Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Activity 2


  • This topic is locked This topic is locked
18 replies to this topic

#1 maf713

maf713

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 19 January 2012 - 08:29 PM

okay, (first time poster here, be gentle), I got the Norton pop-up announcing this threat yesterday morning. took the Symantec link and followed their procedure, running the backdoor tidserve removal tool. while doing this, got XP Home Security 2012 Malware execution, and switched to running in Safe mode (w/o internet); eventually got the blue screen o' death while trying to remove Malware. eventually got back to normal operation, after running tdsskiller and a couple of other things.

late last night the Norton pop-up returned, and also got an email warning from Comcast warning me I have a bot (no kidding!) and I should use Constant Guard. (I'm already, obviously, running the comcast provided Norton Security Suite.)

I think I really need some good advice on how to effectively combat this problem!!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 PM

Posted 19 January 2012 - 09:14 PM

Hi,

Please do the following:



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 19 January 2012 - 11:19 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Michael Fischer at 22:02:12 on 2012-01-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.149 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
svchost.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://home.comcast.net/~wwftd/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com
Trusted Zone: netflix.com\www
Trusted Zone: turbotax.com
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A3EC1140-E7FD-4954-81C1-1D618479E484} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: jkkll - c:\windows\system32\jkkll.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael fischer.hal\application data\mozilla\firefox\profiles\xhkp6cm0.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://home.comcast.net/~wwftd/
FF - plugin: c:\documents and settings\michael fischer.hal\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\michael fischer.hal\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-1-18 26872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-4 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-3 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-14 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-3 136312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120113.002\IDSXpx86.sys [2012-1-14 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120118.019\NAVENG.SYS [2012-1-18 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120118.019\NAVEX15.SYS [2012-1-18 1576312]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2006-1-13 44256]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-14 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-14 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-14 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-14 40552]
.
=============== Created Last 30 ================
.
2012-01-19 01:32:53 -------- d-----w- c:\documents and settings\michael fischer.hal\application data\licenses
2012-01-19 01:32:51 -------- d-----w- c:\documents and settings\michael fischer.hal\application data\PCMM2009
2012-01-19 01:32:48 -------- d-----w- c:\documents and settings\michael fischer.hal\application data\PCMM2011
2012-01-19 01:31:30 -------- d-----w- c:\documents and settings\michael fischer.hal\local settings\application data\Deployment
2012-01-18 22:45:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-18 22:45:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 22:45:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 21:22:39 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-07 06:11:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-07 06:11:39 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-01-07 06:11:39 814040 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-01-07 06:11:39 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-07 06:11:39 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 06:11:39 486360 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-01-07 06:11:39 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 06:11:39 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 06:11:39 2124760 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-01-07 06:11:39 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-01-07 06:11:39 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-01-07 06:11:39 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-12-24 06:05:24 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-12-24 01:08:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 15:47:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-31 15:47:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 15:38:19 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-10-22 15:37:57 56 --sh--r- c:\windows\system32\8FAD55C06E.sys
.
============= FINISH: 22:05:28.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/23/2005 3:58:03 PM
System Uptime: 1/19/2012 6:22:03 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0J8885
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 27.977 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/1/2011 11:03:53 PM - System Checkpoint
RP2: 11/3/2011 8:44:23 AM - System Checkpoint
RP3: 11/4/2011 10:31:30 AM - System Checkpoint
RP4: 11/5/2011 11:45:43 AM - System Checkpoint
RP5: 11/6/2011 3:55:26 PM - System Checkpoint
RP6: 11/8/2011 12:58:15 PM - System Checkpoint
RP7: 11/9/2011 4:52:05 PM - System Checkpoint
RP8: 11/10/2011 10:33:31 AM - Software Distribution Service 3.0
RP9: 11/11/2011 9:43:06 AM - Software Distribution Service 3.0
RP10: 11/12/2011 2:55:40 PM - System Checkpoint
RP11: 11/13/2011 6:59:53 PM - System Checkpoint
RP12: 11/15/2011 11:22:42 AM - System Checkpoint
RP13: 11/16/2011 2:05:48 PM - System Checkpoint
RP14: 11/16/2011 8:33:28 PM - Removed TurboTax ItsDeductible 2005
RP15: 11/16/2011 9:37:54 PM - Removed TurboTax ItsDeductible 2006
RP16: 11/18/2011 7:11:49 AM - System Checkpoint
RP17: 11/18/2011 9:09:36 AM - Restore Operation
RP18: 11/19/2011 9:04:34 AM - System Checkpoint
RP19: 11/20/2011 11:45:14 AM - System Checkpoint
RP20: 11/22/2011 3:23:27 AM - Norton Security Suite Registry
RP21: 11/23/2011 7:50:07 AM - System Checkpoint
RP22: 11/23/2011 3:02:44 PM - Installed ScanSoft OmniPage SE 4
RP23: 11/24/2011 5:40:14 PM - System Checkpoint
RP24: 11/25/2011 11:04:57 AM - Norton Security Suite Registry
RP25: 11/27/2011 10:19:31 AM - System Checkpoint
RP26: 11/29/2011 10:08:24 AM - System Checkpoint
RP27: 11/30/2011 9:56:42 PM - System Checkpoint
RP28: 12/1/2011 10:51:23 PM - System Checkpoint
RP29: 12/3/2011 2:31:43 AM - System Checkpoint
RP30: 12/4/2011 1:20:49 PM - System Checkpoint
RP31: 12/5/2011 1:21:31 PM - System Checkpoint
RP32: 12/6/2011 2:31:40 AM - Norton Security Suite Registry
RP33: 12/7/2011 2:55:52 PM - System Checkpoint
RP34: 12/8/2011 5:34:52 PM - System Checkpoint
RP35: 12/10/2011 7:11:16 PM - System Checkpoint
RP36: 12/12/2011 6:36:55 AM - System Checkpoint
RP37: 12/13/2011 10:20:14 AM - System Checkpoint
RP38: 12/14/2011 11:20:12 AM - System Checkpoint
RP39: 12/15/2011 9:51:45 AM - Software Distribution Service 3.0
RP40: 12/16/2011 10:09:55 AM - Software Distribution Service 3.0
RP41: 12/17/2011 3:00:36 AM - Software Distribution Service 3.0
RP42: 12/17/2011 8:34:01 AM - Software Distribution Service 3.0
RP43: 12/18/2011 4:25:55 PM - System Checkpoint
RP44: 12/19/2011 8:16:42 PM - System Checkpoint
RP45: 12/20/2011 8:45:35 PM - System Checkpoint
RP46: 12/21/2011 9:45:47 PM - System Checkpoint
RP47: 12/23/2011 11:56:23 AM - System Checkpoint
RP48: 12/24/2011 3:50:03 PM - System Checkpoint
RP49: 12/25/2011 8:11:21 PM - System Checkpoint
RP50: 12/26/2011 10:51:38 PM - System Checkpoint
RP51: 12/28/2011 12:25:08 PM - System Checkpoint
RP52: 12/29/2011 2:52:53 PM - System Checkpoint
RP53: 12/30/2011 6:04:50 PM - System Checkpoint
RP54: 12/31/2011 5:55:45 AM - Software Distribution Service 3.0
RP55: 1/1/2012 10:22:30 AM - System Checkpoint
RP56: 1/2/2012 10:38:04 AM - System Checkpoint
RP57: 1/3/2012 11:39:33 AM - System Checkpoint
RP58: 1/4/2012 11:58:43 AM - System Checkpoint
RP59: 1/5/2012 12:32:15 PM - System Checkpoint
RP60: 1/6/2012 1:07:07 PM - System Checkpoint
RP61: 1/7/2012 1:11:10 PM - System Checkpoint
RP62: 1/8/2012 2:01:11 PM - System Checkpoint
RP63: 1/9/2012 5:33:15 PM - System Checkpoint
RP64: 1/10/2012 6:20:19 PM - System Checkpoint
RP65: 1/11/2012 6:50:34 PM - System Checkpoint
RP66: 1/12/2012 4:20:03 PM - Software Distribution Service 3.0
RP67: 1/13/2012 9:33:22 AM - Software Distribution Service 3.0
RP68: 1/14/2012 6:35:18 AM - Software Distribution Service 3.0
RP69: 1/15/2012 11:40:40 AM - System Checkpoint
RP70: 1/18/2012 9:58:25 PM - Norton Security Suite Registry
.
==== Installed Programs ======================
.
.
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Amazon Kindle For PC
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell System Restore
DellSupport
DXG-568
ESPNMotion
Google Chrome
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Integrated Performance Primitives RTI 4.0
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
InterActual Player
Internet Explorer Default Page
iPod for Windows 2005-06-26
iTunes
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java™ 6 Update 22
KhalInstallWrapper
KhalSetup
Logitech Desktop Messenger
Logitech SetPoint
Logitech Updater
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.60.0.1800
Merriam-Webster's Collegiate D
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Move Media Player
Mozilla Firefox 10.0 (x86 en-US)
Mozilla Firefox 9.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MyWay Search Assistant
Netflix Movie Viewer
Netscape Browser (remove only)
Norton Security Suite
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
PC MightyMax -- This will fix the problem you are experiencing opening programs on your PC.
PermissionTV Minneapolis PL Player 3.14
PIXMA Extended Survey Program
PowerDVD 5.5
Presto! Mr. Photo 3
Qualxserve Service Agreement
QuickTime
RealPlayer
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Smart Start UP
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
TBS WMP Plug-in
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmniper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmniper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmniper
TurboTax 2010 wrapper
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Veetle TV 0.9.18
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/18/2012 4:00:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/18/2012 3:51:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
1/18/2012 3:51:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 3:51:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 3:51:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 3:51:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2012 3:12:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/18/2012 12:23:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/18/2012 12:23:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm mfehidk SRTSPX SymIRON SYMTDI
1/18/2012 12:23:27 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2012 10:50:38 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/18/2012 10:21:09 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
1/18/2012 10:11:46 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2012 10:11:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/17/2012 2:36:49 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2012 11:36:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
1/16/2012 9:28:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
1/16/2012 9:28:19 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2012 9:28:19 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
1/16/2012 1:35:44 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
1/15/2012 7:52:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/15/2012 7:52:02 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/15/2012 2:23:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
1/15/2012 2:23:36 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2012 2:23:35 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/15/2012 2:22:56 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2012 2:22:55 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
1/15/2012 2:22:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Remote Registry service to connect.
1/15/2012 2:22:26 PM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2012 2:06:17 PM, error: TermService [1036] - Terminal Server session creation failed. The relevant status code was 0x102.
1/15/2012 1:55:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
1/12/2012 4:14:32 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#4 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 01:18 AM

I got a blue screen o.d. during the AVAST scan, so I didn't get the log file. I'm going to re-attempt the scan in safe mode..

#5 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 01:48 AM

I can't get through a full scan now, but I am seeing one corrupted driver being displayed by AVAST

@ C:\windows\system32\drivers\mrxsmb.sys win32:Alureon-APK

plus a couple of other 'red lines' which don't scream 'error' to me.

I can probably capture a screen shot of this if I rerun the scan again.. can I attach a screen shot (via a doc file or something) here?

also, should I record the blue screen data?

edit: googling mrxsmb.sys gives lots of virus hits, but every one I've tried has been re-directed to some sales pitch.. part of the virus!?

Edited by maf713, 20 January 2012 - 02:05 AM.


#6 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 03:45 AM

here's the (partial) log, for the drivers portion of the scan (see above)

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 02:14:26
-----------------------------
02:14:26.781 OS Version: Windows 5.1.2600 Service Pack 3
02:14:26.781 Number of processors: 2 586 0x401
02:14:26.781 ComputerName: HAL UserName:
02:14:29.359 Initialize success
02:15:13.078 AVAST engine defs: 12011902
02:16:03.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
02:16:03.343 Disk 0 Vendor: SAMSUNG_HD080HJ WT100-33 Size: 76293MB BusType: 3
02:16:03.390 Disk 0 MBR read successfully
02:16:03.406 Disk 0 MBR scan
02:16:03.609 Disk 0 unknown MBR code
02:16:03.625 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
02:16:03.687 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71468 MB offset 112455
02:16:03.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
02:16:03.765 Disk 0 scanning sectors +156232125
02:16:03.937 Disk 0 scanning C:\WINDOWS\system32\drivers
02:16:15.968 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-APK [Rtk]
02:16:26.109 Disk 0 trace - called modules:
02:16:26.171 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82d2eff0]<<
02:16:26.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f7fab8]
02:16:26.343 3 CLASSPNP.SYS[f84f8fd7] -> nt!IofCallDriver -> [0x82d52830]
02:16:26.453 \Driver\00000926[0x82d7f450] -> IRP_MJ_CREATE -> 0x82d2eff0
02:16:28.437 AVAST engine scan C:\WINDOWS
02:17:57.906 AVAST engine scan C:\WINDOWS\system32
02:21:52.984 AVAST engine scan C:\WINDOWS\system32\drivers
02:22:10.625 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Alureon-APK [Rtk]
02:22:25.687 AVAST engine scan C:\Documents and Settings\Michael Fischer.HAL
02:24:01.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael Fischer.HAL\Desktop\MBR.dat"
02:24:02.156 The log file has been saved successfully to "C:\Documents and Settings\Michael Fischer.HAL\Desktop\aswMBR.txt"

#7 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 03:48 AM

the scan finally completed, with no additional flags.

Edited by maf713, 20 January 2012 - 04:25 AM.


#8 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 04:23 AM

here's mbr.zip..Attached File  MBR.zip   576bytes   0 downloads

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 PM

Posted 20 January 2012 - 05:08 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 05:10 PM

I ran a windows search to find all the instances of mrxsmb.sys and found multiple instances of it.
I don't know how to capture the results of this search - 'Save Search' just seems to capture the empty search window!
anyway, I took a screen shot of the results, which I can zip and post here or I could send to you.

what I learned from this search (not much) is that this 'driver' has been included in several SPs/updates since 2005.
the most recent update, and the one flagged as corrupted by AVAST, is dated 07/15/2011 - and this version was evidently archived by the tdssKiller tool on our first removal attempt. (but it returned)

there are four(4) instances with the 7/15 date. it looks like the original was from update
KB2536276-v2\SP3QFE
the other 3 are in system32\drivers (as flagged by AVAST), driver cache\i386, and fixtdss\archive
these three are all the same size, and I assume actually the same file; but different from the update size - I don't think this is truly significant though.

edit: just saw your previous reply after posting this..

Edited by maf713, 20 January 2012 - 05:15 PM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 PM

Posted 20 January 2012 - 05:38 PM

:thumbup2: ComboFix should take care of that infected file

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 05:50 PM

do I need to run tdsskiller again, since the thing returned since the previous run? should I be running these tools in safe mode, or attempting to run them normally?!

Edited by maf713, 20 January 2012 - 05:52 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:51 PM

Posted 20 January 2012 - 05:54 PM

Please run ComboFix in Normal mode (if you can please post the TDSSKiller log as well)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 09:34 PM

here is the tdsskiller log (from 1/18 - I'm still unsure whether I should rerun this!

19:15:16.0468 1560 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
19:15:16.0781 1560 ============================================================
19:15:16.0781 1560 Current date / time: 2012/01/18 19:15:16.0781
19:15:16.0781 1560 SystemInfo:
19:15:16.0781 1560
19:15:16.0781 1560 OS Version: 5.1.2600 ServicePack: 3.0
19:15:16.0781 1560 Product type: Workstation
19:15:16.0781 1560 ComputerName: HAL
19:15:16.0781 1560 UserName: Administrator
19:15:16.0781 1560 Windows directory: C:\WINDOWS
19:15:16.0781 1560 System windows directory: C:\WINDOWS
19:15:16.0781 1560 Processor architecture: Intel x86
19:15:16.0781 1560 Number of processors: 2
19:15:16.0781 1560 Page size: 0x1000
19:15:16.0781 1560 Boot type: Safe boot
19:15:16.0781 1560 ============================================================
19:15:20.0187 1560 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:15:20.0484 1560 Initialize success
19:15:26.0281 1576 ============================================================
19:15:26.0281 1576 Scan started
19:15:26.0281 1576 Mode: Manual;
19:15:26.0281 1576 ============================================================
19:15:28.0984 1576 Abiosdsk - ok
19:15:29.0390 1576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:15:29.0437 1576 abp480n5 - ok
19:15:30.0062 1576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:30.0125 1576 ACPI - ok
19:15:30.0453 1576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:15:30.0484 1576 ACPIEC - ok
19:15:31.0031 1576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:15:31.0078 1576 adpu160m - ok
19:15:31.0593 1576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:15:31.0750 1576 aec - ok
19:15:32.0203 1576 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:15:32.0281 1576 AFD - ok
19:15:32.0843 1576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:15:32.0906 1576 agp440 - ok
19:15:33.0546 1576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:15:33.0734 1576 agpCPQ - ok
19:15:34.0218 1576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:15:34.0281 1576 Aha154x - ok
19:15:34.0796 1576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:15:34.0812 1576 aic78u2 - ok
19:15:35.0187 1576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:15:35.0234 1576 aic78xx - ok
19:15:35.0750 1576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:15:35.0750 1576 AliIde - ok
19:15:36.0203 1576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:15:36.0250 1576 alim1541 - ok
19:15:36.0890 1576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:15:36.0921 1576 amdagp - ok
19:15:37.0281 1576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:15:37.0296 1576 amsint - ok
19:15:37.0968 1576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:15:38.0015 1576 asc - ok
19:15:38.0468 1576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:15:38.0484 1576 asc3350p - ok
19:15:38.0984 1576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:15:39.0000 1576 asc3550 - ok
19:15:39.0562 1576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:39.0671 1576 AsyncMac - ok
19:15:40.0062 1576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:40.0062 1576 atapi - ok
19:15:40.0453 1576 Atdisk - ok
19:15:41.0796 1576 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:15:42.0296 1576 ati2mtag - ok
19:15:43.0000 1576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:43.0031 1576 Atmarpc - ok
19:15:43.0765 1576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:43.0781 1576 audstub - ok
19:15:44.0218 1576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:15:44.0234 1576 Beep - ok
19:15:45.0171 1576 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
19:15:45.0781 1576 BHDrvx86 - ok
19:15:46.0531 1576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:15:46.0562 1576 cbidf - ok
19:15:47.0078 1576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:47.0078 1576 cbidf2k - ok
19:15:47.0515 1576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:15:47.0531 1576 CCDECODE - ok
19:15:48.0078 1576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:15:48.0093 1576 cd20xrnt - ok
19:15:48.0718 1576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:48.0718 1576 Cdaudio - ok
19:15:49.0187 1576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:49.0218 1576 Cdfs - ok
19:15:49.0781 1576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:49.0812 1576 Cdrom - ok
19:15:50.0156 1576 Changer - ok
19:15:51.0171 1576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:15:51.0187 1576 CmdIde - ok
19:15:51.0734 1576 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:15:51.0765 1576 CoachUsb - ok
19:15:52.0296 1576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:15:52.0312 1576 Cpqarray - ok
19:15:52.0921 1576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:15:53.0015 1576 dac2w2k - ok
19:15:53.0531 1576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:15:53.0546 1576 dac960nt - ok
19:15:54.0062 1576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:54.0093 1576 Disk - ok
19:15:55.0046 1576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:15:55.0343 1576 dmboot - ok
19:15:55.0984 1576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:15:56.0062 1576 dmio - ok
19:15:56.0484 1576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:15:56.0500 1576 dmload - ok
19:15:57.0062 1576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:15:57.0093 1576 DMusic - ok
19:15:57.0500 1576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:15:57.0515 1576 dpti2o - ok
19:15:58.0046 1576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:58.0062 1576 drmkaud - ok
19:15:58.0812 1576 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:15:58.0906 1576 drvmcdb - ok
19:16:00.0437 1576 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
19:16:00.0453 1576 drvnddm - ok
19:16:01.0203 1576 DSCVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
19:16:01.0250 1576 DSCVc - ok
19:16:01.0843 1576 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:16:01.0906 1576 DSproct - ok
19:16:02.0421 1576 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:16:02.0437 1576 dsunidrv - ok
19:16:02.0984 1576 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:16:03.0062 1576 E100B - ok
19:16:03.0406 1576 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:16:03.0703 1576 eeCtrl - ok
19:16:04.0093 1576 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:16:04.0156 1576 EraserUtilRebootDrv - ok
19:16:04.0968 1576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:16:05.0031 1576 Fastfat - ok
19:16:05.0515 1576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:16:05.0531 1576 Fdc - ok
19:16:06.0078 1576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:16:06.0109 1576 Fips - ok
19:16:06.0593 1576 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
19:16:06.0703 1576 FixTDSS - ok
19:16:07.0250 1576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:16:07.0265 1576 Flpydisk - ok
19:16:07.0875 1576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:16:07.0953 1576 FltMgr - ok
19:16:08.0484 1576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:16:08.0500 1576 Fs_Rec - ok
19:16:09.0109 1576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:16:09.0171 1576 Ftdisk - ok
19:16:09.0593 1576 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:16:09.0593 1576 GEARAspiWDM - ok
19:16:10.0046 1576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:16:10.0062 1576 Gpc - ok
19:16:10.0671 1576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:16:10.0671 1576 HDAudBus - ok
19:16:11.0125 1576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:16:11.0125 1576 HidUsb - ok
19:16:11.0703 1576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:16:11.0750 1576 hpn - ok
19:16:12.0234 1576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:16:12.0359 1576 HTTP - ok
19:16:12.0750 1576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:16:12.0765 1576 i2omgmt - ok
19:16:13.0078 1576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:16:13.0078 1576 i2omp - ok
19:16:13.0390 1576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:16:13.0406 1576 i8042prt - ok
19:16:14.0000 1576 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSxpx86.sys
19:16:14.0171 1576 IDSxpx86 - ok
