Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Tidserv Activity


  • This topic is locked This topic is locked
74 replies to this topic

#1 JeepGiant

JeepGiant

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 08 January 2012 - 03:11 PM

I started getting the pop-up that said I was infected with Tidserv Activity 2. I downloaded FixTDSS and ran it and it came back saying that Tidserv was not found on my computer. The computer eventually slows to a crawl and freezes up after about 20-30 minutes. I found your site and hopefully you can help ride me of this.

Here are the files you ask for in your preparation guide.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by stephen brewer at 17:38:06 on 2012-01-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.31 [GMT -5:00]
.
AV: Antivirus Protection *Enabled/Updated* {1508361A-3F12-4b4d-857F-CDDF683E8762}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\WLTRAY.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Antivirus Protection Limited\AntivirusProtection.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm103YYUS&fl=0&ptb=R8jMJQlIeaITtw2mtOCNYQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AntivirzusProtection] c:\program files\antivirus protection limited\AntivirusProtection.exe /tray
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{28E122A6-EB33-48E2-8EF0-BAEF8BAEE099} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-25 14248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-8-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-8-15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111221.003\BHDrvx86.sys [2011-12-21 819320]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-8-14 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-8-15 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-12-17 63048]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-8-15 130008]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-25 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120106.002\IDSXpx86.sys [2012-1-7 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120106.032\NAVENG.SYS [2012-1-7 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120106.032\NAVEX15.SYS [2012-1-7 1576312]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-6-25 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-6-25 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-6-25 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-25 162816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-6 136176]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [2009-11-21 28762]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-25 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-6 136176]
.
=============== Created Last 30 ================
.
2011-12-11 22:29:29 49152 ----a-r- c:\documents and settings\stephen brewer\application data\microsoft\installer\{81a34902-9d0b-4920-a25c-4cdc5d14b328}\NewShortcut6_81A349029D0B4920A25C4CDC5D14B328.exe
2011-12-11 22:29:28 57344 ----a-r- c:\documents and settings\stephen brewer\application data\microsoft\installer\{81a34902-9d0b-4920-a25c-4cdc5d14b328}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2011-12-11 22:29:28 57344 ----a-r- c:\documents and settings\stephen brewer\application data\microsoft\installer\{81a34902-9d0b-4920-a25c-4cdc5d14b328}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2011-12-11 22:28:01 57344 ----a-r- c:\documents and settings\stephen brewer\application data\microsoft\installer\{cc000127-5e5d-4a1c-90cb-eeaaac1e3ac0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2011-12-11 22:28:01 57344 ----a-r- c:\documents and settings\stephen brewer\application data\microsoft\installer\{cc000127-5e5d-4a1c-90cb-eeaaac1e3ac0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2011-12-11 22:27:37 -------- d-----w- c:\program files\Jasc Software Inc
2011-12-11 22:27:37 -------- d-----w- c:\program files\Dell Computer
2011-12-11 22:26:09 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
.
==================== Find3M ====================
.
2012-01-03 22:46:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84DBCEA0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86B79AB8]
3 CLASSPNP[0xF763DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x865FE248]
\Driver\00001467[0x86787D28] -> IRP_MJ_CREATE -> 0x84DBCEA0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 17:40:12.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 09 January 2012 - 10:50 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 11 January 2012 - 06:54 PM

Agent ST
HELP!!!
Now I can't log onto the internet. My computer is telling me to check the modem and/or router but they are both working fine because the desktop is hardwired to the modem and the IPad is working off the router. I even tried plugging directly into the modem and it did not work.
I had no problems with running the tdsskiller and making the log but when I got to the Otl it downloaded and opened ok but stopped responding when I tried the scan. I was going to download it again when I came across the problem of not being able to log on.
I have tried resetting the network password, turned the wireless LAN off and back on and of course booted the computer nine million times. Not sure where else to go from here

PS I understand why you call this bleeping computer

Thank you so much for your help

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 12 January 2012 - 02:31 AM

Hi!

Thank you so much for your help

You're more than welcome!! :)

Now I can't log onto the internet. My computer is telling me to check the modem and/or router but they are both working fine because the desktop is hardwired to the modem and the IPad is working off the router. I even tried plugging directly into the modem and it did not work.

Oh noes!! I'm so sorry to hear that! The infection you have (ZAccess or ZeroAccess) is notorious for messing with various Windows settings. Would you happen to have access to another computer as well as a USB device? That way we could put tools on the flash drive to be run on the infected computer, and then you could save the log to the USB device, and then post the log file back here for me using the clean computer with internet access.

Please let me know.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 12 January 2012 - 10:32 PM

I was hoping you would say something like that! I do have access to a computer and flash drive. I just want to know if there is any risk of infecting that computer and/or the flash drive.
Thanks

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 13 January 2012 - 02:50 AM

Hi!

I was hoping you would say something like that! I do have access to a computer and flash drive. I just want to know if there is any risk of infecting that computer and/or the flash drive.

Yes, there is a risk that you may infect the other computer. It has been known to happen. I don't see it happen all that often. In the 3 years I've been doing this, I can think of one user off hand who has gotten there other computer infected by transferring files from the one computer to the other.

I'll take every precaution that I can to ensure that this doesn't happen, but I can't guarantee that it won't.

What I can do is check your other computer after we get the one without internet fixed, to ensure nothing got transferred over and that it's not infected.

If this sounds okay, please let me know, as well as what operating system the other computer you will be using is.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 13 January 2012 - 05:12 PM

Ok sounds good. The computer I will be using is running Windows Vista, whichI am not really familiar with.
Thanks

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 14 January 2012 - 03:31 AM

Hi!

Okay, well Windows Vista is quite different in comparison to Windows XP. I'm going to do my best to provide clear instructions for completing these tasks.

If my instructions are not clear, please let me know, and I'll try and clear any questions you may have with them.

I'd really like to get a look at the log from when you ran TDSSKiller.

I'm going to ask that you post that log in your next reply as well as some other scans for me.

You should find the TDSSKiller in your C:\ drive. The log file will either look like TDSSKiller.txt or like: TDSSKiller.[Version]_[Date]_[Time]_log.txt


I'd also like to have you download a tool called Farbar Service Scanner. This tool should provide me with some additional information as to where the issue maybe with connecting to the internet.

On the Windows Vista machine please right click on the following link and select Save As (it might also be worded Save Link As depending on what internet browser you use to download it). You should see a Save as box pop up. Please click the drop down menu and find your flash drive and click on it.

You'll now want to press the Save button.

The file should download directly to your flash drive.

Please unplug the flash drive from your Windows Vista machine and go on over to your Windows XP machine.

Plug in your flash drive and go to My Computer > C:\ drive. Locate the TDSSKiller log file and right click on it, select copy, go back to My Computer and locate your flash drive. double click on it to open it, right click any blank area in that window and select paste.

Please now double click on the Farbar Service Scanner file and ensure these options are checked:

Farbar Service Scanner

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please ensure that the FSS.txt log file is in saved on your flash drive.

Unplug your flash drive from the Windows XP machine and go over to the Vista machine.

Plug the flash drive in.

Go to Start > Computer > Locate your flash drive, double click on it, and post both FSS.txt and the TDSSKiller log file in your next reply.

Let me know how that goes.

Kindest Regards,
ST.

Edited by SweetTech, 14 January 2012 - 03:34 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 14 January 2012 - 12:42 PM

Hello
Here are the logs you asked for. Everything seemed to go well.
Thanks again.


Farbar Service Scanner
Ran by stephen brewer (administrator) on 14-01-2012 at 12:36:45
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) PSched(7) SYMTDI(9) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



17:00:33.0843 4304 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:00:35.0859 4304 ============================================================
17:00:35.0859 4304 Current date / time: 2012/01/04 17:00:35.0859
17:00:35.0859 4304 SystemInfo:
17:00:35.0859 4304
17:00:35.0859 4304 OS Version: 5.1.2600 ServicePack: 3.0
17:00:35.0859 4304 Product type: Workstation
17:00:35.0859 4304 ComputerName: MICHAEL
17:00:35.0859 4304 UserName: stephen brewer
17:00:35.0859 4304 Windows directory: C:\WINDOWS
17:00:35.0859 4304 System windows directory: C:\WINDOWS
17:00:35.0859 4304 Processor architecture: Intel x86
17:00:35.0859 4304 Number of processors: 2
17:00:35.0859 4304 Page size: 0x1000
17:00:35.0859 4304 Boot type: Normal boot
17:00:35.0859 4304 ============================================================
17:00:52.0921 4304 Initialize success
17:01:36.0593 5932 ============================================================
17:01:36.0593 5932 Scan started
17:01:36.0593 5932 Mode: Manual;
17:01:36.0593 5932 ============================================================
17:01:43.0375 5932 Abiosdsk - ok
17:01:44.0765 5932 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:01:44.0843 5932 abp480n5 - ok
17:01:45.0078 5932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:45.0140 5932 ACPI - ok
17:01:45.0625 5932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:01:45.0687 5932 ACPIEC - ok
17:01:46.0453 5932 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:01:46.0531 5932 adpu160m - ok
17:01:46.0859 5932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:46.0875 5932 aec - ok
17:01:47.0000 5932 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:01:47.0125 5932 AFD - ok
17:01:47.0250 5932 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:01:47.0265 5932 agp440 - ok
17:01:47.0296 5932 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:01:47.0312 5932 agpCPQ - ok
17:01:47.0359 5932 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:01:47.0375 5932 Aha154x - ok
17:01:47.0421 5932 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:01:47.0421 5932 aic78u2 - ok
17:01:47.0484 5932 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:01:47.0484 5932 aic78xx - ok
17:01:47.0656 5932 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:01:47.0796 5932 AliIde - ok
17:01:47.0812 5932 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:01:47.0828 5932 alim1541 - ok
17:01:48.0062 5932 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:01:48.0203 5932 Ambfilt - ok
17:01:48.0234 5932 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:01:48.0281 5932 amdagp - ok
17:01:48.0328 5932 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:01:48.0390 5932 amsint - ok
17:01:48.0453 5932 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:01:48.0484 5932 asc - ok
17:01:48.0500 5932 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:01:48.0500 5932 asc3350p - ok
17:01:48.0546 5932 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:01:48.0562 5932 asc3550 - ok
17:01:48.0625 5932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:48.0640 5932 AsyncMac - ok
17:01:48.0734 5932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:48.0734 5932 atapi - ok
17:01:48.0828 5932 Atdisk - ok
17:01:48.0937 5932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:48.0953 5932 Atmarpc - ok
17:01:49.0046 5932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:49.0062 5932 audstub - ok
17:01:49.0515 5932 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:01:49.0640 5932 BCM43XX - ok
17:01:49.0906 5932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:49.0906 5932 Beep - ok
17:01:50.0312 5932 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
17:01:50.0343 5932 BHDrvx86 - ok
17:01:50.0531 5932 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:01:50.0562 5932 cbidf - ok
17:01:50.0578 5932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:50.0578 5932 cbidf2k - ok
17:01:50.0703 5932 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:50.0718 5932 CCDECODE - ok
17:01:50.0796 5932 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:01:50.0812 5932 cd20xrnt - ok
17:01:50.0875 5932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:50.0890 5932 Cdaudio - ok
17:01:50.0921 5932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:50.0937 5932 Cdfs - ok
17:01:50.0968 5932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:50.0968 5932 Cdrom - ok
17:01:50.0984 5932 Changer - ok
17:01:51.0062 5932 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:01:51.0062 5932 CmBatt - ok
17:01:51.0109 5932 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:01:51.0109 5932 CmdIde - ok
17:01:51.0156 5932 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:01:51.0156 5932 Compbatt - ok
17:01:51.0203 5932 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:01:51.0203 5932 Cpqarray - ok
17:01:51.0281 5932 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
17:01:51.0359 5932 CtClsFlt - ok
17:01:51.0453 5932 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:01:51.0453 5932 dac2w2k - ok
17:01:51.0484 5932 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:01:51.0500 5932 dac960nt - ok
17:01:51.0531 5932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:51.0531 5932 Disk - ok
17:01:51.0609 5932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:51.0640 5932 dmboot - ok
17:01:51.0671 5932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:01:51.0687 5932 dmio - ok
17:01:51.0718 5932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:51.0718 5932 dmload - ok
17:01:51.0781 5932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:51.0781 5932 DMusic - ok
17:01:51.0828 5932 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:01:51.0828 5932 dpti2o - ok
17:01:51.0875 5932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:51.0906 5932 drmkaud - ok
17:01:52.0109 5932 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:01:52.0125 5932 eeCtrl - ok
17:01:52.0187 5932 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
17:01:52.0250 5932 EMSC - ok
17:01:52.0296 5932 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:01:52.0296 5932 EraserUtilRebootDrv - ok
17:01:52.0375 5932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:52.0421 5932 Fastfat - ok
17:01:52.0453 5932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:01:52.0468 5932 Fdc - ok
17:01:52.0500 5932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:01:52.0500 5932 Fips - ok
17:01:52.0515 5932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:01:52.0515 5932 Flpydisk - ok
17:01:52.0562 5932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:01:52.0562 5932 FltMgr - ok
17:01:52.0625 5932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:52.0625 5932 Fs_Rec - ok
17:01:52.0671 5932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:52.0671 5932 Ftdisk - ok
17:01:52.0750 5932 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:52.0796 5932 GEARAspiWDM - ok
17:01:52.0859 5932 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
17:01:52.0921 5932 GIDv2 - ok
17:01:52.0968 5932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:52.0968 5932 Gpc - ok
17:01:53.0140 5932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:01:53.0140 5932 HDAudBus - ok
17:01:53.0203 5932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:53.0203 5932 hidusb - ok
17:01:53.0296 5932 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:01:53.0296 5932 hpn - ok
17:01:53.0359 5932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:53.0375 5932 HTTP - ok
17:01:53.0437 5932 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:01:53.0453 5932 i2omgmt - ok
17:01:53.0484 5932 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:01:53.0484 5932 i2omp - ok
17:01:53.0531 5932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:53.0546 5932 i8042prt - ok
17:01:53.0828 5932 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:01:54.0140 5932 ialm - ok
17:01:54.0468 5932 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
17:01:54.0531 5932 IDSxpx86 - ok
17:01:54.0968 5932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:55.0015 5932 Imapi - ok
17:01:55.0328 5932 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:01:55.0328 5932 ini910u - ok
17:01:55.0671 5932 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:01:55.0859 5932 IntcAzAudAddService - ok
17:01:55.0953 5932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:01:55.0968 5932 IntelIde - ok
17:01:56.0031 5932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:56.0031 5932 intelppm - ok
