Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
28 replies to this topic

#1 Jr6x

Jr6x

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 26 April 2012 - 12:36 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Owner at 18:38:00 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.60 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm381YYus&ptb=5CE92650-C134-47E9-AF5B-A0D244D1029A
uInternet Settings,ProxyOverride = local;*.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.2.10\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.2.10\coIEPlg.dll
TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
TB: {719D74AB-1AF9-43A1-8C62-D8750628D93E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\run_startmenu.cmd
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279754964859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1F7C8CC2-A5B9-4F37-B650-8B631DA5270F} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\v0i82lgr.default\
FF - prefs.js: browser.startup.homepage - Yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\christmasholidaylaughs_4mei\installr\1.bin\NP4mEISb.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306020.00a\symds.sys [2012-4-4 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306020.00a\symefa.sys [2012-4-4 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-17 820856]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys [2012-4-4 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys [2012-4-4 149624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-3 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120404.002\IDSXpx86.sys [2012-4-4 356280]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120404.019\NAVENG.SYS [2012-4-4 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120404.019\NAVEX15.SYS [2012-4-4 1576312]
S1 MpKsl62a86370;MpKsl62a86370;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{811b1580-9627-4c6d-9b5a-669089b795fc}\mpksl62a86370.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{811b1580-9627-4c6d-9b5a-669089b795fc}\MpKsl62a86370.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-10-24 25728]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-4-6 45344]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-8-2 36928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-11 27064]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-10-24 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-10-24 108032]
.
=============== Created Last 30 ================
.
2012-04-05 05:57:17 388216 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symtdi.sys
2012-04-05 05:57:17 345208 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symtdiv.sys
2012-04-05 05:57:16 318584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symnets.sys
2012-04-05 05:57:15 905336 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symefa.sys
2012-04-05 05:57:15 340088 ----a-r- c:\windows\system32\drivers\nis\1306020.00a\symds.sys
2012-04-05 05:57:15 32888 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtspx.sys
2012-04-05 05:57:14 574584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtsp.sys
2012-04-05 05:57:14 149624 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys
2012-04-05 05:57:13 132744 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys
2012-04-05 05:55:41 4782 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symvtcer.dat
2012-04-05 05:55:41 -------- d-----w- c:\windows\system32\drivers\nis\1306020.00A
2012-04-03 07:43:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-03 07:43:10 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-03 07:43:10 -------- d-----w- c:\program files\Symantec
2012-04-03 07:39:15 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-03 07:39:04 -------- d-----w- c:\program files\Norton Internet Security
2012-03-27 04:00:07 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo
2012-03-26 09:14:05 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-03-26 09:14:05 715736 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-03-22 20:18:05 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-22 20:18:05 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-22 01:17:39 -------- d-----w- c:\program files\iolo
2012-03-22 01:17:39 -------- d-----w- c:\documents and settings\all users\application data\iolo
2012-03-15 07:02:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-14 22:17:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 22:17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-03-21 09:23:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-15 07:01:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:40:55.09 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2010 3:42:22 PM
System Uptime: 4/10/2012 1:09:08 PM (5 hours ago)
.
Motherboard: Intel Corporation | | D865GVHZ
Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 24.096 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.668 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP424: 1/12/2012 6:41:59 PM - System Checkpoint
RP425: 1/15/2012 9:31:25 PM - System Checkpoint
RP426: 1/20/2012 6:54:18 PM - System Checkpoint
RP427: 1/24/2012 3:01:44 AM - Software Distribution Service 3.0
RP428: 1/25/2012 5:27:49 AM - System Checkpoint
RP429: 1/25/2012 5:58:46 PM - Software Distribution Service 3.0
RP430: 1/27/2012 1:35:50 PM - System Checkpoint
RP431: 2/1/2012 1:16:01 AM - Removed Fantapper Player
RP432: 2/2/2012 3:28:28 PM - System Checkpoint
RP433: 2/4/2012 2:06:24 PM - System Checkpoint
RP434: 2/5/2012 2:23:13 PM - System Checkpoint
RP435: 2/6/2012 11:01:52 PM - System Checkpoint
RP436: 2/8/2012 1:43:30 PM - System Checkpoint
RP437: 2/10/2012 9:50:38 AM - System Checkpoint
RP438: 2/15/2012 3:01:38 AM - Software Distribution Service 3.0
RP439: 2/15/2012 5:11:46 PM - Software Distribution Service 3.0
RP440: 2/16/2012 12:44:33 AM - Software Distribution Service 3.0
RP441: 2/20/2012 2:51:12 PM - System Checkpoint
RP442: 2/22/2012 5:53:15 PM - System Checkpoint
RP443: 2/25/2012 9:53:14 PM - System Checkpoint
RP444: 2/27/2012 10:29:18 AM - Installed iTunes
RP445: 3/1/2012 2:36:34 AM - System Checkpoint
RP446: 3/3/2012 3:07:47 PM - System Checkpoint
RP447: 3/5/2012 4:39:41 PM - System Checkpoint
RP448: 3/8/2012 12:31:31 AM - System Checkpoint
RP449: 3/10/2012 7:41:07 PM - System Checkpoint
RP450: 3/11/2012 10:57:30 PM - System Checkpoint
RP451: 3/12/2012 11:57:34 PM - System Checkpoint
RP452: 3/14/2012 10:26:27 AM - System Checkpoint
RP453: 3/14/2012 11:58:32 PM - Removed Java™ 6 Update 18
RP454: 3/15/2012 12:00:59 AM - Installed Java™ 6 Update 31
RP455: 3/15/2012 3:01:20 AM - Software Distribution Service 3.0
RP456: 3/16/2012 8:21:28 PM - System Checkpoint
RP457: 3/18/2012 3:05:37 AM - System Checkpoint
RP458: 3/20/2012 12:17:27 AM - System Checkpoint
RP459: 3/22/2012 10:12:16 AM - System Checkpoint
RP460: 3/24/2012 5:27:19 AM - System Checkpoint
RP461: 3/26/2012 1:31:13 AM - Restore Operation
RP462: 3/28/2012 2:03:09 PM - System Checkpoint
RP463: 3/30/2012 10:43:59 AM - System Checkpoint
RP464: 3/31/2012 11:20:02 AM - System Checkpoint
RP465: 4/1/2012 9:39:26 PM - System Checkpoint
RP466: 4/4/2012 2:51:30 PM - System Checkpoint
RP467: 4/6/2012 1:25:49 PM - System Checkpoint
RP468: 4/7/2012 4:28:58 PM - System Checkpoint
RP469: 4/8/2012 6:26:38 PM - System Checkpoint
RP470: 4/9/2012 10:00:05 PM - System Checkpoint
RP471: 4/10/2012 6:17:46 PM - Removed Ask Toolbar.
RP472: 4/10/2012 6:22:54 PM - Removed Ask Toolbar.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AOL Toolbar
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aTube Catcher
Bonjour
CCleaner
Digital Camera Device Driver
Digital Media Reader
DivX Setup
Download Updater (AOL LLC)
FM Screen Capture Codec (Remove Only)
FrostWire 4.21.8
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
Intel® Network Connections 14.0.40.0
Internet Download Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.60.1.1000
ManyCam 2.6.55 (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 5.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
MySpaceIM
Nero BurnRights
Nero OEM
Norton Internet Security
PowerDVD
proXPN 2.4.9
QuickTime
Realtek AC'97 Audio
Recuva
Revo Uninstaller Pro 2.5.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
System Requirements Lab for Intel
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
WBFS Manager 3.0
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WinRAR archiver
Xiph QuickTime Components
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/6/2012 11:00:28 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
4/6/2012 11:00:28 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
4/6/2012 10:54:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS IPSec MRxSmb NetBT Rdbss SymIRON SYMTDI Tcpip
4/6/2012 10:54:33 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2012 10:54:33 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
4/6/2012 10:54:33 AM, error: Service Control Manager [7000] - The X4HSX32 service failed to start due to the following error: The system cannot find the path specified.