19:16:14.0656 1576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:16:14.0671 1576 Imapi - ok
19:16:15.0062 1576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:16:15.0062 1576 ini910u - ok
19:16:15.0437 1576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:16:15.0437 1576 IntelIde - ok
19:16:15.0765 1576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:16:15.0812 1576 intelppm - ok
19:16:16.0140 1576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:16:16.0203 1576 Ip6Fw - ok
19:16:16.0562 1576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:16:16.0578 1576 IpFilterDriver - ok
19:16:16.0906 1576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:16:16.0906 1576 IpInIp - ok
19:16:17.0265 1576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:16:17.0328 1576 IpNat - ok
19:16:17.0796 1576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:16:17.0828 1576 IPSec - ok
19:16:18.0218 1576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:16:18.0234 1576 IRENUM - ok
19:16:18.0562 1576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:16:18.0578 1576 isapnp - ok
19:16:18.0875 1576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:16:18.0890 1576 Kbdclass - ok
19:16:19.0234 1576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:16:19.0250 1576 kbdhid - ok
19:16:19.0703 1576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:16:19.0781 1576 kmixer - ok
19:16:20.0203 1576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:16:20.0281 1576 KSecDD - ok
19:16:20.0843 1576 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:16:20.0890 1576 Lavasoft Kernexplorer - ok
19:16:21.0328 1576 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:16:21.0375 1576 Lbd - ok
19:16:21.0718 1576 lbrtfdc - ok
19:16:22.0312 1576 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:16:22.0343 1576 LHidFilt - ok
19:16:22.0812 1576 LHidKe (6a255dcbb15d429a545d0f8fc1427970) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
19:16:22.0843 1576 LHidKe - ok
19:16:23.0250 1576 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:16:23.0250 1576 LMouFilt - ok
19:16:23.0609 1576 LMouKE (e468833fcb45eced741ba18c5e6116e8) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
19:16:23.0625 1576 LMouKE - ok
19:16:23.0937 1576 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
19:16:23.0953 1576 LUsbFilt - ok
19:16:24.0375 1576 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:16:24.0421 1576 mfeavfk - ok
19:16:24.0843 1576 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
19:16:24.0859 1576 mfebopk - ok
19:16:25.0375 1576 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
19:16:25.0453 1576 mfehidk - ok
19:16:25.0875 1576 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
19:16:25.0906 1576 mferkdk - ok
19:16:26.0265 1576 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
19:16:26.0281 1576 mfesmfk - ok
19:16:26.0671 1576 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:16:26.0671 1576 MHNDRV - ok
19:16:27.0000 1576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:16:27.0015 1576 mnmdd - ok
19:16:27.0343 1576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:16:27.0359 1576 Modem - ok
19:16:27.0734 1576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:16:27.0750 1576 Mouclass - ok
19:16:28.0078 1576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:16:28.0078 1576 mouhid - ok
19:16:28.0421 1576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:16:28.0437 1576 MountMgr - ok
19:16:28.0765 1576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:16:28.0781 1576 mraid35x - ok
19:16:29.0140 1576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:16:29.0187 1576 MRxDAV - ok
19:16:29.0718 1576 MRxSmb (45250d529bfd0d2cdd79329425195083) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:16:29.0875 1576 MRxSmb - ok
19:16:30.0234 1576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:16:30.0250 1576 Msfs - ok
19:16:30.0578 1576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:16:30.0578 1576 MSKSSRV - ok
19:16:30.0921 1576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:16:30.0937 1576 MSPCLOCK - ok
19:16:31.0234 1576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:16:31.0234 1576 MSPQM - ok
19:16:31.0546 1576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:16:31.0546 1576 mssmbios - ok
19:16:31.0828 1576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:16:31.0843 1576 MSTEE - ok
19:16:32.0281 1576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:16:32.0328 1576 Mup - ok
19:16:32.0718 1576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:16:32.0750 1576 NABTSFEC - ok
19:16:33.0031 1576 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVENG.SYS
19:16:33.0062 1576 NAVENG - ok
19:16:33.0656 1576 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVEX15.SYS
19:16:34.0171 1576 NAVEX15 - ok
19:16:34.0546 1576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:16:34.0609 1576 NDIS - ok
19:16:34.0906 1576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:16:34.0921 1576 NdisIP - ok
19:16:35.0312 1576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:16:35.0328 1576 NdisTapi - ok
19:16:35.0687 1576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:16:35.0703 1576 Ndisuio - ok
19:16:36.0125 1576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:16:36.0156 1576 NdisWan - ok
19:16:36.0546 1576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:16:36.0562 1576 NDProxy - ok
19:16:36.0875 1576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:16:36.0890 1576 NetBIOS - ok
19:16:37.0265 1576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:16:37.0328 1576 NetBT - ok
19:16:38.0218 1576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:16:38.0234 1576 Npfs - ok
19:16:38.0953 1576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:16:39.0125 1576 Ntfs - ok
19:16:39.0453 1576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:16:39.0453 1576 Null - ok
19:16:40.0656 1576 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:16:41.0437 1576 nv - ok
19:16:41.0890 1576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:16:41.0921 1576 NwlnkFlt - ok
19:16:42.0437 1576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:16:42.0453 1576 NwlnkFwd - ok
19:16:42.0875 1576 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
19:16:42.0890 1576 omci - ok
19:16:43.0296 1576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:16:43.0328 1576 Parport - ok
19:16:43.0687 1576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:16:43.0718 1576 PartMgr - ok
19:16:44.0218 1576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:16:44.0234 1576 ParVdm - ok
19:16:44.0859 1576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:16:44.0890 1576 PCI - ok
19:16:45.0203 1576 PCIDump - ok
19:16:45.0734 1576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:16:45.0750 1576 PCIIde - ok
19:16:46.0328 1576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:16:46.0390 1576 Pcmcia - ok
19:16:46.0703 1576 PDCOMP - ok
19:16:47.0171 1576 PDFRAME - ok
19:16:47.0484 1576 PDRELI - ok
19:16:47.0796 1576 PDRFRAME - ok
19:16:48.0296 1576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:16:48.0296 1576 perc2 - ok
19:16:48.0640 1576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:16:48.0640 1576 perc2hib - ok
19:16:49.0062 1576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:16:49.0093 1576 PptpMiniport - ok
19:16:49.0406 1576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:16:49.0437 1576 PSched - ok
19:16:49.0796 1576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:16:49.0812 1576 Ptilink - ok
19:16:50.0343 1576 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:16:50.0375 1576 PxHelp20 - ok
19:16:50.0765 1576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:16:50.0812 1576 ql1080 - ok
19:16:51.0218 1576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:16:51.0250 1576 Ql10wnt - ok
19:16:51.0812 1576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:16:51.0828 1576 ql12160 - ok
19:16:52.0406 1576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:16:52.0421 1576 ql1240 - ok
19:16:52.0734 1576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:16:52.0781 1576 ql1280 - ok
19:16:53.0156 1576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:16:53.0156 1576 RasAcd - ok
19:16:53.0515 1576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:16:53.0531 1576 Rasl2tp - ok
19:16:53.0984 1576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:16:54.0015 1576 RasPppoe - ok
19:16:54.0390 1576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:16:54.0406 1576 Raspti - ok
19:16:54.0843 1576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:16:54.0937 1576 Rdbss - ok
19:16:55.0296 1576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:16:55.0328 1576 RDPCDD - ok
19:16:55.0843 1576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:16:55.0968 1576 rdpdr - ok
19:16:56.0500 1576 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:16:56.0609 1576 RDPWD - ok
19:16:57.0125 1576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:16:57.0140 1576 redbook - ok
