2728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:21:53:000 2728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:21:53:062 2728 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:21:53:109 2728 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:21:53:140 2728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:21:53:203 2728 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:21:53:265 2728 HPZs2k12 (fb0f3633b2f25f9c049fa2d73d28217a) C:\WINDOWS\system32\Drivers\hpzs2k12.sys
09:21:53:343 2728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:21:53:640 2728 I8042PRT (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:21:53:781 2728 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100702.001\IDSxpx86.sys
09:21:53:859 2728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:21:54:000 2728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:21:54:062 2728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:21:54:140 2728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:21:54:203 2728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:21:54:265 2728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:21:54:312 2728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:21:54:359 2728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:21:54:515 2728 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
09:21:54:546 2728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:21:54:578 2728 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:21:54:625 2728 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:21:54:687 2728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:21:54:734 2728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:21:54:796 2728 L8042Kbd (df8770a17227e1adac3ca44818fbe622) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
09:21:54:843 2728 L8042mou (5e19e686bae24c5cd64e5f6a4e80d38d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
09:21:54:921 2728 LBeepKE (839608e418a68bedc04faa656c7cab5a) C:\WINDOWS\system32\Drivers\LBeepKE.sys
09:21:55:000 2728 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
09:21:55:046 2728 LHidKe (b66a77ed976f41ea6154fa0c1fb67f67) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
09:21:55:093 2728 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
09:21:55:156 2728 LMouKE (190e7cb6bcf5fbe0dbb64e8d57087636) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
09:21:55:218 2728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:21:55:265 2728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:21:55:375 2728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:21:55:484 2728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:21:55:531 2728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:21:55:640 2728 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
09:21:55:671 2728 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
09:21:55:703 2728 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
09:21:55:734 2728 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
09:21:55:828 2728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:21:55:890 2728 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:21:55:953 2728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:21:56:015 2728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:21:56:062 2728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:21:56:109 2728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:21:56:171 2728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:21:56:203 2728 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
09:21:56:281 2728 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:21:56:515 2728 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:21:56:671 2728 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
09:21:57:093 2728 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVENG.SYS
09:21:57:234 2728 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100704.002\NAVEX15.SYS
09:21:57:312 2728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:21:57:640 2728 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:21:57:843 2728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:21:57:875 2728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:21:57:906 2728 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:21:57:937 2728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:21:58:000 2728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:21:58:031 2728 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:21:58:078 2728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:21:58:140 2728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:21:58:203 2728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:21:58:250 2728 nvatabus (c8daa008f9e390b9da504c1cd0da1ee9) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
09:21:58:265 2728 NVENETFD (0f432994ca6bafd97321bfa86296f435) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:21:58:328 2728 nvnetbus (cae6911f13850b56cb6c96f6bda70d9b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:21:58:453 2728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:21:58:765 2728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:21:58:890 2728 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:21:58:937 2728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:21:58:953 2728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:21:58:968 2728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:21:59:000 2728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:21:59:046 2728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:21:59:093 2728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:21:59:343 2728 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
09:21:59:687 2728 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
09:21:59:781 2728 PortlUSB (c12c507091492a99a84a93ec6bb39b3a) C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys
09:21:59:828 2728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:21:59:875 2728 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:21:59:937 2728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:21:59:984 2728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:22:00:109 2728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:22:00:140 2728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:22:00:203 2728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:22:00:218 2728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:22:00:343 2728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:22:00:468 2728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:22:00:609 2728 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:22:00:765 2728 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:22:00:843 2728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:22:00:906 2728 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:22:00:953 2728 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:22:01:031 2728 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:22:01:093 2728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:22:01:156 2728 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
09:22:01:203 2728 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
09:22:01:265 2728 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:22:01:312 2728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:22:01:359 2728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:22:01:765 2728 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) D:\(A)STE~1\SMNDIS5.SYS
09:22:01:859 2728 snapman (56716d5f74fa7a52a000d8a89173e403) C:\WINDOWS\system32\DRIVERS\snapman.sys
09:22:01:937 2728 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
09:22:02:031 2728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:22:02:078 2728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:22:02:156 2728 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
09:22:02:250 2728 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
09:22:02:343 2728 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
09:22:02:828 2728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:22:03:281 2728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:22:04:343 2728 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
09:22:04:718 2728 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:22:04:796 2728 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
09:22:04:828 2728 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
09:22:04:875 2728 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:22:04:875 2728 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
09:22:04:953 2728 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
09:22:04:984 2728 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
09:22:05:015 2728 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
09:22:05:125 2728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:22:05:203 2728 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) C:\WINDOWS\system32\drivers\tbhsd.sys
09:22:05:359 2728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:22:05:656 2728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:22:05:718 2728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:22:05:812 2728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:22:05:984 2728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:22:06:187 2728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:22:06:468 2728 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:22:06:609 2728 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:22:06:703 2728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:22:07:062 2728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:22:07:171 2728 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:22:07:250 2728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:22:07:359 2728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:22:07:578 2728 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
09:22:07:750 2728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:22:07:828 2728 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
09:22:07:875 2728 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
09:22:07:953 2728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:22:08:031 2728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:22:08:078 2728 vsbus (3995d1e95f3c621467da4bce868cdc90) C:\WINDOWS\system32\DRIVERS\vsb.sys
09:22:08:125 2728 vserial (3feb02f2eebaa3f099e279c258ef786e) C:\WINDOWS\system32\DRIVERS\vserial.sys
09:22:08:187 2728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:22:08:265 2728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:22:08:328 2728 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:22:08:531 2728 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
09:22:08:562 2728 Reboot required for cure complete..
09:22:08:734 2728 Cure on reboot scheduled successfully
09:22:08:734 2728
09:22:08:734 2728 Completed
09:22:08:734 2728
09:22:08:734 2728 Results:
09:22:08:734 2728 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:22:08:734 2728 File objects infected / cured / cured on reboot: 1 / 0 / 1
09:22:08:734 2728
09:22:08:734 2728 KLMD(ARK) unloaded successfully
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP