Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.tidserv detected and cannot be deleted.


  • Please log in to reply
3 replies to this topic

#1 JONES113

JONES113

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 18 February 2012 - 04:49 PM

Norton finds this trojan and cannot remove it. I used SUPERantispyware removal and I think it was removed, but I am unsure. The virus deleted all of my documents on the computer and I need a way to recover them. Most of the files are in the recycling bin, but I don't need every file in there. Is there a way you can scan my computer for the virus and also help me recover my files?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 18 February 2012 - 08:22 PM

Hello and welcome,lets see if we can get it.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 JONES113

JONES113
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 19 February 2012 - 11:52 AM

I was not asked to reboot after any of the reports were run.



MiniToolBox by Farbar Version: 18-01-2012
Ran by Steven A. Jones LC (administrator) on 19-02-2012 at 11:29:04
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Law-Office
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.gateway

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home.gateway
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-24-8C-07-B2-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd4f:c226:e9e7:be57%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, February 18, 2012 8:46:57 PM
Lease Expires . . . . . . . . . . : Sunday, February 19, 2012 8:46:57 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251667284
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-10-6F-81-00-24-8C-07-B2-49
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home.gateway
Description . . . . . . . . . . . : isatap.home.gateway
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.138
72.14.204.100
72.14.204.101
72.14.204.102
72.14.204.113



Pinging google.com [72.14.204.113] with 32 bytes of data:

Reply from 72.14.204.113: bytes=32 time=34ms TTL=53

Reply from 72.14.204.113: bytes=32 time=34ms TTL=53



Ping statistics for 72.14.204.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 34ms, Average = 34ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=62ms TTL=49

Reply from 209.191.122.70: bytes=32 time=61ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 62ms, Average = 61ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 24 8c 07 b2 49 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.home.gateway
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::dd4f:c226:e9e7:be57/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2012 08:54:02 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .

Error: (02/18/2012 08:48:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 06:48:27 PM) (Source: Application Error) (User: )
Description: Faulting application hpqgpc01.exe, version 130.0.14.16, time stamp 0x49dd90d9, faulting module hpqgpc01.exe, version 130.0.14.16, time stamp 0x49dd90d9, exception code 0xc0000005, fault offset 0x0000a267,
process id 0x1014, application start time 0xhpqgpc01.exe0.

Error: (02/18/2012 05:42:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 04:34:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 03:29:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2012 03:28:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2012 06:52:52 AM) (Source: Application Error) (User: )
Description: Faulting application audacity.exe, version 0.0.0.0, time stamp 0x455814e4, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d,
process id 0x2690, application start time 0xaudacity.exe0.

Error: (02/13/2012 09:41:38 PM) (Source: Application Error) (User: )
Description: Faulting application audacity.exe, version 0.0.0.0, time stamp 0x455814e4, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003dd6d,
process id 0x1c80, application start time 0xaudacity.exe0.

Error: (02/12/2012 08:42:28 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e, exception code 0xc0000005, fault offset 0x0000a3ed,
process id 0x1fb0, application start time 0xiexplore.exe0.


System errors:
=============
Error: (02/18/2012 08:53:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service

Error: (02/18/2012 08:53:13 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (02/18/2012 08:53:13 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0

Error: (02/18/2012 08:51:13 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (02/18/2012 08:48:39 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/18/2012 08:48:24 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/18/2012 08:47:00 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer HP Officejet J6400 series fax with shared resource name HP Officejet J6400 series fax. Error 2114. The printer cannot be used by others on the network.

Error: (02/18/2012 06:06:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (02/18/2012 06:06:07 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (02/18/2012 06:06:07 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (08/17/2009 07:20:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 34735 seconds with 780 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 2.1.5)
6400_Help (Version: 1.00.0000)
A&N Benchbook (Version: 2011v1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Audacity 1.2.6
Audacity Recovery Utility
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Corel Business Applications
Coupon Printer for Windows (Version: 4.0)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: 6.0.2111)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 12.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Enhanced Multimedia Keyboard Solution (Version: 1.0.9.2)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
Garmin Lifetime Updater (Version: 2.1.6)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 5.1.4976.17)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2784)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP MediaSmart DVD (Version: 2.2.3309)
HP MediaSmart Music/Photo/Video (Version: 2.0.2217)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP Officejet J6400 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Picasso Media Center Add-In (Version: 9.1.7.0)
HP Recovery Manager RSS (Version: 91.0.0.10)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 4.000.012.001)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 100.0.170.000)
iTunes (Version: 9.0.1.8)
J6400 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
Juno Preloader (Version: 1.0.0)
LabelPrint (Version: 2.5.0904)
LightScribe System Software (Version: 1.18.3.2)
LightScribe Template Labeler (Version: 1.14.25.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.61)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 100.0.170.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.7315)
My HP Games (Version: 1.0.0.62)
Norton 360 (Version: 5.2.0.13)
Norton Internet Security (Version: 16.0.0.125)
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.0 (Version: 3.0.9379)
PictureMover (Version: 3.3.1.7)
Power2Go (Version: 6.0.2112)
PowerDirector (Version: 7.0.2202)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
Python 2.5.2 (Version: 2.5.2150)
QuickTime (Version: 7.64.17.73)
Realtek High Definition Audio Driver (Version: 6.0.1.5708)
Recuva (Version: 1.42)
Scan (Version: 10.1.0.0)
Shop for HP Supplies (Version: 10.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.5 (Version: 5.5.119)
SmartWebPrinting (Version: 140.0.186.000)
Soft Data Fax Modem with SmartCP (Version: 7.80.0.0)
SolutionCenter (Version: 130.0.373.000)
sp41099
sp44626
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
Status (Version: 110.0.180.000)
SUPERAntiSpyware (Version: 5.0.1144)
TeamViewer 6 (Version: 6.0.9947)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 110.0.180.000)
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VideoToolkit01 (Version: 100.0.128.000)
Vouch v3.2 (Version: 3.02.0000)
WebReg (Version: 100.0.170.000)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
WVU Configuration for Symantec Endpoint Protection (Version: 1.0.0)
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 2941.83 MB
Available physical RAM: 870.15 MB
Total Pagefile: 6098.08 MB
Available Pagefile: 3645.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.54 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:146.69 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.59 GB) NTFS

========================= Users: ========================================

User accounts for \\LAW-OFFICE

Administrator Guest Steven A. Jones LC


**** End of log ****



11:34:56.0849 5480 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:34:58.0090 5480 ============================================================
11:34:58.0090 5480 Current date / time: 2012/02/19 11:34:58.0090
11:34:58.0090 5480 SystemInfo:
11:34:58.0091 5480
11:34:58.0091 5480 OS Version: 6.0.6002 ServicePack: 2.0
11:34:58.0091 5480 Product type: Workstation
11:34:58.0091 5480 ComputerName: LAW-OFFICE
11:34:58.0091 5480 UserName: Steven A. Jones LC
11:34:58.0091 5480 Windows directory: C:\Windows
11:34:58.0091 5480 System windows directory: C:\Windows
11:34:58.0091 5480 Processor architecture: Intel x86
11:34:58.0091 5480 Number of processors: 2
11:34:58.0091 5480 Page size: 0x1000
11:34:58.0091 5480 Boot type: Normal boot
11:34:58.0091 5480 ============================================================
11:34:58.0608 5480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:34:58.0639 5480 \Device\Harddisk0\DR0:
11:34:58.0640 5480 MBR used
11:34:58.0640 5480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23CDBF10
11:34:58.0640 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23CDBF4F, BlocksNum 0x1751772
11:34:58.0745 5480 Initialize success
11:34:58.0745 5480 ============================================================
11:36:42.0846 5844 ============================================================
11:36:42.0847 5844 Scan started
11:36:42.0847 5844 Mode: Manual; TDLFS;
11:36:42.0847 5844 ============================================================
11:36:43.0252 5844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:36:43.0255 5844 ACPI - ok
11:36:43.0363 5844 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:36:43.0367 5844 adp94xx - ok
11:36:43.0401 5844 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:36:43.0405 5844 adpahci - ok
11:36:43.0427 5844 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:36:43.0429 5844 adpu160m - ok
11:36:43.0456 5844 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:36:43.0458 5844 adpu320 - ok
11:36:43.0559 5844 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:36:43.0561 5844 AFD - ok
11:36:43.0597 5844 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:36:43.0598 5844 agp440 - ok
11:36:43.0621 5844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:36:43.0622 5844 aic78xx - ok
11:36:43.0639 5844 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:36:43.0640 5844 aliide - ok
11:36:43.0674 5844 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:36:43.0675 5844 amdagp - ok
11:36:43.0686 5844 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:36:43.0688 5844 amdide - ok
11:36:43.0792 5844 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:36:43.0793 5844 AmdK7 - ok
11:36:43.0819 5844 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:36:43.0821 5844 AmdK8 - ok
11:36:43.0936 5844 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:36:43.0937 5844 arc - ok
11:36:43.0964 5844 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:36:43.0966 5844 arcsas - ok
11:36:43.0991 5844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:36:43.0992 5844 AsyncMac - ok
11:36:44.0022 5844 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:36:44.0022 5844 atapi - ok
11:36:44.0079 5844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:36:44.0080 5844 Beep - ok
11:36:44.0234 5844 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
11:36:44.0250 5844 BHDrvx86 - ok
11:36:44.0356 5844 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:36:44.0357 5844 blbdrive - ok
11:36:44.0405 5844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:36:44.0406 5844 bowser - ok
11:36:44.0449 5844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:36:44.0450 5844 BrFiltLo - ok
11:36:44.0464 5844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:36:44.0465 5844 BrFiltUp - ok
11:36:44.0513 5844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:36:44.0514 5844 Brserid - ok
11:36:44.0541 5844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:36:44.0542 5844 BrSerWdm - ok
11:36:44.0554 5844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:36:44.0555 5844 BrUsbMdm - ok
11:36:44.0569 5844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:36:44.0570 5844 BrUsbSer - ok
11:36:44.0591 5844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:36:44.0592 5844 BTHMODEM - ok
11:36:44.0624 5844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:36:44.0625 5844 cdfs - ok
11:36:44.0656 5844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:36:44.0657 5844 cdrom - ok
11:36:44.0688 5844 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:36:44.0689 5844 circlass - ok
11:36:44.0723 5844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:36:44.0725 5844 CLFS - ok
11:36:44.0772 5844 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:36:44.0773 5844 cmdide - ok
11:36:44.0784 5844 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
11:36:44.0785 5844 Compbatt - ok
11:36:44.0885 5844 cpuz134 - ok
11:36:44.0949 5844 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:36:44.0949 5844 crcdisk - ok
11:36:44.0975 5844 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:36:44.0976 5844 Crusoe - ok
11:36:45.0035 5844 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:36:45.0036 5844 DfsC - ok
11:36:45.0152 5844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:36:45.0153 5844 disk - ok
11:36:45.0199 5844 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:36:45.0200 5844 Dot4 - ok
11:36:45.0216 5844 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:36:45.0217 5844 Dot4Print - ok
11:36:45.0233 5844 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:36:45.0233 5844 dot4usb - ok
11:36:45.0346 5844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:36:45.0347 5844 drmkaud - ok
11:36:45.0379 5844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:36:45.0384 5844 DXGKrnl - ok
11:36:45.0418 5844 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:36:45.0421 5844 E1G60 - ok
11:36:45.0453 5844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:36:45.0456 5844 Ecache - ok
11:36:45.0558 5844 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:36:45.0561 5844 eeCtrl - ok
11:36:45.0643 5844 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:36:45.0646 5844 elxstor - ok
11:36:45.0726 5844 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:36:45.0727 5844 EraserUtilRebootDrv - ok
11:36:45.0808 5844 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:36:45.0809 5844 ErrDev - ok
11:36:45.0856 5844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:36:45.0860 5844 exfat - ok
11:36:45.0887 5844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:36:45.0891 5844 fastfat - ok
11:36:45.0970 5844 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:36:45.0971 5844 fdc - ok
11:36:45.0999 5844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:36:46.0000 5844 FileInfo - ok
11:36:46.0016 5844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:36:46.0017 5844 Filetrace - ok
11:36:46.0028 5844 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:36:46.0028 5844 flpydisk - ok
11:36:46.0052 5844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:36:46.0054 5844 FltMgr - ok
11:36:46.0167 5844 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:36:46.0168 5844 Fs_Rec - ok
11:36:46.0193 5844 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:36:46.0194 5844 gagp30kx - ok
11:36:46.0279 5844 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:36:46.0280 5844 GEARAspiWDM - ok
11:36:46.0320 5844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:36:46.0324 5844 HDAudBus - ok
11:36:46.0359 5844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:36:46.0360 5844 HidBth - ok
11:36:46.0379 5844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:36:46.0380 5844 HidIr - ok
11:36:46.0402 5844 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
11:36:46.0403 5844 HidUsb - ok
11:36:46.0430 5844 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:36:46.0432 5844 HpCISSs - ok
11:36:46.0543 5844 HSF_DP (78c88781fbd2fdd3bcba09f58897fe45) C:\Windows\system32\DRIVERS\HSX_DP.sys
11:36:46.0549 5844 HSF_DP - ok
11:36:46.0610 5844 HSXHWBS2 (1e289f978d1e6f11db88d4fcb2f9d92f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:36:46.0613 5844 HSXHWBS2 - ok
11:36:46.0644 5844 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:36:46.0647 5844 HTTP - ok
11:36:46.0683 5844 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:36:46.0685 5844 i2omp - ok
11:36:46.0718 5844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:36:46.0719 5844 i8042prt - ok
11:36:46.0799 5844 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:36:46.0802 5844 iaStorV - ok
11:36:46.0931 5844 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120217.003_842\IDSvix86.sys
11:36:46.0940 5844 IDSVix86 - ok
11:36:47.0024 5844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:36:47.0025 5844 iirsp - ok
11:36:47.0112 5844 IntcAzAudAddService (0e70e4485f0ed782248e26353a08d312) C:\Windows\system32\drivers\RTKVHDA.sys
11:36:47.0161 5844 IntcAzAudAddService - ok
11:36:47.0248 5844 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:36:47.0249 5844 intelide - ok
11:36:47.0285 5844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:36:47.0286 5844 intelppm - ok
11:36:47.0315 5844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:36:47.0316 5844 IpFilterDriver - ok
11:36:47.0325 5844 IpInIp - ok
11:36:47.0342 5844 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:36:47.0343 5844 IPMIDRV - ok
11:36:47.0357 5844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:36:47.0359 5844 IPNAT - ok
11:36:47.0391 5844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:36:47.0392 5844 IRENUM - ok
11:36:47.0409 5844 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:36:47.0410 5844 isapnp - ok
11:36:47.0437 5844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:36:47.0440 5844 iScsiPrt - ok
11:36:47.0452 5844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:36:47.0453 5844 iteatapi - ok
11:36:47.0467 5844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:36:47.0468 5844 iteraid - ok
11:36:47.0485 5844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:36:47.0485 5844 kbdclass - ok
11:36:47.0501 5844 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:36:47.0502 5844 kbdhid - ok
11:36:47.0535 5844 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:36:47.0544 5844 KSecDD - ok
11:36:47.0593 5844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:36:47.0594 5844 lltdio - ok
11:36:47.0621 5844 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:36:47.0623 5844 LSI_FC - ok
11:36:47.0650 5844 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:36:47.0652 5844 LSI_SAS - ok
11:36:47.0683 5844 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:36:47.0685 5844 LSI_SCSI - ok
11:36:47.0706 5844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:36:47.0707 5844 luafv - ok
11:36:47.0821 5844 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:36:47.0822 5844 mdmxsdk - ok
11:36:47.0857 5844 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:36:47.0858 5844 megasas - ok
11:36:47.0894 5844 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:36:47.0909 5844 MegaSR - ok
11:36:47.0942 5844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:36:47.0943 5844 Modem - ok
11:36:47.0976 5844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:36:47.0977 5844 monitor - ok
11:36:47.0991 5844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:36:47.0992 5844 mouclass - ok
11:36:48.0005 5844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
11:36:48.0006 5844 mouhid - ok
11:36:48.0051 5844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:36:48.0053 5844 MountMgr - ok
11:36:48.0079 5844 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:36:48.0081 5844 mpio - ok
11:36:48.0124 5844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:36:48.0125 5844 mpsdrv - ok
11:36:48.0153 5844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:36:48.0154 5844 Mraid35x - ok
11:36:48.0175 5844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:36:48.0177 5844 MRxDAV - ok
11:36:48.0237 5844 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:36:48.0239 5844 mrxsmb - ok
11:36:48.0260 5844 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:36:48.0263 5844 mrxsmb10 - ok
11:36:48.0303 5844 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:36:48.0304 5844 mrxsmb20 - ok
11:36:48.0336 5844 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:36:48.0337 5844 msahci - ok
11:36:48.0352 5844 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:36:48.0354 5844 msdsm - ok
11:36:48.0374 5844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:36:48.0375 5844 Msfs - ok
11:36:48.0404 5844 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
11:36:48.0405 5844 MSHUSBVideo - ok
11:36:48.0414 5844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:36:48.0415 5844 msisadrv - ok
11:36:48.0491 5844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:36:48.0492 5844 MSKSSRV - ok
11:36:48.0534 5844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:36:48.0535 5844 MSPCLOCK - ok
11:36:48.0576 5844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:36:48.0577 5844 MSPQM - ok
11:36:48.0632 5844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:36:48.0635 5844 MsRPC - ok
11:36:48.0673 5844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:36:48.0674 5844 mssmbios - ok
11:36:48.0689 5844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:36:48.0689 5844 MSTEE - ok
11:36:48.0703 5844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:36:48.0704 5844 Mup - ok
11:36:48.0742 5844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:36:48.0745 5844 NativeWifiP - ok
11:36:48.0869 5844 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120218.008\NAVENG.SYS
11:36:48.0873 5844 NAVENG - ok
11:36:48.0929 5844 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120218.008\NAVEX15.SYS
11:36:48.0962 5844 NAVEX15 - ok
11:36:49.0060 5844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:36:49.0064 5844 NDIS - ok
11:36:49.0097 5844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:36:49.0098 5844 NdisTapi - ok
11:36:49.0145 5844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:36:49.0146 5844 Ndisuio - ok
11:36:49.0183 5844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:36:49.0184 5844 NdisWan - ok
11:36:49.0236 5844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:36:49.0238 5844 NDProxy - ok
11:36:49.0295 5844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:36:49.0296 5844 NetBIOS - ok
11:36:49.0323 5844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:36:49.0325 5844 netbt - ok
11:36:49.0344 5844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:36:49.0345 5844 nfrd960 - ok
11:36:49.0365 5844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:36:49.0366 5844 Npfs - ok
11:36:49.0379 5844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:36:49.0380 5844 nsiproxy - ok
11:36:49.0417 5844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:36:49.0442 5844 Ntfs - ok
11:36:49.0463 5844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:36:49.0464 5844 ntrigdigi - ok
11:36:49.0478 5844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:36:49.0480 5844 Null - ok
11:36:49.0539 5844 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
11:36:49.0546 5844 NVENETFD - ok
11:36:49.0707 5844 nvlddmkm (7bc6fb1f3aa696944ceb46d038fa90ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:36:49.0752 5844 nvlddmkm - ok
11:36:49.0781 5844 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:36:49.0782 5844 nvraid - ok
11:36:49.0817 5844 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys
11:36:49.0818 5844 nvrd32 - ok
11:36:49.0852 5844 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
11:36:49.0852 5844 nvsmu - ok
11:36:49.0872 5844 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:36:49.0874 5844 nvstor - ok
11:36:49.0906 5844 nvstor32 (1199b2052f7861c1d39c2318e70904c9) C:\Windows\system32\DRIVERS\nvstor32.sys
11:36:49.0908 5844 nvstor32 - ok
11:36:49.0929 5844 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:36:49.0930 5844 nv_agp - ok
11:36:49.0937 5844 NwlnkFlt - ok
11:36:49.0945 5844 NwlnkFwd - ok
11:36:49.0972 5844 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:36:49.0973 5844 ohci1394 - ok
11:36:49.0993 5844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:36:49.0994 5844 Parport - ok
11:36:50.0023 5844 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:36:50.0024 5844 partmgr - ok
11:36:50.0044 5844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:36:50.0045 5844 Parvdm - ok
11:36:50.0065 5844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:36:50.0067 5844 pci - ok
11:36:50.0097 5844 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:36:50.0098 5844 pciide - ok