4/4/2012 9:08:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/3/2012 12:28:33 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
4/10/2012 6:17:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 26 April 2012 - 01:08 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 27 April 2012 - 06:22 PM

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.1.102.63
Adobe Reader X (10.1.1)
Mozilla Firefox (5.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

ComboFix 12-04-27.01 - Owner 04/27/2012 1:51.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.203 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\bookmarks.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\clients.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\forms.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\history.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\passwords.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\prefs.json
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\weave\toFetch\tabs.json
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-25 09:12 . 2012-04-25 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-04-21 05:36 . 2012-04-24 00:13 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-03 07:43 . 2012-04-05 05:58 -------- d-----w- c:\program files\Symantec
2012-04-03 07:43 . 2012-04-05 05:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-03 07:43 . 2012-04-05 05:58 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-03 07:39 . 2012-04-24 17:16 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-03 07:39 . 2012-04-03 07:39 -------- d-----w- c:\program files\Norton Internet Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 09:23 . 2011-06-21 23:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-15 07:01 . 2012-03-15 07:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-15 07:01 . 2011-05-14 08:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-26 16:11 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-26 16:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-26 16:11 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-26 16:11 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-26 16:12 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2012-03-26 08:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
run_startmenu.cmd [2004-10-11 45]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-19 06:00 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-07-22 08:05 3171760 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 21:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 14:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-10-18 21:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/24/2012 12:13 AM 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [4/24/2012 12:09 AM 132744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/3/2012 4:22 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120423.001\IDSXpx86.sys [4/24/2012 12:23 AM 356280]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S1 MpKsl62a86370;MpKsl62a86370;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811B1580-9627-4C6D-9B5A-669089B795FC}\MpKsl62a86370.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811B1580-9627-4C6D-9B5A-669089B795FC}\MpKsl62a86370.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [10/24/2011 11:39 AM 25728]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [4/6/2009 8:13 PM 45344]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/2/2010 1:29 AM 36928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2011 5:52 AM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 23:25]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 23:25]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882975283-9876242-1659485762-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 06:00]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882975283-9876242-1659485762-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 06:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm381YYus&ptb=5CE92650-C134-47E9-AF5B-A0D244D1029A
uInternet Settings,ProxyOverride = local;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3014000&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Radio 1.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 02:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):96,fe,c7,34,ae,a6,f0,47,de,db,a5,9b,5b,9e,e8,f7,21,66,b1,91,6e,
d8,72,75,17,9b,a7,e8,bf,6b,8d,57,d6,3f,57,99,8b,f8,3c,9d,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\idmmbc.dll
.
Completion time: 2012-04-27 02:22:04
ComboFix-quarantined-files.txt 2012-04-27 09:21
.
Pre-Run: 25,742,487,552 bytes free
Post-Run: 25,768,210,432 bytes free
.
- - End Of File - - 214E55BA28EB654EBFA2B1FAB26DD75E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 27 April 2012 - 08:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 28 April 2012 - 05:44 AM

03:26:38.0437 0216 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
03:26:40.0468 0216 ============================================================
03:26:40.0468 0216 Current date / time: 2012/04/28 03:26:40.0468
03:26:40.0468 0216 SystemInfo:
03:26:40.0468 0216
03:26:40.0468 0216 OS Version: 5.1.2600 ServicePack: 3.0
03:26:40.0468 0216 Product type: Workstation
03:26:40.0468 0216 ComputerName: COMPUTER
03:26:40.0484 0216 UserName: Owner
03:26:40.0484 0216 Windows directory: C:\WINDOWS
03:26:40.0484 0216 System windows directory: C:\WINDOWS
03:26:40.0484 0216 Processor architecture: Intel x86
03:26:40.0484 0216 Number of processors: 1
03:26:40.0484 0216 Page size: 0x1000
03:26:40.0484 0216 Boot type: Normal boot
03:26:40.0484 0216 ============================================================
03:26:48.0640 0216 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:26:48.0953 0216 ============================================================
03:26:48.0953 0216 \Device\Harddisk0\DR0:
03:26:48.0984 0216 MBR partitions:
03:26:48.0984 0216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x776127, BlocksNum 0x8D944D9
03:26:48.0984 0216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7760E8
03:26:48.0984 0216 ============================================================
03:26:49.0031 0216 C: <-> \Device\Harddisk0\DR0\Partition0
03:26:49.0046 0216 D: <-> \Device\Harddisk0\DR0\Partition1
03:26:49.0109 0216 ============================================================
03:26:49.0109 0216 Initialize success
03:26:49.0109 0216 ============================================================
03:26:59.0546 0860 ============================================================
03:26:59.0546 0860 Scan started
03:26:59.0546 0860 Mode: Manual;
03:26:59.0546 0860 ============================================================
03:27:00.0234 0860 Abiosdsk - ok
03:27:00.0281 0860 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:27:00.0296 0860 abp480n5 - ok
03:27:00.0406 0860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:27:00.0484 0860 ACPI - ok
03:27:00.0515 0860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:27:00.0531 0860 ACPIEC - ok
03:27:00.0578 0860 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:27:00.0609 0860 adpu160m - ok
03:27:00.0687 0860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:27:00.0859 0860 aec - ok
03:27:00.0953 0860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:27:01.0015 0860 AFD - ok
03:27:01.0078 0860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
03:27:01.0093 0860 agp440 - ok
03:27:01.0140 0860 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:27:01.0156 0860 agpCPQ - ok
03:27:01.0187 0860 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:27:01.0203 0860 Aha154x - ok
03:27:01.0234 0860 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:27:01.0250 0860 aic78u2 - ok
03:27:01.0312 0860 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:27:01.0328 0860 aic78xx - ok
03:27:02.0312 0860 ALCXWDM (3cb2e2c258bfff962f90e26c0649c638) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
03:27:03.0140 0860 ALCXWDM - ok
03:27:03.0468 0860 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
03:27:03.0484 0860 Alerter - ok
03:27:03.0531 0860 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
03:27:03.0546 0860 ALG - ok
03:27:03.0609 0860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
03:27:03.0609 0860 AliIde - ok
03:27:03.0656 0860 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:27:03.0671 0860 alim1541 - ok
03:27:03.0703 0860 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:27:03.0718 0860 amdagp - ok
03:27:03.0859 0860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
03:27:03.0875 0860 amsint - ok
03:27:04.0046 0860 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys
03:27:04.0078 0860 androidusb - ok
03:27:04.0468 0860 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:27:04.0500 0860 Apple Mobile Device - ok
03:27:04.0515 0860 AppMgmt - ok
03:27:04.0687 0860 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
03:27:04.0718 0860 asc - ok
03:27:04.0906 0860 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:27:04.0937 0860 asc3350p - ok
03:27:05.0000 0860 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:27:05.0046 0860 asc3550 - ok
03:27:07.0296 0860 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:27:07.0578 0860 aspnet_state - ok
03:27:07.0640 0860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:27:07.0656 0860 AsyncMac - ok
03:27:07.0796 0860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:27:07.0796 0860 atapi - ok
03:27:07.0812 0860 Atdisk - ok
03:27:07.0984 0860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:27:08.0000 0860 Atmarpc - ok
03:27:08.0062 0860 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
03:27:08.0078 0860 AudioSrv - ok
03:27:08.0140 0860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:27:08.0140 0860 audstub - ok
03:27:08.0171 0860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:27:08.0171 0860 Beep - ok
03:27:08.0609 0860 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
03:27:09.0015 0860 BHDrvx86 - ok
03:27:09.0218 0860 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
03:27:09.0390 0860 BITS - ok
03:27:09.0671 0860 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
03:27:09.0812 0860 Bonjour Service - ok
03:27:10.0015 0860 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
03:27:10.0031 0860 Browser - ok
03:27:10.0156 0860 catchme - ok
03:27:10.0250 0860 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:27:10.0250 0860 cbidf - ok
03:27:10.0265 0860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:27:10.0265 0860 cbidf2k - ok
03:27:10.0312 0860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:27:10.0328 0860 CCDECODE - ok
03:27:10.0468 0860 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
03:27:10.0531 0860 ccSet_NIS - ok
03:27:10.0546 0860 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:27:10.0562 0860 cd20xrnt - ok
03:27:10.0578 0860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:27:10.0593 0860 Cdaudio - ok
03:27:10.0656 0860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:27:10.0671 0860 Cdfs - ok
03:27:10.0750 0860 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:27:10.0781 0860 Cdrom - ok
03:27:10.0781 0860 Changer - ok
03:27:10.0843 0860 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
03:27:10.0843 0860 CiSvc - ok
03:27:11.0031 0860 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
03:27:11.0046 0860 ClipSrv - ok
03:27:11.0234 0860 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:27:11.0390 0860 clr_optimization_v2.0.50727_32 - ok
03:27:11.0531 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:27:11.0640 0860 clr_optimization_v4.0.30319_32 - ok
03:27:11.0687 0860 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:27:11.0703 0860 CmdIde - ok
03:27:12.0109 0860 CoachUsb (fafa3c99864e9df18cb68725bbcf7bca) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
03:27:12.0125 0860 CoachUsb - ok
03:27:12.0171 0860 CoachVid (7aefe82c02d4933cee4b7cb78c409845) C:\WINDOWS\system32\DRIVERS\CoachVid.sys
03:27:12.0187 0860 CoachVid - ok
03:27:12.0203 0860 COMSysApp - ok
03:27:12.0250 0860 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:27:12.0250 0860 Cpqarray - ok
03:27:12.0359 0860 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:27:12.0375 0860 cpudrv - ok
03:27:12.0421 0860 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
03:27:12.0453 0860 CryptSvc - ok
03:27:12.0562 0860 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:27:12.0625 0860 dac2w2k - ok
03:27:12.0640 0860 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:27:12.0640 0860 dac960nt - ok
03:27:12.0828 0860 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
03:27:13.0093 0860 DcomLaunch - ok
03:27:13.0187 0860 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
03:27:13.0234 0860 Dhcp - ok
03:27:13.0296 0860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:27:13.0312 0860 Disk - ok
03:27:13.0312 0860 dmadmin - ok
03:27:13.0609 0860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:27:13.0859 0860 dmboot - ok
03:27:14.0062 0860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:27:14.0109 0860 dmio - ok
03:27:14.0140 0860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:27:14.0156 0860 dmload - ok
03:27:14.0187 0860 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
03:27:14.0203 0860 dmserver - ok
03:27:14.0265 0860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:27:14.0281 0860 DMusic - ok
03:27:14.0359 0860 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
03:27:14.0375 0860 Dnscache - ok
03:27:14.0500 0860 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
03:27:14.0546 0860 Dot3svc - ok
03:27:14.0593 0860 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:27:14.0609 0860 dpti2o - ok
03:27:14.0687 0860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:27:14.0687 0860 drmkaud - ok
03:27:14.0765 0860 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:27:14.0843 0860 E100B - ok
03:27:15.0015 0860 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
03:27:15.0031 0860 EapHost - ok
03:27:15.0312 0860 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
03:27:15.0421 0860 eeCtrl - ok
03:27:15.0484 0860 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:27:15.0515 0860 EraserUtilRebootDrv - ok
03:27:15.0562 0860 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
03:27:15.0578 0860 ERSvc - ok
03:27:15.0656 0860 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:27:15.0703 0860 Eventlog - ok
03:27:15.0843 0860 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
03:27:16.0078 0860 EventSystem - ok
03:27:16.0187 0860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:27:16.0250 0860 Fastfat - ok
03:27:16.0343 0860 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:16.0390 0860 FastUserSwitchingCompatibility - ok
03:27:16.0406 0860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
03:27:16.0421 0860 Fdc - ok
03:27:16.0468 0860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:27:16.0484 0860 Fips - ok
03:27:16.0531 0860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:27:16.0546 0860 Flpydisk - ok
03:27:16.0609 0860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:27:16.0656 0860 FltMgr - ok
03:27:16.0843 0860 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:27:16.0859 0860 FontCache3.0.0.0 - ok
03:27:17.0031 0860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:27:17.0031 0860 Fs_Rec - ok
03:27:17.0109 0860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:27:17.0171 0860 Ftdisk - ok
03:27:17.0218 0860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:27:17.0234 0860 GEARAspiWDM - ok
03:27:17.0296 0860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:27:17.0312 0860 Gpc - ok
03:27:17.0468 0860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:27:17.0500 0860 gupdate - ok
03:27:17.0546 0860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:27:17.0546 0860 gupdatem - ok
03:27:17.0640 0860 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:27:17.0656 0860 helpsvc - ok
03:27:17.0671 0860 HidServ - ok
03:27:17.0734 0860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:27:17.0734 0860 HidUsb - ok
03:27:17.0828 0860 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
03:27:17.0859 0860 hkmsvc - ok
03:27:18.0031 0860 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
03:27:18.0046 0860 hpn - ok
03:27:18.0171 0860 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
03:27:18.0265 0860 HSFHWBS2 - ok
03:27:18.0640 0860 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
03:27:19.0109 0860 HSF_DP - ok
03:27:19.0250 0860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:27:19.0343 0860 HTTP - ok
03:27:19.0390 0860 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
03:27:19.0390 0860 HTTPFilter - ok
03:27:19.0437 0860 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
03:27:19.0453 0860 i2omgmt - ok
03:27:19.0515 0860 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:27:19.0531 0860 i2omp - ok
03:27:19.0562 0860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:27:19.0578 0860 i8042prt - ok
03:27:20.0265 0860 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
03:27:20.0671 0860 ialm - ok
03:27:21.0250 0860 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:27:21.0546 0860 idsvc - ok
03:27:21.0812 0860 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSxpx86.sys
03:27:21.0984 0860 IDSxpx86 - ok
03:27:22.0343 0860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:27:22.0359 0860 Imapi - ok
03:27:22.0453 0860 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
03:27:22.0515 0860 ImapiService - ok
03:27:22.0546 0860 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:27:22.0546 0860 ini910u - ok
03:27:22.0578 0860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:27:22.0578 0860 IntelIde - ok
03:27:22.0625 0860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:27:22.0640 0860 intelppm - ok
03:27:22.0687 0860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:27:22.0703 0860 Ip6Fw - ok
03:27:22.0750 0860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:27:22.0765 0860 IpFilterDriver - ok
03:27:22.0796 0860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:27:22.0796 0860 IpInIp - ok
03:27:22.0890 0860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:27:23.0062 0860 IpNat - ok
03:27:23.0453 0860 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
03:27:23.0718 0860 iPod Service - ok
03:27:23.0765 0860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:27:23.0796 0860 IPSec - ok
03:27:23.0828 0860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:27:23.0828 0860 IRENUM - ok
03:27:23.0890 0860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:27:23.0906 0860 isapnp - ok
03:27:24.0203 0860 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
03:27:24.0250 0860 JavaQuickStarterService - ok
03:27:24.0312 0860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:27:24.0328 0860 Kbdclass - ok
03:27:24.0406 0860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:27:24.0453 0860 kmixer - ok
03:27:24.0531 0860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:27:24.0562 0860 KSecDD - ok
03:27:24.0640 0860 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
03:27:24.0687 0860 lanmanserver - ok
03:27:24.0781 0860 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
03:27:24.0843 0860 lanmanworkstation - ok
03:27:24.0859 0860 lbrtfdc - ok
03:27:24.0921 0860 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
03:27:24.0937 0860 LmHosts - ok
03:27:25.0109 0860 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
03:27:25.0125 0860 ManyCam - ok
03:27:25.0203 0860 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:27:25.0203 0860 mdmxsdk - ok
03:27:25.0265 0860 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
03:27:25.0281 0860 Messenger - ok
03:27:25.0328 0860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:27:25.0343 0860 mnmdd - ok
03:27:25.0406 0860 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
03:27:25.0406 0860 mnmsrvc - ok
03:27:25.0468 0860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:27:25.0484 0860 Modem - ok
03:27:25.0515 0860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:27:25.0515 0860 Mouclass - ok
03:27:25.0578 0860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:27:25.0593 0860 mouhid - ok
03:27:25.0687 0860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:27:25.0703 0860 MountMgr - ok
03:27:25.0796 0860 MpKsl62a86370 - ok
03:27:25.0843 0860 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:27:25.0843 0860 mraid35x - ok
03:27:26.0140 0860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:27:26.0234 0860 MRxDAV - ok
03:27:26.0421 0860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:27:26.0578 0860 MRxSmb - ok
03:27:26.0640 0860 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
03:27:26.0640 0860 MSDTC - ok
03:27:26.0687 0860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:27:26.0703 0860 Msfs - ok
03:27:26.0718 0860 MSIServer - ok
03:27:26.0781 0860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:27:26.0781 0860 MSKSSRV - ok
03:27:26.0812 0860 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
03:27:26.0812 0860 msloop - ok
03:27:26.0828 0860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:27:26.0843 0860 MSPCLOCK - ok
03:27:26.0859 0860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:27:26.0859 0860 MSPQM - ok
03:27:26.0890 0860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:27:26.0906 0860 mssmbios - ok
03:27:27.0062 0860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
03:27:27.0078 0860 MSTEE - ok
03:27:27.0156 0860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:27:27.0203 0860 Mup - ok
03:27:27.0265 0860 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
03:27:27.0265 0860 mxnic - ok
03:27:27.0328 0860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:27:27.0359 0860 NABTSFEC - ok
03:27:27.0406 0860 NAL (481daa2cba98521a4e40f75518c06330) C:\WINDOWS\system32\Drivers\iqvw32.sys
03:27:27.0421 0860 NAL - ok
03:27:27.0593 0860 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
03:27:27.0687 0860 napagent - ok
03:27:27.0859 0860 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.033\NAVENG.SYS
03:27:27.0890 0860 NAVENG - ok
03:27:28.0578 0860 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.033\NAVEX15.SYS
03:27:29.0187 0860 NAVEX15 - ok
03:27:29.0593 0860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:27:29.0656 0860 NDIS - ok
03:27:29.0703 0860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:27:29.0703 0860 NdisIP - ok
03:27:29.0765 0860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:27:29.0765 0860 NdisTapi - ok
03:27:29.0796 0860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:27:29.0812 0860 Ndisuio - ok
03:27:29.0859 0860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:27:29.0890 0860 NdisWan - ok
03:27:30.0078 0860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:27:30.0093 0860 NDProxy - ok
03:27:30.0140 0860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:27:30.0156 0860 NetBIOS - ok
03:27:30.0218 0860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:27:30.0281 0860 NetBT - ok
03:27:30.0359 0860 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:27:30.0390 0860 NetDDE - ok
03:27:30.0406 0860 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:27:30.0406 0860 NetDDEdsdm - ok
03:27:30.0453 0860 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:30.0468 0860 Netlogon - ok
03:27:30.0703 0860 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
03:27:30.0781 0860 Netman - ok
03:27:31.0062 0860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:27:31.0125 0860 NetTcpPortSharing - ok
03:27:31.0343 0860 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
03:27:31.0390 0860 NIS - ok
03:27:31.0515 0860 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
03:27:31.0593 0860 Nla - ok
03:27:31.0656 0860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:27:31.0671 0860 Npfs - ok
03:27:31.0875 0860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:27:32.0218 0860 Ntfs - ok
03:27:32.0281 0860 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:32.0281 0860 NtLmSsp - ok
03:27:32.0484 0860 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
03:27:32.0609 0860 NtmsSvc - ok
03:27:32.0656 0860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:27:32.0656 0860 Null - ok
03:27:33.0468 0860 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:27:34.0203 0860 nv - ok
03:27:34.0546 0860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:27:34.0546 0860 NwlnkFlt - ok
03:27:34.0578 0860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:27:34.0593 0860 NwlnkFwd - ok
03:27:34.0656 0860 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
03:27:34.0671 0860 P3 - ok
03:27:34.0718 0860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:27:34.0781 0860 Parport - ok
03:27:34.0828 0860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:27:34.0843 0860 PartMgr - ok
03:27:34.0890 0860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:27:34.0906 0860 ParVdm - ok
03:27:34.0953 0860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:27:34.0968 0860 PCI - ok
03:27:35.0093 0860 PCIDump - ok
03:27:35.0156 0860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:27:35.0156 0860 PCIIde - ok
03:27:35.0234 0860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:27:35.0265 0860 Pcmcia - ok
03:27:35.0281 0860 PDCOMP - ok
03:27:35.0296 0860 PDFRAME - ok
03:27:35.0312 0860 PDRELI - ok
03:27:35.0328 0860 PDRFRAME - ok
03:27:35.0359 0860 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
03:27:35.0375 0860 perc2 - ok
03:27:35.0390 0860 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:27:35.0390 0860 perc2hib - ok
03:27:35.0484 0860 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:27:35.0500 0860 PlugPlay - ok
03:27:35.0562 0860 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:35.0562 0860 PolicyAgent - ok
03:27:35.0625 0860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:27:35.0656 0860 PptpMiniport - ok
03:27:35.0812 0860 PrismXL (33d7285f12d934268a34206dfc4ad1b3) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
03:27:35.0859 0860 PrismXL - ok
03:27:35.0875 0860 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:35.0890 0860 ProtectedStorage - ok
03:27:35.0968 0860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:27:36.0109 0860 PSched - ok
03:27:36.0218 0860 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
03:27:36.0234 0860 PsSdk41 - ok
03:27:36.0281 0860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:27:36.0296 0860 Ptilink - ok
03:27:36.0343 0860 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:27:36.0390 0860 PxHelp20 - ok
03:27:36.0421 0860 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:27:36.0437 0860 ql1080 - ok
03:27:36.0468 0860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:27:36.0468 0860 Ql10wnt - ok
03:27:36.0500 0860 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:27:36.0515 0860 ql12160 - ok
03:27:36.0546 0860 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:27:36.0578 0860 ql1240 - ok
03:27:36.0609 0860 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:27:36.0625 0860 ql1280 - ok
03:27:36.0640 0860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:27:36.0656 0860 RasAcd - ok
03:27:36.0718 0860 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
03:27:36.0765 0860 RasAuto - ok
03:27:36.0812 0860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:27:36.0828 0860 Rasl2tp - ok
03:27:36.0953 0860 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
03:27:37.0125 0860 RasMan - ok
03:27:37.0250 0860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:27:37.0265 0860 RasPppoe - ok
03:27:37.0375 0860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:27:37.0390 0860 Raspti - ok
03:27:37.0484 0860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:27:37.0531 0860 Rdbss - ok
03:27:37.0562 0860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:27:37.0562 0860 RDPCDD - ok
03:27:37.0656 0860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:27:37.0734 0860 rdpdr - ok
03:27:37.0812 0860 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
03:27:37.0859 0860 RDPWD - ok
03:27:37.0953 0860 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
03:27:38.0031 0860 RDSessMgr - ok
03:27:38.0187 0860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:27:38.0203 0860 redbook - ok
03:27:38.0265 0860 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
03:27:38.0296 0860 RemoteAccess - ok
03:27:38.0359 0860 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
03:27:38.0375 0860 Revoflt - ok
03:27:38.0437 0860 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
03:27:38.0468 0860 RpcLocator - ok
03:27:38.0656 0860 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
03:27:38.0671 0860 RpcSs - ok
03:27:38.0765 0860 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
03:27:38.0812 0860 RSVP - ok
03:27:38.0875 0860 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:38.0875 0860 SamSs - ok
03:27:38.0953 0860 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
03:27:39.0015 0860 SCardSvr - ok
03:27:39.0250 0860 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
03:27:39.0328 0860 Schedule - ok
03:27:39.0390 0860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:27:39.0390 0860 Secdrv - ok
03:27:39.0468 0860 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
03:27:39.0484 0860 seclogon - ok
03:27:39.0546 0860 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
03:27:39.0562 0860 SENS - ok
03:27:39.0593 0860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:27:39.0593 0860 serenum - ok
03:27:39.0687 0860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:27:39.0718 0860 Serial - ok
03:27:39.0796 0860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:27:39.0812 0860 Sfloppy - ok
03:27:39.0984 0860 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
03:27:40.0218 0860 SharedAccess - ok
03:27:40.0296 0860 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:40.0312 0860 ShellHWDetection - ok
03:27:40.0328 0860 Simbad - ok
03:27:40.0390 0860 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:27:40.0406 0860 sisagp - ok
03:27:40.0453 0860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:27:40.0468 0860 SLIP - ok
03:27:40.0515 0860 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys
03:27:40.0562 0860 smhwdev - ok
03:27:40.0765 0860 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys
03:27:40.0812 0860 smhwser - ok
03:27:40.0890 0860 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:27:40.0921 0860 Sparrow - ok
03:27:40.0968 0860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:27:40.0968 0860 splitter - ok
03:27:41.0171 0860 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
03:27:41.0187 0860 Spooler - ok
03:27:41.0234 0860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:27:41.0265 0860 sr - ok
03:27:41.0390 0860 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
03:27:41.0437 0860 srservice - ok
03:27:41.0765 0860 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
03:27:41.0953 0860 SRTSP - ok
03:27:42.0140 0860 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
03:27:42.0156 0860 SRTSPX - ok
03:27:42.0359 0860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:27:42.0484 0860 Srv - ok
03:27:42.0562 0860 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
03:27:42.0593 0860 SSDPSRV - ok
03:27:42.0750 0860 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
03:27:42.0875 0860 stisvc - ok
03:27:42.0921 0860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:27:42.0921 0860 streamip - ok
03:27:42.0968 0860 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
03:27:42.0984 0860 SunkFilt - ok
03:27:43.0140 0860 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
03:27:43.0156 0860 SunkFilt39 - ok
03:27:43.0171 0860 Sunkfiltp - ok
03:27:43.0234 0860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:27:43.0234 0860 swenum - ok
03:27:43.0281 0860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:27:43.0312 0860 swmidi - ok
03:27:43.0328 0860 SwPrv - ok
03:27:43.0375 0860 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
03:27:43.0390 0860 symc810 - ok
03:27:43.0421 0860 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:27:43.0421 0860 symc8xx - ok
03:27:43.0578 0860 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
03:27:43.0687 0860 SymDS - ok
03:27:44.0171 0860 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
03:27:44.0468 0860 SymEFA - ok
03:27:44.0562 0860 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
03:27:44.0609 0860 SymEvent - ok
03:27:44.0718 0860 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
03:27:44.0781 0860 SymIRON - ok
03:27:44.0953 0860 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
03:27:45.0265 0860 SYMTDI - ok
03:27:45.0328 0860 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:27:45.0343 0860 sym_hi - ok
03:27:45.0375 0860 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:27:45.0390 0860 sym_u3 - ok
03:27:45.0453 0860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:27:45.0484 0860 sysaudio - ok
03:27:45.0562 0860 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
03:27:45.0593 0860 SysmonLog - ok
03:27:45.0671 0860 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
03:27:45.0703 0860 tap0901 - ok
03:27:45.0765 0860 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
03:27:45.0765 0860 taphss - ok
03:27:45.0906 0860 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
03:27:45.0984 0860 TapiSrv - ok
03:27:46.0921 0860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:27:47.0125 0860 Tcpip - ok
03:27:47.0203 0860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:27:47.0218 0860 TDPIPE - ok
03:27:47.0296 0860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:27:47.0312 0860 TDTCP - ok
03:27:47.0437 0860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:27:47.0453 0860 TermDD - ok
03:27:47.0781 0860 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
03:27:47.0953 0860 TermService - ok
03:27:48.0140 0860 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:48.0156 0860 Themes - ok
03:27:48.0187 0860 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
03:27:48.0203 0860 TosIde - ok
03:27:48.0281 0860 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
03:27:48.0312 0860 TrkWks - ok
03:27:48.0390 0860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:27:48.0406 0860 Udfs - ok
03:27:48.0437 0860 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
03:27:48.0453 0860 ultra - ok
03:27:48.0656 0860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:27:48.0765 0860 Update - ok
03:27:48.0875 0860 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
03:27:48.0937 0860 upnphost - ok
03:27:48.0984 0860 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
03:27:49.0000 0860 UPS - ok
03:27:49.0062 0860 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:27:49.0078 0860 USBAAPL - ok
03:27:49.0156 0860 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
03:27:49.0171 0860 usbaudio - ok
03:27:49.0203 0860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:27:49.0218 0860 usbccgp - ok
03:27:49.0281 0860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:27:49.0281 0860 usbehci - ok
03:27:49.0359 0860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:27:49.0390 0860 usbhub - ok
03:27:49.0437 0860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:27:49.0437 0860 usbscan - ok
03:27:49.0484 0860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:27:49.0500 0860 USBSTOR - ok
03:27:49.0546 0860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:27:49.0562 0860 usbuhci - ok
03:27:49.0609 0860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:27:49.0625 0860 VgaSave - ok
03:27:49.0703 0860 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:27:49.0718 0860 viaagp - ok
03:27:49.0765 0860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
03:27:49.0765 0860 ViaIde - ok
03:27:49.0812 0860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:27:49.0828 0860 VolSnap - ok
03:27:49.0968 0860 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
03:27:50.0093 0860 VSS - ok
03:27:50.0171 0860 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
03:27:50.0234 0860 W32Time - ok
03:27:50.0281 0860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:27:50.0296 0860 Wanarp - ok
03:27:50.0312 0860 wanatw - ok
03:27:50.0515 0860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:27:50.0703 0860 Wdf01000 - ok
03:27:50.0718 0860 WDICA - ok
03:27:50.0843 0860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:27:50.0859 0860 wdmaud - ok
03:27:50.0921 0860 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
03:27:50.0953 0860 WebClient - ok
03:27:51.0250 0860 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:27:51.0468 0860 winachsf - ok
03:27:51.0625 0860 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
03:27:51.0671 0860 winmgmt - ok
03:27:52.0390 0860 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:27:52.0859 0860 wlidsvc - ok
03:27:53.0406 0860 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
03:27:53.0421 0860 WmdmPmSN - ok
03:27:53.0531 0860 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:27:53.0562 0860 WmiApSrv - ok
03:27:54.0046 0860 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
03:27:54.0359 0860 WMPNetworkSvc - ok
03:27:54.0500 0860 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
03:27:54.0515 0860 WpdUsb - ok
03:27:54.0921 0860 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:27:55.0187 0860 WPFFontCache_v0400 - ok
03:27:55.0250 0860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:27:55.0250 0860 WS2IFSL - ok
03:27:55.0328 0860 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
03:27:55.0359 0860 wscsvc - ok
03:27:55.0406 0860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:27:55.0421 0860 WSTCODEC - ok
03:27:55.0468 0860 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
03:27:55.0500 0860 wuauserv - ok
03:27:55.0578 0860 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:27:55.0609 0860 WudfPf - ok
03:27:55.0671 0860 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:27:55.0703 0860 WudfRd - ok
03:27:55.0765 0860 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
03:27:55.0781 0860 WudfSvc - ok
03:27:56.0015 0860 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
03:27:56.0187 0860 WZCSVC - ok
03:27:56.0250 0860 X4HSX32 - ok
03:27:56.0328 0860 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
03:27:56.0359 0860 xmlprov - ok
03:27:56.0421 0860 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
03:27:56.0437 0860 xusb21 - ok
03:27:56.0453 0860 zumbus - ok
03:27:56.0531 0860 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
03:27:56.0562 0860 \Device\Harddisk0\DR0 - ok
03:27:56.0593 0860 Boot (0x1200) (234197336b1fe08b60c8eca1e88cea3e) \Device\Harddisk0\DR0\Partition0
03:27:56.0609 0860 \Device\Harddisk0\DR0\Partition0 - ok
03:27:56.0609 0860 Boot (0x1200) (d39056dd248151188a3df9ab8aee7398) \Device\Harddisk0\DR0\Partition1
03:27:56.0609 0860 \Device\Harddisk0\DR0\Partition1 - ok
03:27:56.0625 0860 ============================================================
03:27:56.0625 0860 Scan finished
03:27:56.0625 0860 ============================================================
03:27:56.0640 2640 Detected object count: 0
03:27:56.0640 2640 Actual detected object count: 0
03:29:02.0218 2260 Deinitialize success


03:26:38.0437 0216 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
03:26:40.0468 0216 ============================================================
03:26:40.0468 0216 Current date / time: 2012/04/28 03:26:40.0468
03:26:40.0468 0216 SystemInfo:
03:26:40.0468 0216
03:26:40.0468 0216 OS Version: 5.1.2600 ServicePack: 3.0
03:26:40.0468 0216 Product type: Workstation
03:26:40.0468 0216 ComputerName: COMPUTER
03:26:40.0484 0216 UserName: Owner
03:26:40.0484 0216 Windows directory: C:\WINDOWS
03:26:40.0484 0216 System windows directory: C:\WINDOWS
03:26:40.0484 0216 Processor architecture: Intel x86
03:26:40.0484 0216 Number of processors: 1
03:26:40.0484 0216 Page size: 0x1000
03:26:40.0484 0216 Boot type: Normal boot
03:26:40.0484 0216 ============================================================
03:26:48.0640 0216 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:26:48.0953 0216 ============================================================
03:26:48.0953 0216 \Device\Harddisk0\DR0:
03:26:48.0984 0216 MBR partitions:
03:26:48.0984 0216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x776127, BlocksNum 0x8D944D9
03:26:48.0984 0216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7760E8
03:26:48.0984 0216 ============================================================
03:26:49.0031 0216 C: <-> \Device\Harddisk0\DR0\Partition0
03:26:49.0046 0216 D: <-> \Device\Harddisk0\DR0\Partition1
03:26:49.0109 0216 ============================================================
03:26:49.0109 0216 Initialize success
03:26:49.0109 0216 ============================================================
03:26:59.0546 0860 ============================================================
03:26:59.0546 0860 Scan started
03:26:59.0546 0860 Mode: Manual;
03:26:59.0546 0860 ============================================================
03:27:00.0234 0860 Abiosdsk - ok
03:27:00.0281 0860 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:27:00.0296 0860 abp480n5 - ok
03:27:00.0406 0860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:27:00.0484 0860 ACPI - ok
03:27:00.0515 0860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:27:00.0531 0860 ACPIEC - ok
03:27:00.0578 0860 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:27:00.0609 0860 adpu160m - ok
03:27:00.0687 0860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:27:00.0859 0860 aec - ok
03:27:00.0953 0860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:27:01.0015 0860 AFD - ok
03:27:01.0078 0860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
03:27:01.0093 0860 agp440 - ok
03:27:01.0140 0860 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:27:01.0156 0860 agpCPQ - ok
03:27:01.0187 0860 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:27:01.0203 0860 Aha154x - ok
03:27:01.0234 0860 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:27:01.0250 0860 aic78u2 - ok
03:27:01.0312 0860 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:27:01.0328 0860 aic78xx - ok
03:27:02.0312 0860 ALCXWDM (3cb2e2c258bfff962f90e26c0649c638) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
03:27:03.0140 0860 ALCXWDM - ok
03:27:03.0468 0860 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
03:27:03.0484 0860 Alerter - ok
03:27:03.0531 0860 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
03:27:03.0546 0860 ALG - ok
03:27:03.0609 0860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
03:27:03.0609 0860 AliIde - ok
03:27:03.0656 0860 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:27:03.0671 0860 alim1541 - ok
03:27:03.0703 0860 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:27:03.0718 0860 amdagp - ok
03:27:03.0859 0860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
03:27:03.0875 0860 amsint - ok
03:27:04.0046 0860 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys
03:27:04.0078 0860 androidusb - ok
03:27:04.0468 0860 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:27:04.0500 0860 Apple Mobile Device - ok
03:27:04.0515 0860 AppMgmt - ok
03:27:04.0687 0860 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
03:27:04.0718 0860 asc - ok
03:27:04.0906 0860 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:27:04.0937 0860 asc3350p - ok
03:27:05.0000 0860 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:27:05.0046 0860 asc3550 - ok
03:27:07.0296 0860 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:27:07.0578 0860 aspnet_state - ok
03:27:07.0640 0860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:27:07.0656 0860 AsyncMac - ok
03:27:07.0796 0860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:27:07.0796 0860 atapi - ok
03:27:07.0812 0860 Atdisk - ok
03:27:07.0984 0860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:27:08.0000 0860 Atmarpc - ok
03:27:08.0062 0860 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
03:27:08.0078 0860 AudioSrv - ok
03:27:08.0140 0860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:27:08.0140 0860 audstub - ok
03:27:08.0171 0860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:27:08.0171 0860 Beep - ok
03:27:08.0609 0860 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
03:27:09.0015 0860 BHDrvx86 - ok
03:27:09.0218 0860 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
03:27:09.0390 0860 BITS - ok
03:27:09.0671 0860 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
03:27:09.0812 0860 Bonjour Service - ok
03:27:10.0015 0860 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
03:27:10.0031 0860 Browser - ok
03:27:10.0156 0860 catchme - ok
03:27:10.0250 0860 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:27:10.0250 0860 cbidf - ok
03:27:10.0265 0860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:27:10.0265 0860 cbidf2k - ok
03:27:10.0312 0860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:27:10.0328 0860 CCDECODE - ok
03:27:10.0468 0860 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
03:27:10.0531 0860 ccSet_NIS - ok
03:27:10.0546 0860 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:27:10.0562 0860 cd20xrnt - ok
03:27:10.0578 0860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:27:10.0593 0860 Cdaudio - ok
03:27:10.0656 0860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:27:10.0671 0860 Cdfs - ok
03:27:10.0750 0860 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:27:10.0781 0860 Cdrom - ok
03:27:10.0781 0860 Changer - ok
03:27:10.0843 0860 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
03:27:10.0843 0860 CiSvc - ok
03:27:11.0031 0860 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
03:27:11.0046 0860 ClipSrv - ok
03:27:11.0234 0860 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:27:11.0390 0860 clr_optimization_v2.0.50727_32 - ok
03:27:11.0531 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:27:11.0640 0860 clr_optimization_v4.0.30319_32 - ok
03:27:11.0687 0860 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:27:11.0703 0860 CmdIde - ok
03:27:12.0109 0860 CoachUsb (fafa3c99864e9df18cb68725bbcf7bca) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
03:27:12.0125 0860 CoachUsb - ok
03:27:12.0171 0860 CoachVid (7aefe82c02d4933cee4b7cb78c409845) C:\WINDOWS\system32\DRIVERS\CoachVid.sys
03:27:12.0187 0860 CoachVid - ok
03:27:12.0203 0860 COMSysApp - ok
03:27:12.0250 0860 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:27:12.0250 0860 Cpqarray - ok
03:27:12.0359 0860 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:27:12.0375 0860 cpudrv - ok
03:27:12.0421 0860 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
03:27:12.0453 0860 CryptSvc - ok
03:27:12.0562 0860 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:27:12.0625 0860 dac2w2k - ok
03:27:12.0640 0860 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:27:12.0640 0860 dac960nt - ok
03:27:12.0828 0860 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
03:27:13.0093 0860 DcomLaunch - ok
03:27:13.0187 0860 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
03:27:13.0234 0860 Dhcp - ok
03:27:13.0296 0860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:27:13.0312 0860 Disk - ok
03:27:13.0312 0860 dmadmin - ok
03:27:13.0609 0860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:27:13.0859 0860 dmboot - ok
03:27:14.0062 0860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:27:14.0109 0860 dmio - ok
03:27:14.0140 0860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:27:14.0156 0860 dmload - ok
03:27:14.0187 0860 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
03:27:14.0203 0860 dmserver - ok
03:27:14.0265 0860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:27:14.0281 0860 DMusic - ok
03:27:14.0359 0860 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
03:27:14.0375 0860 Dnscache - ok
03:27:14.0500 0860 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
03:27:14.0546 0860 Dot3svc - ok
03:27:14.0593 0860 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:27:14.0609 0860 dpti2o - ok
03:27:14.0687 0860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:27:14.0687 0860 drmkaud - ok
03:27:14.0765 0860 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:27:14.0843 0860 E100B - ok
03:27:15.0015 0860 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
03:27:15.0031 0860 EapHost - ok
03:27:15.0312 0860 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
03:27:15.0421 0860 eeCtrl - ok
03:27:15.0484 0860 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:27:15.0515 0860 EraserUtilRebootDrv - ok
03:27:15.0562 0860 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
03:27:15.0578 0860 ERSvc - ok
03:27:15.0656 0860 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:27:15.0703 0860 Eventlog - ok
03:27:15.0843 0860 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
03:27:16.0078 0860 EventSystem - ok
03:27:16.0187 0860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:27:16.0250 0860 Fastfat - ok
03:27:16.0343 0860 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:16.0390 0860 FastUserSwitchingCompatibility - ok
03:27:16.0406 0860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
03:27:16.0421 0860 Fdc - ok
03:27:16.0468 0860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:27:16.0484 0860 Fips - ok
03:27:16.0531 0860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:27:16.0546 0860 Flpydisk - ok
03:27:16.0609 0860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:27:16.0656 0860 FltMgr - ok
03:27:16.0843 0860 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:27:16.0859 0860 FontCache3.0.0.0 - ok
03:27:17.0031 0860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:27:17.0031 0860 Fs_Rec - ok
03:27:17.0109 0860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:27:17.0171 0860 Ftdisk - ok
03:27:17.0218 0860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:27:17.0234 0860 GEARAspiWDM - ok
03:27:17.0296 0860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:27:17.0312 0860 Gpc - ok
03:27:17.0468 0860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:27:17.0500 0860 gupdate - ok
03:27:17.0546 0860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:27:17.0546 0860 gupdatem - ok
03:27:17.0640 0860 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:27:17.0656 0860 helpsvc - ok
03:27:17.0671 0860 HidServ - ok
03:27:17.0734 0860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:27:17.0734 0860 HidUsb - ok
03:27:17.0828 0860 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
03:27:17.0859 0860 hkmsvc - ok
03:27:18.0031 0860 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
03:27:18.0046 0860 hpn - ok
03:27:18.0171 0860 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
03:27:18.0265 0860 HSFHWBS2 - ok
03:27:18.0640 0860 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
03:27:19.0109 0860 HSF_DP - ok
03:27:19.0250 0860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:27:19.0343 0860 HTTP - ok
03:27:19.0390 0860 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
03:27:19.0390 0860 HTTPFilter - ok
03:27:19.0437 0860 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
03:27:19.0453 0860 i2omgmt - ok
03:27:19.0515 0860 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:27:19.0531 0860 i2omp - ok
03:27:19.0562 0860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:27:19.0578 0860 i8042prt - ok
03:27:20.0265 0860 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
03:27:20.0671 0860 ialm - ok
03:27:21.0250 0860 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:27:21.0546 0860 idsvc - ok
03:27:21.0812 0860 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSxpx86.sys
03:27:21.0984 0860 IDSxpx86 - ok
03:27:22.0343 0860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:27:22.0359 0860 Imapi - ok
03:27:22.0453 0860 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
03:27:22.0515 0860 ImapiService - ok
03:27:22.0546 0860 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:27:22.0546 0860 ini910u - ok
03:27:22.0578 0860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:27:22.0578 0860 IntelIde - ok
03:27:22.0625 0860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:27:22.0640 0860 intelppm - ok
03:27:22.0687 0860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:27:22.0703 0860 Ip6Fw - ok
03:27:22.0750 0860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:27:22.0765 0860 IpFilterDriver - ok
03:27:22.0796 0860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:27:22.0796 0860 IpInIp - ok
03:27:22.0890 0860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:27:23.0062 0860 IpNat - ok
03:27:23.0453 0860 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
03:27:23.0718 0860 iPod Service - ok
03:27:23.0765 0860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:27:23.0796 0860 IPSec - ok
03:27:23.0828 0860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:27:23.0828 0860 IRENUM - ok
03:27:23.0890 0860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:27:23.0906 0860 isapnp - ok
03:27:24.0203 0860 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
03:27:24.0250 0860 JavaQuickStarterService - ok
03:27:24.0312 0860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:27:24.0328 0860 Kbdclass - ok
03:27:24.0406 0860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:27:24.0453 0860 kmixer - ok
03:27:24.0531 0860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:27:24.0562 0860 KSecDD - ok
03:27:24.0640 0860 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
03:27:24.0687 0860 lanmanserver - ok
03:27:24.0781 0860 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
03:27:24.0843 0860 lanmanworkstation - ok
03:27:24.0859 0860 lbrtfdc - ok
03:27:24.0921 0860 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
03:27:24.0937 0860 LmHosts - ok
03:27:25.0109 0860 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
03:27:25.0125 0860 ManyCam - ok
03:27:25.0203 0860 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:27:25.0203 0860 mdmxsdk - ok
03:27:25.0265 0860 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
03:27:25.0281 0860 Messenger - ok
03:27:25.0328 0860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:27:25.0343 0860 mnmdd - ok
03:27:25.0406 0860 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
03:27:25.0406 0860 mnmsrvc - ok
03:27:25.0468 0860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:27:25.0484 0860 Modem - ok