17:01:56.0093 5932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:01:56.0093 5932 Ip6Fw - ok
17:01:56.0140 5932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:56.0140 5932 IpFilterDriver - ok
17:01:56.0156 5932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:56.0156 5932 IpInIp - ok
17:01:56.0203 5932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:56.0218 5932 IpNat - ok
17:01:56.0265 5932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:56.0265 5932 IPSec - ok
17:01:56.0312 5932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:56.0328 5932 IRENUM - ok
17:01:56.0390 5932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:56.0390 5932 isapnp - ok
17:01:56.0484 5932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:56.0500 5932 Kbdclass - ok
17:01:56.0531 5932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:56.0531 5932 kbdhid - ok
17:01:56.0656 5932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:56.0703 5932 kmixer - ok
17:01:56.0734 5932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:56.0750 5932 KSecDD - ok
17:01:56.0796 5932 lbrtfdc - ok
17:01:56.0890 5932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:56.0921 5932 mnmdd - ok
17:01:56.0953 5932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:01:56.0953 5932 Modem - ok
17:01:57.0046 5932 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:01:57.0171 5932 Monfilt - ok
17:01:57.0265 5932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:57.0296 5932 Mouclass - ok
17:01:57.0343 5932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:57.0343 5932 mouhid - ok
17:01:57.0390 5932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:57.0406 5932 MountMgr - ok
17:01:57.0453 5932 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:01:57.0453 5932 mraid35x - ok
17:01:57.0484 5932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:57.0500 5932 MRxDAV - ok
17:01:57.0625 5932 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:57.0640 5932 MRxSmb - ok
17:01:57.0734 5932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:57.0734 5932 Msfs - ok
17:01:57.0812 5932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:57.0828 5932 MSKSSRV - ok
17:01:57.0921 5932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:57.0937 5932 MSPCLOCK - ok
17:01:58.0000 5932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:58.0015 5932 MSPQM - ok
17:01:58.0109 5932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:58.0125 5932 mssmbios - ok
17:01:58.0171 5932 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:58.0187 5932 MSTEE - ok
17:01:58.0234 5932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:01:58.0250 5932 Mup - ok
17:01:58.0328 5932 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:58.0328 5932 NABTSFEC - ok
17:01:58.0531 5932 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120103.007\NAVENG.SYS
17:01:58.0531 5932 NAVENG - ok
17:01:58.0640 5932 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120103.007\NAVEX15.SYS
17:01:58.0750 5932 NAVEX15 - ok
17:01:58.0875 5932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:58.0890 5932 NDIS - ok
17:01:58.0953 5932 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:58.0953 5932 NdisIP - ok
17:01:59.0000 5932 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:59.0000 5932 NdisTapi - ok
17:01:59.0046 5932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:59.0062 5932 Ndisuio - ok
17:01:59.0078 5932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:59.0078 5932 NdisWan - ok
17:01:59.0156 5932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:59.0156 5932 NDProxy - ok
17:01:59.0234 5932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:59.0234 5932 NetBIOS - ok
17:01:59.0265 5932 NetBT (58ad2c368698ce0623a51c9301d9b7be) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:59.0281 5932 NetBT - ok
17:01:59.0375 5932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:59.0375 5932 Npfs - ok
17:01:59.0453 5932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:59.0484 5932 Ntfs - ok
17:01:59.0531 5932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:59.0531 5932 Null - ok
17:01:59.0562 5932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:59.0593 5932 NwlnkFlt - ok
17:01:59.0671 5932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:59.0671 5932 NwlnkFwd - ok
17:01:59.0781 5932 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
17:01:59.0828 5932 OA012Afx - ok
17:01:59.0875 5932 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
17:01:59.0890 5932 OA012Ufd - ok
17:01:59.0968 5932 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
17:02:00.0015 5932 OA012Vid - ok
17:02:00.0062 5932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:02:00.0062 5932 Parport - ok
17:02:00.0109 5932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:02:00.0109 5932 PartMgr - ok
17:02:00.0140 5932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:02:00.0156 5932 ParVdm - ok
17:02:00.0187 5932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:02:00.0203 5932 PCI - ok
17:02:00.0218 5932 PCIDump - ok
17:02:00.0250 5932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:02:00.0250 5932 PCIIde - ok
17:02:00.0281 5932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:02:00.0296 5932 Pcmcia - ok
17:02:00.0328 5932 PDCOMP - ok
17:02:00.0359 5932 PDFRAME - ok
17:02:00.0390 5932 PDRELI - ok
17:02:00.0406 5932 PDRFRAME - ok
17:02:00.0468 5932 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:02:00.0484 5932 perc2 - ok
17:02:00.0531 5932 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:02:00.0531 5932 perc2hib - ok
17:02:00.0656 5932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:02:00.0687 5932 PptpMiniport - ok
17:02:00.0718 5932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:02:00.0734 5932 PSched - ok
17:02:00.0750 5932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:02:00.0750 5932 Ptilink - ok
17:02:00.0812 5932 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:02:00.0812 5932 ql1080 - ok
17:02:00.0921 5932 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:02:00.0937 5932 Ql10wnt - ok
17:02:00.0968 5932 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:02:00.0968 5932 ql12160 - ok
17:02:01.0031 5932 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:02:01.0031 5932 ql1240 - ok
17:02:01.0062 5932 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:02:01.0062 5932 ql1280 - ok
17:02:01.0093 5932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:02:01.0109 5932 RasAcd - ok
17:02:01.0171 5932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:02:01.0171 5932 Rasl2tp - ok
17:02:01.0203 5932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:02:01.0203 5932 RasPppoe - ok
17:02:01.0234 5932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:02:01.0234 5932 Raspti - ok
17:02:01.0265 5932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:02:01.0265 5932 Rdbss - ok
17:02:01.0296 5932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:02:01.0296 5932 RDPCDD - ok
17:02:01.0406 5932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:02:01.0421 5932 rdpdr - ok
17:02:01.0484 5932 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:02:01.0484 5932 RDPWD - ok
17:02:01.0531 5932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:02:01.0546 5932 redbook - ok
17:02:01.0656 5932 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
17:02:01.0656 5932 RSUSBSTOR - ok
17:02:01.0734 5932 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:02:01.0734 5932 RTLE8023xp - ok
17:02:01.0812 5932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:02:01.0828 5932 Secdrv - ok
17:02:01.0890 5932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:02:01.0890 5932 Serial - ok
17:02:02.0062 5932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:02:02.0062 5932 Sfloppy - ok
17:02:02.0093 5932 Simbad - ok
17:02:02.0125 5932 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:02:02.0140 5932 sisagp - ok
17:02:02.0203 5932 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:02:02.0203 5932 SLIP - ok
17:02:02.0265 5932 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:02:02.0281 5932 Sparrow - ok
17:02:02.0328 5932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:02:02.0328 5932 splitter - ok
17:02:02.0390 5932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:02:02.0390 5932 sr - ok
17:02:02.0484 5932 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
17:02:02.0515 5932 SRTSP - ok
17:02:02.0640 5932 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
17:02:02.0656 5932 SRTSPX - ok