19:16:57.0640 1576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:16:57.0671 1576 Secdrv - ok
19:16:58.0187 1576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:16:58.0218 1576 serenum - ok
19:16:58.0656 1576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:16:58.0687 1576 Serial - ok
19:16:59.0203 1576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:16:59.0218 1576 Sfloppy - ok
19:16:59.0640 1576 Simbad - ok
19:17:00.0062 1576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:17:00.0078 1576 sisagp - ok
19:17:00.0515 1576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:17:00.0531 1576 SLIP - ok
19:17:01.0468 1576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:17:01.0484 1576 Sparrow - ok
19:17:02.0046 1576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:17:02.0062 1576 splitter - ok
19:17:02.0656 1576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:17:02.0718 1576 sr - ok
19:17:03.0312 1576 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
19:17:03.0578 1576 SRTSP - ok
19:17:04.0046 1576 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
19:17:04.0093 1576 SRTSPX - ok
19:17:04.0609 1576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:17:04.0765 1576 Srv - ok
19:17:05.0281 1576 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:17:05.0281 1576 sscdbhk5 - ok
19:17:05.0796 1576 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
19:17:05.0812 1576 ssrtln - ok
19:17:06.0250 1576 STHDA (6b14c6e98f752ebbab24a4e0bd0f3a24) C:\WINDOWS\system32\drivers\sthda.sys
19:17:06.0343 1576 STHDA - ok
19:17:06.0953 1576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:17:06.0984 1576 streamip - ok
19:17:07.0343 1576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:17:07.0343 1576 swenum - ok
19:17:07.0750 1576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:17:07.0765 1576 swmidi - ok
19:17:08.0187 1576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:17:08.0203 1576 symc810 - ok
19:17:08.0578 1576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:17:08.0593 1576 symc8xx - ok
19:17:09.0125 1576 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
19:17:09.0312 1576 SymDS - ok
19:17:09.0953 1576 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
19:17:10.0281 1576 SymEFA - ok
19:17:10.0765 1576 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:17:10.0843 1576 SymEvent - ok
19:17:11.0375 1576 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
19:17:11.0437 1576 SymIRON - ok
19:17:12.0125 1576 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
19:17:12.0281 1576 SYMTDI - ok
19:17:12.0687 1576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:17:12.0703 1576 sym_hi - ok
19:17:13.0109 1576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:17:13.0125 1576 sym_u3 - ok
19:17:13.0609 1576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:17:13.0640 1576 sysaudio - ok
19:17:14.0281 1576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:17:14.0468 1576 Tcpip - ok
19:17:14.0921 1576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:17:14.0968 1576 TDPIPE - ok
19:17:15.0421 1576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:17:15.0437 1576 TDTCP - ok
19:17:15.0812 1576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:17:15.0843 1576 TermDD - ok
19:17:16.0250 1576 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
19:17:16.0281 1576 tfsnboio - ok
19:17:16.0640 1576 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
19:17:16.0640 1576 tfsncofs - ok
19:17:16.0984 1576 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
19:17:17.0000 1576 tfsndrct - ok
19:17:17.0359 1576 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
19:17:17.0375 1576 tfsndres - ok
19:17:17.0703 1576 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
19:17:17.0765 1576 tfsnifs - ok
19:17:18.0093 1576 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
19:17:18.0093 1576 tfsnopio - ok
19:17:18.0453 1576 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
19:17:18.0468 1576 tfsnpool - ok
19:17:18.0953 1576 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
19:17:19.0015 1576 tfsnudf - ok
19:17:19.0390 1576 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:17:19.0437 1576 tfsnudfa - ok
19:17:19.0906 1576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:17:19.0906 1576 TosIde - ok
19:17:20.0281 1576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:17:20.0296 1576 Udfs - ok
19:17:20.0625 1576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:17:20.0640 1576 ultra - ok
19:17:21.0062 1576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:17:21.0203 1576 Update - ok
19:17:21.0578 1576 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:17:21.0593 1576 USBAAPL - ok
19:17:21.0921 1576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:17:21.0937 1576 usbccgp - ok
19:17:22.0234 1576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:17:22.0250 1576 usbehci - ok
19:17:22.0546 1576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:17:22.0562 1576 usbhub - ok
19:17:22.0937 1576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:17:22.0953 1576 usbprint - ok
19:17:23.0312 1576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:17:23.0312 1576 usbscan - ok
19:17:23.0656 1576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:17:23.0687 1576 USBSTOR - ok
19:17:24.0046 1576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:17:24.0062 1576 usbuhci - ok
19:17:24.0515 1576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:17:24.0515 1576 VgaSave - ok
19:17:24.0890 1576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:17:24.0937 1576 viaagp - ok
19:17:25.0265 1576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:17:25.0265 1576 ViaIde - ok
19:17:25.0703 1576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:17:25.0750 1576 VolSnap - ok
19:17:26.0218 1576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:17:26.0234 1576 Wanarp - ok
19:17:26.0531 1576 wanatw - ok
19:17:27.0078 1576 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:17:27.0078 1576 Wdf01000 - ok
19:17:27.0437 1576 WDICA - ok
19:17:27.0937 1576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:17:27.0968 1576 wdmaud - ok
19:17:28.0562 1576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:17:28.0593 1576 WSTCODEC - ok
19:17:29.0000 1576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:17:29.0062 1576 WudfPf - ok
19:17:29.0421 1576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:17:29.0453 1576 WudfRd - ok
19:17:29.0718 1576 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
19:17:29.0734 1576 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:17:29.0734 1576 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:17:29.0796 1576 Boot (0x1200) (f7635e90b3a11be4cc7c2094995bedc9) \Device\Harddisk0\DR0\Partition0
19:17:29.0796 1576 \Device\Harddisk0\DR0\Partition0 - ok
19:17:29.0796 1576 ============================================================
19:17:29.0796 1576 Scan finished
19:17:29.0796 1576 ============================================================
19:17:29.0843 1568 Detected object count: 1
19:17:29.0843 1568 Actual detected object count: 1
19:18:12.0421 1568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
19:18:12.0421 1568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
19:18:36.0750 1612 ============================================================
19:18:36.0750 1612 Scan started
19:18:36.0750 1612 Mode: Manual; SigCheck; TDLFS;
19:18:36.0750 1612 ============================================================
19:18:37.0343 1612 Abiosdsk - ok
19:18:37.0671 1612 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:18:38.0078 1612 abp480n5 - ok
19:18:38.0437 1612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:18:38.0640 1612 ACPI - ok
19:18:38.0953 1612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:18:39.0125 1612 ACPIEC - ok
19:18:39.0453 1612 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:18:39.0640 1612 adpu160m - ok
19:18:39.0984 1612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:18:40.0187 1612 aec - ok
19:18:40.0562 1612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:18:40.0640 1612 AFD - ok
19:18:40.0968 1612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:18:41.0171 1612 agp440 - ok
19:18:41.0468 1612 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:18:41.0671 1612 agpCPQ - ok
19:18:41.0984 1612 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:18:42.0078 1612 Aha154x - ok
19:18:42.0375 1612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:18:42.0578 1612 aic78u2 - ok
19:18:42.0890 1612 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:18:43.0078 1612 aic78xx - ok
19:18:43.0390 1612 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:18:43.0578 1612 AliIde - ok
19:18:43.0906 1612 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:18:44.0109 1612 alim1541 - ok
19:18:44.0421 1612 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:18:44.0640 1612 amdagp - ok
19:18:44.0937 1612 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:18:45.0046 1612 amsint - ok