11:36:50.0116 5844 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:36:50.0118 5844 pcmcia - ok
11:36:50.0161 5844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:36:50.0167 5844 PEAUTH - ok
11:36:50.0207 5844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:36:50.0208 5844 PptpMiniport - ok
11:36:50.0222 5844 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:36:50.0223 5844 Processor - ok
11:36:50.0265 5844 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
11:36:50.0266 5844 Ps2 - ok
11:36:50.0292 5844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:36:50.0293 5844 PSched - ok
11:36:50.0334 5844 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:36:50.0341 5844 ql2300 - ok
11:36:50.0360 5844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:36:50.0361 5844 ql40xx - ok
11:36:50.0379 5844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:36:50.0380 5844 QWAVEdrv - ok
11:36:50.0388 5844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:36:50.0389 5844 RasAcd - ok
11:36:50.0405 5844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:36:50.0406 5844 Rasl2tp - ok
11:36:50.0427 5844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:36:50.0428 5844 RasPppoe - ok
11:36:50.0448 5844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:36:50.0449 5844 RasSstp - ok
11:36:50.0478 5844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:36:50.0480 5844 rdbss - ok
11:36:50.0495 5844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:36:50.0496 5844 RDPCDD - ok
11:36:50.0515 5844 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:36:50.0517 5844 rdpdr - ok
11:36:50.0526 5844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:36:50.0527 5844 RDPENCDD - ok
11:36:50.0552 5844 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:36:50.0555 5844 RDPWD - ok
11:36:50.0576 5844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:36:50.0577 5844 rspndr - ok
11:36:50.0661 5844 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:36:50.0662 5844 SASDIFSV - ok
11:36:50.0676 5844 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:36:50.0677 5844 SASKUTIL - ok
11:36:50.0722 5844 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:36:50.0723 5844 sbp2port - ok
11:36:50.0758 5844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:36:50.0760 5844 secdrv - ok
11:36:50.0808 5844 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:36:50.0808 5844 Serenum - ok
11:36:50.0822 5844 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:36:50.0823 5844 Serial - ok
11:36:50.0840 5844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:36:50.0841 5844 sermouse - ok
11:36:50.0858 5844 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:36:50.0859 5844 sffdisk - ok
11:36:50.0877 5844 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:36:50.0878 5844 sffp_mmc - ok
11:36:50.0895 5844 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:36:50.0896 5844 sffp_sd - ok
11:36:50.0904 5844 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:36:50.0905 5844 sfloppy - ok
11:36:50.0919 5844 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:36:50.0920 5844 sisagp - ok
11:36:50.0941 5844 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:36:50.0942 5844 SiSRaid2 - ok
11:36:50.0956 5844 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:36:50.0957 5844 SiSRaid4 - ok
11:36:50.0985 5844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:36:50.0986 5844 Smb - ok
11:36:51.0013 5844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:36:51.0014 5844 spldr - ok
11:36:51.0085 5844 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
11:36:51.0089 5844 SRTSP - ok
11:36:51.0105 5844 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
11:36:51.0106 5844 SRTSPX - ok
11:36:51.0143 5844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:36:51.0147 5844 srv - ok
11:36:51.0173 5844 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:36:51.0175 5844 srv2 - ok
11:36:51.0214 5844 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:36:51.0215 5844 srvnet - ok
11:36:51.0238 5844 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
11:36:51.0238 5844 StillCam - ok
11:36:51.0267 5844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:36:51.0268 5844 swenum - ok
11:36:51.0298 5844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:36:51.0300 5844 Symc8xx - ok
11:36:51.0354 5844 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
11:36:51.0361 5844 SymDS - ok
11:36:51.0398 5844 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
11:36:51.0405 5844 SymEFA - ok
11:36:51.0433 5844 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
11:36:51.0436 5844 SymEvent - ok
11:36:51.0464 5844 SYMFW - ok
11:36:51.0478 5844 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
11:36:51.0479 5844 SymIRON - ok
11:36:51.0489 5844 SYMNDISV - ok
11:36:51.0523 5844 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
11:36:51.0526 5844 SYMTDIv - ok
11:36:51.0554 5844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:36:51.0555 5844 Sym_hi - ok
11:36:51.0571 5844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:36:51.0573 5844 Sym_u3 - ok
11:36:51.0621 5844 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
11:36:51.0628 5844 Tcpip - ok
11:36:51.0655 5844 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
11:36:51.0661 5844 Tcpip6 - ok
11:36:51.0685 5844 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:36:51.0686 5844 tcpipreg - ok
11:36:51.0702 5844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:36:51.0703 5844 TDPIPE - ok
11:36:51.0718 5844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:36:51.0719 5844 TDTCP - ok