17:02:02.0828 5932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:02:02.0843 5932 Srv - ok
17:02:03.0281 5932 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:02:03.0281 5932 StillCam - ok
17:02:03.0796 5932 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:02:03.0796 5932 streamip - ok
17:02:03.0859 5932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:02:03.0875 5932 swenum - ok
17:02:04.0000 5932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:02:04.0015 5932 swmidi - ok
17:02:04.0296 5932 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:02:04.0296 5932 symc810 - ok
17:02:04.0468 5932 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:02:04.0484 5932 symc8xx - ok
17:02:04.0593 5932 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
17:02:04.0625 5932 SymDS - ok
17:02:05.0015 5932 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
17:02:05.0562 5932 SymEFA - ok
17:02:06.0375 5932 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:02:06.0453 5932 SymEvent - ok
17:02:06.0578 5932 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
17:02:06.0578 5932 SymIRON - ok
17:02:06.0656 5932 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
17:02:06.0671 5932 SYMTDI - ok
17:02:06.0734 5932 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:02:06.0734 5932 sym_hi - ok
17:02:06.0859 5932 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:02:06.0875 5932 sym_u3 - ok
17:02:07.0000 5932 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:02:07.0031 5932 SynTP - ok
17:02:07.0078 5932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:02:07.0093 5932 sysaudio - ok
17:02:07.0187 5932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:02:07.0203 5932 Tcpip - ok
17:02:07.0343 5932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:02:07.0343 5932 TDPIPE - ok
17:02:07.0390 5932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:02:07.0406 5932 TDTCP - ok
17:02:07.0453 5932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:02:07.0453 5932 TermDD - ok
17:02:07.0500 5932 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:02:07.0515 5932 TosIde - ok
17:02:07.0578 5932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:02:07.0578 5932 Udfs - ok
17:02:07.0671 5932 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:02:07.0671 5932 ultra - ok
17:02:07.0734 5932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:02:07.0750 5932 Update - ok
17:02:07.0875 5932 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:02:07.0906 5932 USBAAPL - ok
17:02:07.0953 5932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:02:07.0953 5932 usbccgp - ok
17:02:08.0015 5932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:02:08.0046 5932 usbehci - ok
17:02:08.0218 5932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:02:08.0234 5932 usbhub - ok
17:02:08.0468 5932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:02:08.0484 5932 usbprint - ok
17:02:08.0671 5932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:02:08.0687 5932 USBSTOR - ok
17:02:09.0000 5932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:02:09.0031 5932 usbuhci - ok
17:02:09.0203 5932 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:02:09.0218 5932 usbvideo - ok
17:02:09.0375 5932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:02:09.0421 5932 VgaSave - ok
17:02:09.0718 5932 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:02:09.0718 5932 viaagp - ok
17:02:10.0031 5932 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:02:10.0046 5932 ViaIde - ok
17:02:10.0093 5932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:02:10.0109 5932 VolSnap - ok
17:02:10.0171 5932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:02:10.0218 5932 Wanarp - ok
17:02:10.0234 5932 wanatw - ok
17:02:10.0343 5932 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:02:10.0468 5932 Wdf01000 - ok
17:02:10.0625 5932 WDICA - ok
17:02:10.0687 5932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:02:10.0718 5932 wdmaud - ok
17:02:11.0703 5932 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:02:11.0734 5932 WSTCODEC - ok
17:02:11.0890 5932 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
17:02:11.0953 5932 \Device\Harddisk0\DR0 - ok
17:02:11.0968 5932 Boot (0x1200) (d5dc9b9279c7dcd7171dd7a92a70272c) \Device\Harddisk0\DR0\Partition0
17:02:11.0968 5932 \Device\Harddisk0\DR0\Partition0 - ok
17:02:11.0968 5932 ============================================================
17:02:11.0968 5932 Scan finished
17:02:11.0968 5932 ============================================================
17:02:12.0093 5920 Detected object count: 0
17:02:12.0093 5920 Actual detected object count: 0
17:02:36.0734 1388 ============================================================
17:02:36.0734 1388 Scan started
17:02:36.0734 1388 Mode: Manual;
17:02:36.0734 1388 ============================================================
17:02:39.0203 1388 Abiosdsk - ok
17:02:39.0593 1388 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:02:39.0609 1388 abp480n5 - ok
17:02:40.0156 1388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:02:40.0156 1388 ACPI - ok
17:02:40.0546 1388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:02:40.0546 1388 ACPIEC - ok
17:02:40.0640 1388 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:02:40.0640 1388 adpu160m - ok
17:02:40.0703 1388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:02:40.0703 1388 aec - ok
17:02:40.0796 1388 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:02:40.0796 1388 AFD - ok
17:02:40.0953 1388 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:02:40.0953 1388 agp440 - ok
17:02:40.0968 1388 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:02:40.0984 1388 agpCPQ - ok
17:02:41.0406 1388 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:02:41.0406 1388 Aha154x - ok
17:02:41.0468 1388 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:02:41.0468 1388 aic78u2 - ok
17:02:41.0500 1388 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:02:41.0515 1388 aic78xx - ok
17:02:41.0593 1388 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:02:41.0593 1388 AliIde - ok
17:02:41.0687 1388 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:02:41.0687 1388 alim1541 - ok
17:02:41.0906 1388 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:02:41.0937 1388 Ambfilt - ok
17:02:41.0984 1388 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:02:41.0984 1388 amdagp - ok
17:02:42.0046 1388 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:02:42.0062 1388 amsint - ok
17:02:42.0093 1388 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:02:42.0093 1388 asc - ok
17:02:42.0218 1388 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:02:42.0218 1388 asc3350p - ok
17:02:42.0312 1388 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:02:42.0312 1388 asc3550 - ok
17:02:42.0390 1388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:02:42.0390 1388 AsyncMac - ok
17:02:42.0453 1388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:02:42.0453 1388 atapi - ok
17:02:42.0578 1388 Atdisk - ok
17:02:42.0734 1388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:02:42.0734 1388 Atmarpc - ok
17:02:42.0781 1388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:02:42.0781 1388 audstub - ok
17:02:43.0500 1388 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:02:43.0531 1388 BCM43XX - ok
17:02:44.0046 1388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:02:44.0046 1388 Beep - ok
17:02:44.0515 1388 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
17:02:44.0531 1388 BHDrvx86 - ok
17:02:45.0312 1388 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:02:45.0312 1388 cbidf - ok
17:02:45.0437 1388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:02:45.0437 1388 cbidf2k - ok
17:02:45.0531 1388 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:02:45.0531 1388 CCDECODE - ok
17:02:45.0593 1388 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:02:45.0593 1388 cd20xrnt - ok
17:02:45.0734 1388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:02:45.0734 1388 Cdaudio - ok
17:02:45.0859 1388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:02:45.0859 1388 Cdfs - ok
17:02:45.0968 1388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:02:45.0968 1388 Cdrom - ok
17:02:46.0343 1388 Changer - ok
17:02:46.0671 1388 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:02:46.0671 1388 CmBatt - ok
17:02:46.0781 1388 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:02:46.0781 1388 CmdIde - ok
17:02:46.0843 1388 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:02:46.0843 1388 Compbatt - ok