03:27:25.0515 0860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:27:25.0515 0860 Mouclass - ok
03:27:25.0578 0860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:27:25.0593 0860 mouhid - ok
03:27:25.0687 0860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:27:25.0703 0860 MountMgr - ok
03:27:25.0796 0860 MpKsl62a86370 - ok
03:27:25.0843 0860 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:27:25.0843 0860 mraid35x - ok
03:27:26.0140 0860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:27:26.0234 0860 MRxDAV - ok
03:27:26.0421 0860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:27:26.0578 0860 MRxSmb - ok
03:27:26.0640 0860 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
03:27:26.0640 0860 MSDTC - ok
03:27:26.0687 0860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:27:26.0703 0860 Msfs - ok
03:27:26.0718 0860 MSIServer - ok
03:27:26.0781 0860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:27:26.0781 0860 MSKSSRV - ok
03:27:26.0812 0860 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
03:27:26.0812 0860 msloop - ok
03:27:26.0828 0860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:27:26.0843 0860 MSPCLOCK - ok
03:27:26.0859 0860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:27:26.0859 0860 MSPQM - ok
03:27:26.0890 0860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:27:26.0906 0860 mssmbios - ok
03:27:27.0062 0860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
03:27:27.0078 0860 MSTEE - ok
03:27:27.0156 0860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:27:27.0203 0860 Mup - ok
03:27:27.0265 0860 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
03:27:27.0265 0860 mxnic - ok
03:27:27.0328 0860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:27:27.0359 0860 NABTSFEC - ok
03:27:27.0406 0860 NAL (481daa2cba98521a4e40f75518c06330) C:\WINDOWS\system32\Drivers\iqvw32.sys
03:27:27.0421 0860 NAL - ok
03:27:27.0593 0860 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
03:27:27.0687 0860 napagent - ok
03:27:27.0859 0860 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.033\NAVENG.SYS
03:27:27.0890 0860 NAVENG - ok
03:27:28.0578 0860 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.033\NAVEX15.SYS
03:27:29.0187 0860 NAVEX15 - ok
03:27:29.0593 0860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:27:29.0656 0860 NDIS - ok
03:27:29.0703 0860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:27:29.0703 0860 NdisIP - ok
03:27:29.0765 0860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:27:29.0765 0860 NdisTapi - ok
03:27:29.0796 0860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:27:29.0812 0860 Ndisuio - ok
03:27:29.0859 0860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:27:29.0890 0860 NdisWan - ok
03:27:30.0078 0860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:27:30.0093 0860 NDProxy - ok
03:27:30.0140 0860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:27:30.0156 0860 NetBIOS - ok
03:27:30.0218 0860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:27:30.0281 0860 NetBT - ok
03:27:30.0359 0860 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:27:30.0390 0860 NetDDE - ok
03:27:30.0406 0860 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:27:30.0406 0860 NetDDEdsdm - ok
03:27:30.0453 0860 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:30.0468 0860 Netlogon - ok
03:27:30.0703 0860 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
03:27:30.0781 0860 Netman - ok
03:27:31.0062 0860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:27:31.0125 0860 NetTcpPortSharing - ok
03:27:31.0343 0860 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
03:27:31.0390 0860 NIS - ok
03:27:31.0515 0860 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
03:27:31.0593 0860 Nla - ok
03:27:31.0656 0860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:27:31.0671 0860 Npfs - ok
03:27:31.0875 0860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:27:32.0218 0860 Ntfs - ok
03:27:32.0281 0860 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:32.0281 0860 NtLmSsp - ok
03:27:32.0484 0860 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
03:27:32.0609 0860 NtmsSvc - ok
03:27:32.0656 0860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:27:32.0656 0860 Null - ok
03:27:33.0468 0860 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:27:34.0203 0860 nv - ok
03:27:34.0546 0860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:27:34.0546 0860 NwlnkFlt - ok
03:27:34.0578 0860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:27:34.0593 0860 NwlnkFwd - ok
03:27:34.0656 0860 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
03:27:34.0671 0860 P3 - ok
03:27:34.0718 0860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:27:34.0781 0860 Parport - ok
03:27:34.0828 0860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:27:34.0843 0860 PartMgr - ok
03:27:34.0890 0860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:27:34.0906 0860 ParVdm - ok
03:27:34.0953 0860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:27:34.0968 0860 PCI - ok
03:27:35.0093 0860 PCIDump - ok
03:27:35.0156 0860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:27:35.0156 0860 PCIIde - ok
03:27:35.0234 0860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:27:35.0265 0860 Pcmcia - ok
03:27:35.0281 0860 PDCOMP - ok
03:27:35.0296 0860 PDFRAME - ok
03:27:35.0312 0860 PDRELI - ok
03:27:35.0328 0860 PDRFRAME - ok
03:27:35.0359 0860 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
03:27:35.0375 0860 perc2 - ok
03:27:35.0390 0860 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:27:35.0390 0860 perc2hib - ok
03:27:35.0484 0860 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:27:35.0500 0860 PlugPlay - ok
03:27:35.0562 0860 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:35.0562 0860 PolicyAgent - ok
03:27:35.0625 0860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:27:35.0656 0860 PptpMiniport - ok
03:27:35.0812 0860 PrismXL (33d7285f12d934268a34206dfc4ad1b3) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
03:27:35.0859 0860 PrismXL - ok
03:27:35.0875 0860 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:35.0890 0860 ProtectedStorage - ok
03:27:35.0968 0860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:27:36.0109 0860 PSched - ok
03:27:36.0218 0860 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
03:27:36.0234 0860 PsSdk41 - ok
03:27:36.0281 0860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:27:36.0296 0860 Ptilink - ok
03:27:36.0343 0860 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:27:36.0390 0860 PxHelp20 - ok
03:27:36.0421 0860 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:27:36.0437 0860 ql1080 - ok
03:27:36.0468 0860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:27:36.0468 0860 Ql10wnt - ok
03:27:36.0500 0860 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:27:36.0515 0860 ql12160 - ok
03:27:36.0546 0860 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:27:36.0578 0860 ql1240 - ok
03:27:36.0609 0860 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:27:36.0625 0860 ql1280 - ok
03:27:36.0640 0860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:27:36.0656 0860 RasAcd - ok
03:27:36.0718 0860 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
03:27:36.0765 0860 RasAuto - ok
03:27:36.0812 0860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:27:36.0828 0860 Rasl2tp - ok
03:27:36.0953 0860 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
03:27:37.0125 0860 RasMan - ok
03:27:37.0250 0860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:27:37.0265 0860 RasPppoe - ok
03:27:37.0375 0860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:27:37.0390 0860 Raspti - ok
03:27:37.0484 0860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:27:37.0531 0860 Rdbss - ok
03:27:37.0562 0860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:27:37.0562 0860 RDPCDD - ok
03:27:37.0656 0860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:27:37.0734 0860 rdpdr - ok
03:27:37.0812 0860 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
03:27:37.0859 0860 RDPWD - ok
03:27:37.0953 0860 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
03:27:38.0031 0860 RDSessMgr - ok
03:27:38.0187 0860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:27:38.0203 0860 redbook - ok
03:27:38.0265 0860 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
03:27:38.0296 0860 RemoteAccess - ok
03:27:38.0359 0860 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
03:27:38.0375 0860 Revoflt - ok
03:27:38.0437 0860 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
03:27:38.0468 0860 RpcLocator - ok
03:27:38.0656 0860 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
03:27:38.0671 0860 RpcSs - ok
03:27:38.0765 0860 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
03:27:38.0812 0860 RSVP - ok
03:27:38.0875 0860 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:27:38.0875 0860 SamSs - ok
03:27:38.0953 0860 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
03:27:39.0015 0860 SCardSvr - ok
03:27:39.0250 0860 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
03:27:39.0328 0860 Schedule - ok
03:27:39.0390 0860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:27:39.0390 0860 Secdrv - ok
03:27:39.0468 0860 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
03:27:39.0484 0860 seclogon - ok
03:27:39.0546 0860 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
03:27:39.0562 0860 SENS - ok
03:27:39.0593 0860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:27:39.0593 0860 serenum - ok
03:27:39.0687 0860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:27:39.0718 0860 Serial - ok
03:27:39.0796 0860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:27:39.0812 0860 Sfloppy - ok
03:27:39.0984 0860 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
03:27:40.0218 0860 SharedAccess - ok
03:27:40.0296 0860 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:40.0312 0860 ShellHWDetection - ok
03:27:40.0328 0860 Simbad - ok
03:27:40.0390 0860 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:27:40.0406 0860 sisagp - ok
03:27:40.0453 0860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:27:40.0468 0860 SLIP - ok
03:27:40.0515 0860 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys
03:27:40.0562 0860 smhwdev - ok
03:27:40.0765 0860 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys
03:27:40.0812 0860 smhwser - ok
03:27:40.0890 0860 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:27:40.0921 0860 Sparrow - ok
03:27:40.0968 0860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:27:40.0968 0860 splitter - ok
03:27:41.0171 0860 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
03:27:41.0187 0860 Spooler - ok
03:27:41.0234 0860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:27:41.0265 0860 sr - ok
03:27:41.0390 0860 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