19:18:45.0375 1612 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:18:45.0562 1612 asc - ok
19:18:45.0875 1612 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:18:45.0984 1612 asc3350p - ok
19:18:46.0281 1612 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:18:46.0484 1612 asc3550 - ok
19:18:46.0921 1612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:18:47.0109 1612 AsyncMac - ok
19:18:47.0437 1612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:18:47.0625 1612 atapi - ok
19:18:47.0890 1612 Atdisk - ok
19:18:48.0546 1612 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:18:48.0859 1612 ati2mtag - ok
19:18:49.0187 1612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:18:49.0390 1612 Atmarpc - ok
19:18:49.0703 1612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:18:49.0906 1612 audstub - ok
19:18:50.0234 1612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:18:50.0421 1612 Beep - ok
19:18:50.0937 1612 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
19:18:51.0296 1612 BHDrvx86 - ok
19:18:51.0703 1612 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:18:51.0937 1612 cbidf - ok
19:18:52.0218 1612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:18:52.0421 1612 cbidf2k - ok
19:18:52.0734 1612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:18:52.0921 1612 CCDECODE - ok
19:18:53.0234 1612 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:18:53.0328 1612 cd20xrnt - ok
19:18:53.0640 1612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:18:53.0843 1612 Cdaudio - ok
19:18:54.0140 1612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:18:54.0328 1612 Cdfs - ok
19:18:54.0625 1612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:18:54.0843 1612 Cdrom - ok
19:18:55.0109 1612 Changer - ok
19:18:55.0468 1612 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:18:55.0656 1612 CmdIde - ok
19:18:56.0000 1612 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:18:56.0031 1612 CoachUsb - ok
19:18:56.0359 1612 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:18:56.0578 1612 Cpqarray - ok
19:18:56.0953 1612 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:18:57.0140 1612 dac2w2k - ok
19:18:57.0453 1612 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:18:57.0625 1612 dac960nt - ok
19:18:57.0953 1612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:18:58.0140 1612 Disk - ok
19:18:58.0703 1612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:18:59.0078 1612 dmboot - ok
19:18:59.0421 1612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:18:59.0625 1612 dmio - ok
19:18:59.0921 1612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:19:00.0109 1612 dmload - ok
19:19:00.0437 1612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:19:00.0640 1612 DMusic - ok
19:19:00.0953 1612 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:19:01.0156 1612 dpti2o - ok
19:19:01.0468 1612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:19:01.0656 1612 drmkaud - ok
19:19:02.0015 1612 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:19:02.0015 1612 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:19:02.0015 1612 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:19:02.0312 1612 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
19:19:02.0359 1612 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:19:02.0359 1612 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:19:02.0687 1612 DSCVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
19:19:02.0796 1612 DSCVc - ok
19:19:02.0984 1612 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:19:03.0015 1612 DSproct ( UnsignedFile.Multi.Generic ) - warning
19:19:03.0015 1612 DSproct - detected UnsignedFile.Multi.Generic (1)
19:19:03.0328 1612 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:19:03.0390 1612 dsunidrv - ok
19:19:03.0750 1612 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:19:03.0828 1612 E100B - ok
19:19:04.0031 1612 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:19:04.0140 1612 eeCtrl - ok
19:19:04.0265 1612 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:19:04.0296 1612 EraserUtilRebootDrv - ok
19:19:04.0687 1612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:19:04.0890 1612 Fastfat - ok
19:19:05.0234 1612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:19:05.0453 1612 Fdc - ok
19:19:05.0750 1612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:19:05.0953 1612 Fips - ok
19:19:06.0281 1612 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
19:19:06.0296 1612 FixTDSS - ok
19:19:06.0593 1612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:19:06.0812 1612 Flpydisk - ok
19:19:07.0140 1612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:19:07.0328 1612 FltMgr - ok
19:19:07.0656 1612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:19:07.0875 1612 Fs_Rec - ok
19:19:08.0187 1612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:19:08.0406 1612 Ftdisk - ok
19:19:08.0734 1612 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:19:08.0750 1612 GEARAspiWDM - ok
19:19:09.0078 1612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:19:09.0265 1612 Gpc - ok
19:19:09.0640 1612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:19:09.0843 1612 HDAudBus - ok
19:19:10.0171 1612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:19:10.0375 1612 HidUsb - ok
19:19:10.0687 1612 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:19:10.0875 1612 hpn - ok
19:19:11.0281 1612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:19:11.0375 1612 HTTP - ok
19:19:11.0687 1612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:19:11.0875 1612 i2omgmt - ok
19:19:12.0171 1612 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:19:12.0375 1612 i2omp - ok
19:19:12.0671 1612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:19:12.0906 1612 i8042prt - ok
19:19:13.0234 1612 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSxpx86.sys
19:19:13.0328 1612 IDSxpx86 - ok
19:19:13.0656 1612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:19:13.0875 1612 Imapi - ok
19:19:14.0218 1612 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:19:14.0421 1612 ini910u - ok
19:19:14.0750 1612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:19:14.0953 1612 IntelIde - ok
19:19:15.0265 1612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:19:15.0453 1612 intelppm - ok
19:19:15.0781 1612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:19:15.0953 1612 Ip6Fw - ok
19:19:16.0250 1612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:19:16.0468 1612 IpFilterDriver - ok
19:19:16.0765 1612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:19:16.0953 1612 IpInIp - ok
19:19:17.0312 1612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:19:17.0515 1612 IpNat - ok
19:19:17.0859 1612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:19:18.0062 1612 IPSec - ok
19:19:18.0359 1612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:19:18.0546 1612 IRENUM - ok
19:19:18.0906 1612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:19:19.0109 1612 isapnp - ok
19:19:19.0406 1612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:19:19.0609 1612 Kbdclass - ok
19:19:19.0921 1612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:19:20.0109 1612 kbdhid - ok
19:19:20.0468 1612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:19:20.0671 1612 kmixer - ok
19:19:21.0062 1612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:19:21.0218 1612 KSecDD - ok
19:19:21.0437 1612 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:19:21.0453 1612 Lavasoft Kernexplorer - ok
19:19:21.0796 1612 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:19:21.0812 1612 Lbd - ok
19:19:22.0093 1612 lbrtfdc - ok
19:19:22.0468 1612 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:19:22.0484 1612 LHidFilt - ok
19:19:22.0796 1612 LHidKe (6a255dcbb15d429a545d0f8fc1427970) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
19:19:22.0812 1612 LHidKe ( UnsignedFile.Multi.Generic ) - warning
19:19:22.0812 1612 LHidKe - detected UnsignedFile.Multi.Generic (1)
19:19:23.0156 1612 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:19:23.0171 1612 LMouFilt - ok
19:19:23.0515 1612 LMouKE (e468833fcb45eced741ba18c5e6116e8) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
19:19:23.0515 1612 LMouKE ( UnsignedFile.Multi.Generic ) - warning
19:19:23.0515 1612 LMouKE - detected UnsignedFile.Multi.Generic (1)
19:19:23.0828 1612 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
19:19:23.0859 1612 LUsbFilt - ok
19:19:24.0218 1612 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:19:24.0234 1612 mfeavfk - ok
19:19:24.0562 1612 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
19:19:24.0578 1612 mfebopk - ok
19:19:24.0968 1612 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
19:19:25.0000 1612 mfehidk - ok
19:19:25.0312 1612 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
19:19:25.0328 1612 mferkdk - ok
19:19:25.0640 1612 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
19:19:25.0656 1612 mfesmfk - ok
19:19:26.0000 1612 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:19:26.0015 1612 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