17:02:47.0234 1388 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:02:47.0234 1388 Cpqarray - ok
17:02:47.0640 1388 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
17:02:47.0640 1388 CtClsFlt - ok
17:02:47.0765 1388 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:02:47.0765 1388 dac2w2k - ok
17:02:47.0843 1388 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:02:47.0859 1388 dac960nt - ok
17:02:48.0000 1388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:02:48.0000 1388 Disk - ok
17:02:48.0343 1388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:02:48.0359 1388 dmboot - ok
17:02:48.0437 1388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:02:48.0437 1388 dmio - ok
17:02:48.0531 1388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:02:48.0531 1388 dmload - ok
17:02:48.0734 1388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:02:48.0734 1388 DMusic - ok
17:02:49.0750 1388 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:02:49.0750 1388 dpti2o - ok
17:02:50.0109 1388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:02:50.0109 1388 drmkaud - ok
17:02:50.0421 1388 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:02:50.0437 1388 eeCtrl - ok
17:02:50.0500 1388 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
17:02:50.0500 1388 EMSC - ok
17:02:50.0687 1388 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:02:50.0687 1388 EraserUtilRebootDrv - ok
17:02:51.0265 1388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:02:51.0265 1388 Fastfat - ok
17:02:51.0640 1388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:02:51.0640 1388 Fdc - ok
17:02:51.0703 1388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:02:51.0703 1388 Fips - ok
17:02:51.0781 1388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:02:51.0781 1388 Flpydisk - ok
17:02:51.0906 1388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:02:51.0906 1388 FltMgr - ok
17:02:52.0171 1388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:02:52.0171 1388 Fs_Rec - ok
17:02:52.0781 1388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:02:52.0781 1388 Ftdisk - ok
17:02:53.0125 1388 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:02:53.0140 1388 GEARAspiWDM - ok
17:02:53.0578 1388 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
17:02:53.0578 1388 GIDv2 - ok
17:02:53.0765 1388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:02:53.0765 1388 Gpc - ok
17:02:54.0125 1388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:02:54.0125 1388 HDAudBus - ok
17:02:55.0265 1388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:02:55.0265 1388 hidusb - ok
17:02:55.0421 1388 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:02:55.0421 1388 hpn - ok
17:02:55.0875 1388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:02:55.0875 1388 HTTP - ok
17:02:56.0453 1388 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:02:56.0453 1388 i2omgmt - ok
17:02:56.0812 1388 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:02:56.0812 1388 i2omp - ok
17:02:57.0125 1388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:02:57.0125 1388 i8042prt - ok
17:02:57.0718 1388 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:02:57.0796 1388 ialm - ok
17:02:58.0437 1388 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
17:02:58.0437 1388 IDSxpx86 - ok
17:02:58.0937 1388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:02:58.0937 1388 Imapi - ok
17:02:59.0890 1388 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:02:59.0890 1388 ini910u - ok
17:03:00.0843 1388 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:03:00.0921 1388 IntcAzAudAddService - ok
17:03:01.0671 1388 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:03:01.0671 1388 IntelIde - ok
17:03:02.0812 1388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:03:02.0812 1388 intelppm - ok
17:03:03.0156 1388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:03:03.0171 1388 Ip6Fw - ok
17:03:03.0640 1388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:03:03.0640 1388 IpFilterDriver - ok
17:03:04.0078 1388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:03:04.0093 1388 IpInIp - ok
17:03:04.0312 1388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:03:04.0312 1388 IpNat - ok
17:03:04.0515 1388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:03:04.0515 1388 IPSec - ok
17:03:04.0859 1388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:03:04.0859 1388 IRENUM - ok
17:03:06.0156 1388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:03:06.0156 1388 isapnp - ok
17:03:06.0812 1388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:03:06.0812 1388 Kbdclass - ok
17:03:07.0000 1388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:03:07.0015 1388 kbdhid - ok
17:03:07.0234 1388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:03:07.0234 1388 kmixer - ok
17:03:07.0703 1388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:03:07.0703 1388 KSecDD - ok
17:03:08.0140 1388 lbrtfdc - ok
17:03:08.0796 1388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:03:08.0796 1388 mnmdd - ok
17:03:09.0234 1388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:03:09.0234 1388 Modem - ok
17:03:09.0625 1388 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:03:09.0640 1388 Monfilt - ok
17:03:09.0734 1388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:03:09.0734 1388 Mouclass - ok
17:03:10.0062 1388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:03:10.0062 1388 mouhid - ok
17:03:10.0375 1388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:03:10.0375 1388 MountMgr - ok
17:03:10.0828 1388 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:03:10.0828 1388 mraid35x - ok
17:03:11.0343 1388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:03:11.0359 1388 MRxDAV - ok
17:03:11.0843 1388 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:03:11.0843 1388 MRxSmb - ok
17:03:12.0468 1388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:03:12.0468 1388 Msfs - ok
17:03:13.0109 1388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:03:13.0140 1388 MSKSSRV - ok
17:03:13.0546 1388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:03:13.0546 1388 MSPCLOCK - ok
17:03:13.0750 1388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:03:13.0750 1388 MSPQM - ok
17:03:14.0281 1388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:03:14.0281 1388 mssmbios - ok
17:03:14.0734 1388 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:03:14.0734 1388 MSTEE - ok
17:03:15.0062 1388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:03:15.0062 1388 Mup - ok
17:03:15.0796 1388 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:03:15.0796 1388 NABTSFEC - ok
17:03:16.0906 1388 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120103.007\NAVENG.SYS
17:03:16.0906 1388 NAVENG - ok
17:03:17.0031 1388 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120103.007\NAVEX15.SYS
17:03:17.0062 1388 NAVEX15 - ok
17:03:17.0609 1388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:03:17.0625 1388 NDIS - ok
17:03:17.0984 1388 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:03:18.0000 1388 NdisIP - ok
17:03:18.0156 1388 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:03:18.0171 1388 NdisTapi - ok
17:03:18.0609 1388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:03:18.0609 1388 Ndisuio - ok
17:03:18.0859 1388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:03:18.0859 1388 NdisWan - ok
17:03:19.0171 1388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:03:19.0171 1388 NDProxy - ok
17:03:19.0953 1388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:03:19.0953 1388 NetBIOS - ok
17:03:20.0718 1388 NetBT (58ad2c368698ce0623a51c9301d9b7be) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:03:20.0718 1388 NetBT - ok
17:03:22.0687 1388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:03:22.0687 1388 Npfs - ok
17:03:23.0437 1388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:03:23.0437 1388 Ntfs - ok
17:03:24.0125 1388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:03:24.0125 1388 Null - ok
17:03:24.0984 1388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:03:24.0984 1388 NwlnkFlt - ok
17:03:26.0250 1388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:03:26.0250 1388 NwlnkFwd - ok
17:03:27.0046 1388 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
17:03:27.0062 1388 OA012Afx - ok
17:03:27.0750 1388 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
17:03:27.0750 1388 OA012Ufd - ok
17:03:28.0140 1388 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
17:03:28.0140 1388 OA012Vid - ok