11:36:51.0732 5844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:36:51.0733 5844 tdx - ok
11:36:51.0757 5844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:36:51.0758 5844 TermDD - ok
11:36:51.0784 5844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:36:51.0785 5844 tssecsrv - ok
11:36:51.0798 5844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:36:51.0799 5844 tunmp - ok
11:36:51.0818 5844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:36:51.0818 5844 tunnel - ok
11:36:51.0833 5844 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:36:51.0834 5844 uagp35 - ok
11:36:51.0861 5844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:36:51.0863 5844 udfs - ok
11:36:51.0887 5844 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:36:51.0888 5844 uliagpkx - ok
11:36:51.0908 5844 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:36:51.0910 5844 uliahci - ok
11:36:51.0924 5844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:36:51.0926 5844 UlSata - ok
11:36:51.0939 5844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:36:51.0941 5844 ulsata2 - ok
11:36:51.0957 5844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:36:51.0958 5844 umbus - ok
11:36:51.0984 5844 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
11:36:51.0985 5844 usbaudio - ok
11:36:52.0010 5844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:36:52.0011 5844 usbccgp - ok
11:36:52.0028 5844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:36:52.0029 5844 usbcir - ok
11:36:52.0069 5844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:36:52.0070 5844 usbehci - ok
11:36:52.0099 5844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:36:52.0101 5844 usbhub - ok
11:36:52.0125 5844 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
11:36:52.0126 5844 usbohci - ok
11:36:52.0145 5844 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:36:52.0146 5844 usbprint - ok
11:36:52.0174 5844 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:36:52.0174 5844 usbscan - ok
11:36:52.0203 5844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:36:52.0205 5844 USBSTOR - ok
11:36:52.0234 5844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:36:52.0235 5844 usbuhci - ok
11:36:52.0268 5844 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:36:52.0269 5844 usbvideo - ok
11:36:52.0288 5844 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:36:52.0289 5844 vga - ok
11:36:52.0306 5844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:36:52.0307 5844 VgaSave - ok
11:36:52.0321 5844 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:36:52.0322 5844 viaagp - ok
11:36:52.0338 5844 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:36:52.0339 5844 ViaC7 - ok
11:36:52.0357 5844 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:36:52.0357 5844 viaide - ok
11:36:52.0375 5844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:36:52.0376 5844 volmgr - ok
11:36:52.0405 5844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:36:52.0407 5844 volmgrx - ok
11:36:52.0441 5844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:36:52.0443 5844 volsnap - ok
11:36:52.0460 5844 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:36:52.0462 5844 vsmraid - ok
11:36:52.0481 5844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:36:52.0482 5844 WacomPen - ok
11:36:52.0499 5844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:52.0500 5844 Wanarp - ok
11:36:52.0509 5844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:52.0510 5844 Wanarpv6 - ok
11:36:52.0528 5844 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:36:52.0529 5844 Wd - ok
11:36:52.0552 5844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:36:52.0557 5844 Wdf01000 - ok
11:36:52.0610 5844 winachsf (0869c31e0ff995bf00628af8c1658e26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:36:52.0615 5844 winachsf - ok
11:36:52.0658 5844 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:36:52.0659 5844 WmiAcpi - ok
11:36:52.0675 5844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:36:52.0676 5844 ws2ifsl - ok
11:36:52.0701 5844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:36:52.0702 5844 WUDFRd - ok
11:36:52.0716 5844 XAudio (bfcc507eca58f11c5fed96e192b878cb) C:\Windows\system32\DRIVERS\xaudio.sys
11:36:52.0717 5844 XAudio - ok
11:36:52.0733 5844 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
11:36:52.0994 5844 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:36:52.0994 5844 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:36:52.0995 5844 Boot (0x1200) (38d7a6d6e549c410b4e534325688f0b6) \Device\Harddisk0\DR0\Partition0
11:36:52.0996 5844 \Device\Harddisk0\DR0\Partition0 - ok
11:36:52.0996 5844 Boot (0x1200) (eca7818b1c3db4c68f3e491248115190) \Device\Harddisk0\DR0\Partition1
11:36:52.0997 5844 \Device\Harddisk0\DR0\Partition1 - ok
11:36:52.0997 5844 ============================================================
11:36:52.0997 5844 Scan finished
11:36:52.0997 5844 ============================================================
11:36:53.0000 5724 Detected object count: 1
11:36:53.0000 5724 Actual detected object count: 1
11:37:47.0278 5724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:37:47.0278 5724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:39:15.0170 4048 Deinitialize success




Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steven A. Jones LC :: LAW-OFFICE [administrator]

2/19/2012 11:41:26 AM
mbam-log-2012-02-19 (11-41-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190807
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 19 February 2012 - 05:36 PM

If Norton still see it then we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users