19:19:26.0015 1612 MHNDRV - detected UnsignedFile.Multi.Generic (1)
19:19:26.0328 1612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:19:26.0531 1612 mnmdd - ok
19:19:26.0875 1612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:19:27.0062 1612 Modem - ok
19:19:27.0406 1612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:19:27.0593 1612 Mouclass - ok
19:19:27.0921 1612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:19:28.0125 1612 mouhid - ok
19:19:28.0437 1612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:19:28.0656 1612 MountMgr - ok
19:19:28.0953 1612 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:19:29.0125 1612 mraid35x - ok
19:19:29.0484 1612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:19:29.0671 1612 MRxDAV - ok
19:19:30.0125 1612 MRxSmb (45250d529bfd0d2cdd79329425195083) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:19:30.0218 1612 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
19:19:30.0218 1612 MRxSmb - detected UnsignedFile.Multi.Generic (1)
19:19:30.0546 1612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:19:30.0718 1612 Msfs - ok
19:19:31.0062 1612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:19:31.0250 1612 MSKSSRV - ok
19:19:31.0546 1612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:19:31.0750 1612 MSPCLOCK - ok
19:19:32.0062 1612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:19:32.0265 1612 MSPQM - ok
19:19:32.0562 1612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:19:32.0750 1612 mssmbios - ok
19:19:33.0031 1612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:19:33.0218 1612 MSTEE - ok
19:19:33.0562 1612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:19:33.0687 1612 Mup - ok
19:19:34.0015 1612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:19:34.0218 1612 NABTSFEC - ok
19:19:34.0531 1612 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVENG.SYS
19:19:34.0546 1612 NAVENG - ok
19:19:35.0125 1612 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVEX15.SYS
19:19:35.0562 1612 NAVEX15 - ok
19:19:35.0937 1612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:19:36.0140 1612 NDIS - ok
19:19:36.0421 1612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:19:36.0625 1612 NdisIP - ok
19:19:36.0968 1612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:19:37.0046 1612 NdisTapi - ok
19:19:37.0343 1612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:19:37.0546 1612 Ndisuio - ok
19:19:37.0875 1612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:19:38.0078 1612 NdisWan - ok
19:19:38.0390 1612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:19:38.0468 1612 NDProxy - ok
19:19:38.0765 1612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:19:38.0968 1612 NetBIOS - ok
19:19:39.0328 1612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:19:39.0531 1612 NetBT - ok
19:19:39.0921 1612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:19:40.0109 1612 Npfs - ok
19:19:40.0593 1612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:19:40.0875 1612 Ntfs - ok
19:19:41.0203 1612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:19:41.0406 1612 Null - ok
19:19:42.0328 1612 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:19:42.0906 1612 nv - ok
19:19:43.0218 1612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:19:43.0421 1612 NwlnkFlt - ok
19:19:43.0718 1612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:19:43.0906 1612 NwlnkFwd - ok
19:19:44.0218 1612 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
19:19:44.0218 1612 omci ( UnsignedFile.Multi.Generic ) - warning
19:19:44.0218 1612 omci - detected UnsignedFile.Multi.Generic (1)
19:19:44.0562 1612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:19:44.0781 1612 Parport - ok
19:19:45.0078 1612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:19:45.0296 1612 PartMgr - ok
19:19:45.0578 1612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:19:45.0781 1612 ParVdm - ok
19:19:46.0078 1612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:19:46.0281 1612 PCI - ok
19:19:46.0546 1612 PCIDump - ok
19:19:46.0859 1612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:19:47.0062 1612 PCIIde - ok
19:19:47.0390 1612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:19:47.0562 1612 Pcmcia - ok
19:19:47.0843 1612 PDCOMP - ok
19:19:48.0125 1612 PDFRAME - ok
19:19:48.0421 1612 PDRELI - ok
19:19:48.0703 1612 PDRFRAME - ok
19:19:49.0015 1612 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:19:49.0218 1612 perc2 - ok
19:19:49.0515 1612 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:19:49.0718 1612 perc2hib - ok
19:19:50.0125 1612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:19:50.0296 1612 PptpMiniport - ok
19:19:50.0609 1612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:19:50.0828 1612 PSched - ok
19:19:51.0109 1612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:19:51.0312 1612 Ptilink - ok
19:19:51.0593 1612 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:19:51.0625 1612 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:19:51.0625 1612 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:19:51.0953 1612 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:19:52.0140 1612 ql1080 - ok
19:19:52.0453 1612 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:19:52.0656 1612 Ql10wnt - ok
19:19:52.0968 1612 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:19:53.0140 1612 ql12160 - ok
19:19:53.0437 1612 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:19:53.0625 1612 ql1240 - ok
19:19:53.0937 1612 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:19:54.0156 1612 ql1280 - ok
19:19:54.0468 1612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:19:54.0656 1612 RasAcd - ok
19:19:54.0968 1612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:19:55.0156 1612 Rasl2tp - ok
19:19:55.0468 1612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:19:55.0656 1612 RasPppoe - ok
19:19:55.0953 1612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:19:56.0156 1612 Raspti - ok
19:19:56.0515 1612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:19:56.0703 1612 Rdbss - ok
19:19:56.0984 1612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:19:57.0171 1612 RDPCDD - ok
19:19:57.0562 1612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:19:57.0781 1612 rdpdr - ok
19:19:58.0156 1612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:19:58.0218 1612 RDPWD - ok
19:19:58.0546 1612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:19:58.0734 1612 redbook - ok
19:19:59.0187 1612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:19:59.0390 1612 Secdrv - ok
19:19:59.0703 1612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:19:59.0906 1612 serenum - ok
19:20:00.0234 1612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:20:00.0437 1612 Serial - ok
19:20:00.0781 1612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:20:00.0953 1612 Sfloppy - ok
19:20:01.0265 1612 Simbad - ok
19:20:01.0578 1612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:20:01.0765 1612 sisagp - ok
19:20:02.0062 1612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:20:02.0234 1612 SLIP - ok
19:20:02.0546 1612 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:20:02.0656 1612 Sparrow - ok
19:20:02.0968 1612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:20:03.0156 1612 splitter - ok
19:20:03.0500 1612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:20:03.0687 1612 sr - ok
19:20:04.0281 1612 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
19:20:04.0390 1612 SRTSP - ok
19:20:04.0718 1612 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
19:20:04.0734 1612 SRTSPX - ok
19:20:05.0171 1612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:20:05.0343 1612 Srv - ok
19:20:05.0640 1612 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:20:05.0671 1612 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:20:05.0671 1612 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:20:05.0984 1612 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
19:20:06.0000 1612 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:20:06.0000 1612 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:20:06.0390 1612 STHDA (6b14c6e98f752ebbab24a4e0bd0f3a24) C:\WINDOWS\system32\drivers\sthda.sys
19:20:06.0453 1612 STHDA - ok
19:20:06.0796 1612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:20:06.0984 1612 streamip - ok
19:20:07.0312 1612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:20:07.0484 1612 swenum - ok
19:20:07.0828 1612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:20:08.0015 1612 swmidi - ok
19:20:08.0343 1612 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:20:08.0546 1612 symc810 - ok
19:20:08.0843 1612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:20:09.0062 1612 symc8xx - ok
19:20:09.0500 1612 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
19:20:09.0593 1612 SymDS - ok
19:20:10.0140 1612 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
19:20:10.0328 1612 SymEFA - ok