17:03:28.0328 1388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:03:28.0328 1388 Parport - ok
17:03:28.0593 1388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:03:28.0593 1388 PartMgr - ok
17:03:28.0734 1388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:03:28.0734 1388 ParVdm - ok
17:03:28.0796 1388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:03:28.0796 1388 PCI - ok
17:03:29.0140 1388 PCIDump - ok
17:03:29.0500 1388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:03:29.0500 1388 PCIIde - ok
17:03:30.0578 1388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:03:30.0578 1388 Pcmcia - ok
17:03:30.0937 1388 PDCOMP - ok
17:03:31.0359 1388 PDFRAME - ok
17:03:31.0531 1388 PDRELI - ok
17:03:31.0812 1388 PDRFRAME - ok
17:03:31.0984 1388 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:03:31.0984 1388 perc2 - ok
17:03:32.0390 1388 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:03:32.0390 1388 perc2hib - ok
17:03:34.0890 1388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:03:34.0890 1388 PptpMiniport - ok
17:03:35.0187 1388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:03:35.0203 1388 PSched - ok
17:03:35.0953 1388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:03:35.0953 1388 Ptilink - ok
17:03:36.0890 1388 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:03:36.0906 1388 ql1080 - ok
17:03:37.0609 1388 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:03:37.0640 1388 Ql10wnt - ok
17:03:38.0203 1388 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:03:38.0203 1388 ql12160 - ok
17:03:38.0515 1388 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:03:38.0531 1388 ql1240 - ok
17:03:38.0859 1388 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:03:38.0890 1388 ql1280 - ok
17:03:39.0343 1388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:03:39.0359 1388 RasAcd - ok
17:03:40.0093 1388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:03:40.0109 1388 Rasl2tp - ok
17:03:40.0890 1388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:03:40.0890 1388 RasPppoe - ok
17:03:41.0187 1388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:03:41.0203 1388 Raspti - ok
17:03:41.0828 1388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:03:41.0828 1388 Rdbss - ok
17:03:42.0234 1388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:03:42.0250 1388 RDPCDD - ok
17:03:42.0734 1388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:03:42.0750 1388 rdpdr - ok
17:03:42.0875 1388 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:03:42.0890 1388 RDPWD - ok
17:03:42.0953 1388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:03:42.0968 1388 redbook - ok
17:03:43.0718 1388 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
17:03:43.0750 1388 RSUSBSTOR - ok
17:03:43.0859 1388 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:03:43.0890 1388 RTLE8023xp - ok
17:03:44.0156 1388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:44.0156 1388 Secdrv - ok
17:03:44.0203 1388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:03:44.0203 1388 Serial - ok
17:03:44.0250 1388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:03:44.0250 1388 Sfloppy - ok
17:03:44.0281 1388 Simbad - ok
17:03:44.0312 1388 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:03:44.0328 1388 sisagp - ok
17:03:44.0562 1388 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:03:44.0562 1388 SLIP - ok
17:03:44.0656 1388 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:03:44.0656 1388 Sparrow - ok
17:03:45.0046 1388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:03:45.0046 1388 splitter - ok
17:03:46.0312 1388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:46.0328 1388 sr - ok
17:03:47.0406 1388 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
17:03:47.0421 1388 SRTSP - ok
17:03:47.0718 1388 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
17:03:47.0734 1388 SRTSPX - ok
17:03:47.0906 1388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:47.0953 1388 Srv - ok
17:03:48.0687 1388 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:03:48.0687 1388 StillCam - ok
17:03:48.0781 1388 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:03:48.0796 1388 streamip - ok
17:03:49.0203 1388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:49.0203 1388 swenum - ok
17:03:49.0687 1388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:03:49.0718 1388 swmidi - ok
17:03:49.0781 1388 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:03:49.0781 1388 symc810 - ok
17:03:50.0125 1388 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:03:50.0125 1388 symc8xx - ok
17:03:50.0406 1388 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
17:03:50.0421 1388 SymDS - ok
17:03:50.0843 1388 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
17:03:50.0875 1388 SymEFA - ok
17:03:51.0421 1388 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:03:51.0421 1388 SymEvent - ok
17:03:51.0484 1388 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
17:03:51.0500 1388 SymIRON - ok
17:03:51.0562 1388 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
17:03:51.0578 1388 SYMTDI - ok
17:03:52.0390 1388 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:03:52.0406 1388 sym_hi - ok
17:03:52.0562 1388 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:03:52.0859 1388 sym_u3 - ok
17:03:52.0953 1388 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:03:53.0250 1388 SynTP - ok
17:03:53.0515 1388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:53.0515 1388 sysaudio - ok
17:03:54.0125 1388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:54.0171 1388 Tcpip - ok
17:03:54.0218 1388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:54.0234 1388 TDPIPE - ok
17:03:54.0859 1388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:54.0859 1388 TDTCP - ok
17:03:55.0015 1388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:55.0015 1388 TermDD - ok
17:03:55.0421 1388 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:03:55.0421 1388 TosIde - ok
17:03:55.0593 1388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:03:55.0609 1388 Udfs - ok
17:03:56.0156 1388 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:03:56.0156 1388 ultra - ok
17:03:56.0343 1388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:03:56.0375 1388 Update - ok
17:03:56.0703 1388 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:03:56.0703 1388 USBAAPL - ok
17:03:56.0875 1388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:56.0875 1388 usbccgp - ok
17:03:56.0937 1388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:56.0937 1388 usbehci - ok
17:03:57.0406 1388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:57.0421 1388 usbhub - ok
17:03:57.0593 1388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:03:57.0593 1388 usbprint - ok
17:03:57.0937 1388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:57.0937 1388 USBSTOR - ok
17:03:58.0281 1388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:58.0281 1388 usbuhci - ok
17:03:58.0421 1388 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:03:58.0421 1388 usbvideo - ok
17:03:58.0968 1388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:03:58.0968 1388 VgaSave - ok
17:03:59.0281 1388 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:03:59.0281 1388 viaagp - ok
17:03:59.0640 1388 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:03:59.0656 1388 ViaIde - ok
17:04:00.0468 1388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:04:00.0468 1388 VolSnap - ok
17:04:01.0156 1388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:04:01.0156 1388 Wanarp - ok
17:04:01.0687 1388 wanatw - ok
17:04:01.0750 1388 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:04:01.0843 1388 Wdf01000 - ok
17:04:02.0390 1388 WDICA - ok
17:04:02.0437 1388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:04:02.0437 1388 wdmaud - ok
17:04:02.0718 1388 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:04:02.0734 1388 WSTCODEC - ok
17:04:02.0937 1388 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
17:04:03.0000 1388 \Device\Harddisk0\DR0 - ok
17:04:03.0421 1388 Boot (0x1200) (d5dc9b9279c7dcd7171dd7a92a70272c) \Device\Harddisk0\DR0\Partition0
17:04:03.0421 1388 \Device\Harddisk0\DR0\Partition0 - ok
17:04:03.0578 1388 ============================================================
17:04:03.0578 1388 Scan finished
17:04:03.0578 1388 ============================================================
17:04:04.0125 4884 Detected object count: 0
17:04:04.0125 4884 Actual detected object count: 0
17:04:10.0250 1536 Deinitialize success