19:20:10.0687 1612 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:20:10.0718 1612 SymEvent - ok
19:20:11.0078 1612 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
19:20:11.0093 1612 SymIRON - ok
19:20:11.0515 1612 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
19:20:11.0609 1612 SYMTDI - ok
19:20:11.0953 1612 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:20:12.0156 1612 sym_hi - ok
19:20:12.0453 1612 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:20:12.0656 1612 sym_u3 - ok
19:20:13.0000 1612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:20:13.0187 1612 sysaudio - ok
19:20:13.0656 1612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:20:13.0859 1612 Tcpip - ok
19:20:14.0171 1612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:20:14.0359 1612 TDPIPE - ok
19:20:14.0656 1612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:20:14.0859 1612 TDTCP - ok
19:20:15.0171 1612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:20:15.0343 1612 TermDD - ok
19:20:15.0671 1612 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
19:20:15.0687 1612 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:20:15.0687 1612 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:20:15.0968 1612 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
19:20:15.0984 1612 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:20:15.0984 1612 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:20:16.0250 1612 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
19:20:16.0265 1612 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:20:16.0265 1612 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:20:16.0562 1612 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
19:20:16.0578 1612 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:20:16.0578 1612 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:20:16.0890 1612 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
19:20:16.0921 1612 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:20:16.0921 1612 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:20:17.0187 1612 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
19:20:17.0218 1612 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:20:17.0218 1612 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:20:17.0484 1612 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
19:20:17.0515 1612 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:20:17.0515 1612 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:20:17.0843 1612 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
19:20:17.0875 1612 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:20:17.0875 1612 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:20:18.0171 1612 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:20:18.0187 1612 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:20:18.0187 1612 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:20:18.0531 1612 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:20:18.0718 1612 TosIde - ok
19:20:19.0109 1612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:20:19.0281 1612 Udfs - ok
19:20:19.0593 1612 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:20:19.0671 1612 ultra - ok
19:20:20.0109 1612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:20:20.0375 1612 Update - ok
19:20:20.0750 1612 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:20:20.0859 1612 USBAAPL - ok
19:20:21.0171 1612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:20:21.0375 1612 usbccgp - ok
19:20:21.0703 1612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:20:21.0921 1612 usbehci - ok
19:20:22.0250 1612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:20:22.0421 1612 usbhub - ok
19:20:22.0765 1612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:20:22.0968 1612 usbprint - ok
19:20:23.0281 1612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:20:23.0484 1612 usbscan - ok
19:20:23.0796 1612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:20:24.0000 1612 USBSTOR - ok
19:20:24.0312 1612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:20:24.0515 1612 usbuhci - ok
19:20:24.0812 1612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:20:25.0015 1612 VgaSave - ok
19:20:25.0312 1612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:20:25.0531 1612 viaagp - ok
19:20:25.0859 1612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:20:26.0046 1612 ViaIde - ok
19:20:26.0359 1612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:26.0546 1612 VolSnap - ok
19:20:26.0906 1612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:27.0109 1612 Wanarp - ok
19:20:27.0375 1612 wanatw - ok
19:20:27.0906 1612 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:20:28.0000 1612 Wdf01000 - ok
19:20:28.0281 1612 WDICA - ok
19:20:28.0609 1612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:28.0812 1612 wdmaud - ok
19:20:29.0343 1612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:20:29.0531 1612 WSTCODEC - ok
19:20:29.0859 1612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:20:29.0937 1612 WudfPf - ok
19:20:30.0265 1612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:20:30.0312 1612 WudfRd - ok
19:20:30.0437 1612 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
19:20:30.0453 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:20:30.0453 1612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:20:30.0562 1612 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:20:30.0562 1612 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:20:30.0609 1612 Boot (0x1200) (f7635e90b3a11be4cc7c2094995bedc9) \Device\Harddisk0\DR0\Partition0
19:20:30.0609 1612 \Device\Harddisk0\DR0\Partition0 - ok
19:20:30.0609 1612 ============================================================
19:20:30.0609 1612 Scan finished
19:20:30.0609 1612 ============================================================
19:20:30.0750 1604 Detected object count: 22
19:20:30.0750 1604 Actual detected object count: 22
19:21:05.0578 1604 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0578 1604 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0578 1604 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0578 1604 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0593 1604 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0593 1604 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0609 1604 LHidKe ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0609 1604 LHidKe ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0625 1604 LMouKE ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0625 1604 LMouKE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0640 1604 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0640 1604 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0656 1604 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0656 1604 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0656 1604 omci ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0656 1604 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0671 1604 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0671 1604 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0687 1604 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0687 1604 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0703 1604 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0703 1604 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0718 1604 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0718 1604 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0734 1604 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0734 1604 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0750 1604 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0750 1604 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0750 1604 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0750 1604 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0765 1604 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0765 1604 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0781 1604 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0781 1604 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0796 1604 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0796 1604 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0812 1604 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0812 1604 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0828 1604 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:05.0828 1604 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:05.0859 1604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:21:05.0859 1604 \Device\Harddisk0\DR0 - ok
19:21:05.0859 1604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:21:05.0859 1604 \Device\Harddisk0\DR0\TDLFS - deleted
19:21:05.0859 1604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
19:21:14.0953 1556 Deinitialize success

#15 maf713

maf713
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 20 January 2012 - 09:40 PM

from this log it looks like mrxsmb.sys only got a warning, and 'cure' ran on something different




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users