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 15 January 2012 - 03:43 AM

Hi JeepGiant!

You did a great job with my previous instructions!!

I can see where we might have an issue.

For right now I need for you to download the following file on your Vista machine and then transfer it over using your flash drive.

It's a registry file named netbt.reg



You'll want to bring it over to the XP machine.

Please don't run it yet.

We need to first create a back-up of your registry.

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:


Now please proceed with running the netbt.reg registry file. When asked if you want to merge it with your registry please select yes.

Go to Start > Run > type in: cmd.exe then press ENTER.

type in the following bolded commands followed by ENTER.

net start NetBt
net start Dhcp
exit


Let me know how the above goes, and see if that brings back your internet connection.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 15 January 2012 - 07:22 PM

Hello Agent ST
Ok I may be a little confused or did something wrong.
I got the Netbt.reg downloaded and backed up my registry ok and ran Netbt but then it got confusing. I went to the Command Prompt and typed net start NetBt and it came up "The service name is invalid". I typed net start Dhcp and it came up "System Error 1075 has occurred. The dependency service does not exist or has been marked for deletion." I typed just Net Start and it came up "These Windows services are restricted" with a whole list of things. I also tried the internet connection again and it still did not come up, but I didn't expect it to.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 16 January 2012 - 02:56 AM

Hi!

Can you try to reboot your computer and then see if you're able to run those commands with the command prompt?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 16 January 2012 - 04:40 PM

Ok here is what I got this time.
When I typed net start NetBt I got "System Error 1058 has occurred. The service cannot be started, either because it is disabled or because it has no enabled devices associated with it"
When I typed net start Dhcp I got "System error 1068 has occurred. The dependency service or group failed to start"

Fogot to tell you, I rebooted 2 times.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:46 PM

Posted 17 January 2012 - 03:38 AM

Can you do me a favor and run a new scan with Farbar Service Scanner and post the log for me to review?

Also do the following:

Go to Start > Run > copy/paste the following bolded commanded followed by ENTER: netsh winsock reset catalog

Please reboot your computer and see if you're able to connect to the internet.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 JeepGiant

JeepGiant
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 17 January 2012 - 05:44 AM

Good Morning
Here is the FSS log. I am still unable to connect to the internet after following the instructions.
I seem to be experiencing one other problem now. The computer freezes up every time I reboot it. It freezes at Windows is shutting down... and I have to turn it off with the power button, or unplug it and wait for the battery to die. Does this affect it when rebooting?
Thanks

Farbar Service Scanner
Ran by stephen brewer (administrator) on 17-01-2012 at 05:27:03
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(6) PSched(7) SYMTDI(9) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users