03:27:41.0437 0860 srservice - ok
03:27:41.0765 0860 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
03:27:41.0953 0860 SRTSP - ok
03:27:42.0140 0860 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
03:27:42.0156 0860 SRTSPX - ok
03:27:42.0359 0860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:27:42.0484 0860 Srv - ok
03:27:42.0562 0860 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
03:27:42.0593 0860 SSDPSRV - ok
03:27:42.0750 0860 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
03:27:42.0875 0860 stisvc - ok
03:27:42.0921 0860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:27:42.0921 0860 streamip - ok
03:27:42.0968 0860 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
03:27:42.0984 0860 SunkFilt - ok
03:27:43.0140 0860 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
03:27:43.0156 0860 SunkFilt39 - ok
03:27:43.0171 0860 Sunkfiltp - ok
03:27:43.0234 0860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:27:43.0234 0860 swenum - ok
03:27:43.0281 0860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:27:43.0312 0860 swmidi - ok
03:27:43.0328 0860 SwPrv - ok
03:27:43.0375 0860 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
03:27:43.0390 0860 symc810 - ok
03:27:43.0421 0860 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:27:43.0421 0860 symc8xx - ok
03:27:43.0578 0860 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
03:27:43.0687 0860 SymDS - ok
03:27:44.0171 0860 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
03:27:44.0468 0860 SymEFA - ok
03:27:44.0562 0860 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
03:27:44.0609 0860 SymEvent - ok
03:27:44.0718 0860 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
03:27:44.0781 0860 SymIRON - ok
03:27:44.0953 0860 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
03:27:45.0265 0860 SYMTDI - ok
03:27:45.0328 0860 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:27:45.0343 0860 sym_hi - ok
03:27:45.0375 0860 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:27:45.0390 0860 sym_u3 - ok
03:27:45.0453 0860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:27:45.0484 0860 sysaudio - ok
03:27:45.0562 0860 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
03:27:45.0593 0860 SysmonLog - ok
03:27:45.0671 0860 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\WINDOWS\system32\DRIVERS\tap0901.sys
03:27:45.0703 0860 tap0901 - ok
03:27:45.0765 0860 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
03:27:45.0765 0860 taphss - ok
03:27:45.0906 0860 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
03:27:45.0984 0860 TapiSrv - ok
03:27:46.0921 0860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:27:47.0125 0860 Tcpip - ok
03:27:47.0203 0860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:27:47.0218 0860 TDPIPE - ok
03:27:47.0296 0860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:27:47.0312 0860 TDTCP - ok
03:27:47.0437 0860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:27:47.0453 0860 TermDD - ok
03:27:47.0781 0860 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
03:27:47.0953 0860 TermService - ok
03:27:48.0140 0860 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:27:48.0156 0860 Themes - ok
03:27:48.0187 0860 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
03:27:48.0203 0860 TosIde - ok
03:27:48.0281 0860 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
03:27:48.0312 0860 TrkWks - ok
03:27:48.0390 0860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:27:48.0406 0860 Udfs - ok
03:27:48.0437 0860 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
03:27:48.0453 0860 ultra - ok
03:27:48.0656 0860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:27:48.0765 0860 Update - ok
03:27:48.0875 0860 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
03:27:48.0937 0860 upnphost - ok
03:27:48.0984 0860 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
03:27:49.0000 0860 UPS - ok
03:27:49.0062 0860 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
03:27:49.0078 0860 USBAAPL - ok
03:27:49.0156 0860 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
03:27:49.0171 0860 usbaudio - ok
03:27:49.0203 0860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:27:49.0218 0860 usbccgp - ok
03:27:49.0281 0860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:27:49.0281 0860 usbehci - ok
03:27:49.0359 0860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:27:49.0390 0860 usbhub - ok
03:27:49.0437 0860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:27:49.0437 0860 usbscan - ok
03:27:49.0484 0860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:27:49.0500 0860 USBSTOR - ok
03:27:49.0546 0860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:27:49.0562 0860 usbuhci - ok
03:27:49.0609 0860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:27:49.0625 0860 VgaSave - ok
03:27:49.0703 0860 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:27:49.0718 0860 viaagp - ok
03:27:49.0765 0860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
03:27:49.0765 0860 ViaIde - ok
03:27:49.0812 0860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:27:49.0828 0860 VolSnap - ok
03:27:49.0968 0860 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
03:27:50.0093 0860 VSS - ok
03:27:50.0171 0860 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
03:27:50.0234 0860 W32Time - ok
03:27:50.0281 0860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:27:50.0296 0860 Wanarp - ok
03:27:50.0312 0860 wanatw - ok
03:27:50.0515 0860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
03:27:50.0703 0860 Wdf01000 - ok
03:27:50.0718 0860 WDICA - ok
03:27:50.0843 0860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:27:50.0859 0860 wdmaud - ok
03:27:50.0921 0860 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
03:27:50.0953 0860 WebClient - ok
03:27:51.0250 0860 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:27:51.0468 0860 winachsf - ok
03:27:51.0625 0860 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
03:27:51.0671 0860 winmgmt - ok
03:27:52.0390 0860 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:27:52.0859 0860 wlidsvc - ok
03:27:53.0406 0860 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
03:27:53.0421 0860 WmdmPmSN - ok
03:27:53.0531 0860 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:27:53.0562 0860 WmiApSrv - ok
03:27:54.0046 0860 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
03:27:54.0359 0860 WMPNetworkSvc - ok
03:27:54.0500 0860 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
03:27:54.0515 0860 WpdUsb - ok
03:27:54.0921 0860 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:27:55.0187 0860 WPFFontCache_v0400 - ok
03:27:55.0250 0860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:27:55.0250 0860 WS2IFSL - ok
03:27:55.0328 0860 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
03:27:55.0359 0860 wscsvc - ok
03:27:55.0406 0860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:27:55.0421 0860 WSTCODEC - ok
03:27:55.0468 0860 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
03:27:55.0500 0860 wuauserv - ok
03:27:55.0578 0860 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:27:55.0609 0860 WudfPf - ok
03:27:55.0671 0860 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:27:55.0703 0860 WudfRd - ok
03:27:55.0765 0860 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
03:27:55.0781 0860 WudfSvc - ok
03:27:56.0015 0860 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
03:27:56.0187 0860 WZCSVC - ok
03:27:56.0250 0860 X4HSX32 - ok
03:27:56.0328 0860 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
03:27:56.0359 0860 xmlprov - ok
03:27:56.0421 0860 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
03:27:56.0437 0860 xusb21 - ok
03:27:56.0453 0860 zumbus - ok
03:27:56.0531 0860 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
03:27:56.0562 0860 \Device\Harddisk0\DR0 - ok
03:27:56.0593 0860 Boot (0x1200) (234197336b1fe08b60c8eca1e88cea3e) \Device\Harddisk0\DR0\Partition0
03:27:56.0609 0860 \Device\Harddisk0\DR0\Partition0 - ok
03:27:56.0609 0860 Boot (0x1200) (d39056dd248151188a3df9ab8aee7398) \Device\Harddisk0\DR0\Partition1
03:27:56.0609 0860 \Device\Harddisk0\DR0\Partition1 - ok
03:27:56.0625 0860 ============================================================
03:27:56.0625 0860 Scan finished
03:27:56.0625 0860 ============================================================
03:27:56.0640 2640 Detected object count: 0
03:27:56.0640 2640 Actual detected object count: 0
03:29:02.0218 2260 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 28 April 2012 - 11:03 AM

Greetings Jr6x

I sent me the TDSSkiller report twice, I would like you to send me the aswMBR report if possible


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 29 April 2012 - 12:27 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 22:22:45
-----------------------------
22:22:45.328 OS Version: Windows 5.1.2600 Service Pack 3
22:22:45.328 Number of processors: 1 586 0x304
22:22:45.343 ComputerName: COMPUTER UserName: Owner
22:22:51.375 Initialize success
22:23:44.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:23:44.000 Disk 0 Vendor: WDC_WD800BB-22JHC0 05.01C05 Size: 76319MB BusType: 3
22:23:44.062 Disk 0 MBR read successfully
22:23:44.062 Disk 0 MBR scan
22:23:44.062 Disk 0 unknown MBR code
22:23:44.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72488 MB offset 7823655
22:23:44.109 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3820 MB offset 63
22:23:44.171 Disk 0 scanning sectors +156280320
22:23:44.562 Disk 0 scanning C:\WINDOWS\system32\drivers
22:24:16.921 Service scanning
22:25:16.640 Modules scanning
22:25:58.687 Disk 0 trace - called modules:
22:25:58.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:25:58.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86359688]
22:25:58.750 3 CLASSPNP.SYS[f77fefd7] -> nt!IofCallDriver -> \Device\00000097[0x8637ef18]
22:25:58.750 5 ACPI.sys[f76f5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86373b58]
22:25:58.765 Scan finished successfully
22:26:51.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:26:51.578 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 29 April 2012 - 05:57 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3014000&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 29 April 2012 - 02:07 PM

ComboFix 12-04-29.02 - Owner 04/29/2012 11:17:36.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.154 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\3GP_Converter034\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\3GP_Converter034\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-25 09:12 . 2012-04-25 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-04-21 05:36 . 2012-04-24 00:13 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-04-03 07:43 . 2012-04-05 05:58 -------- d-----w- c:\program files\Symantec
2012-04-03 07:43 . 2012-04-05 05:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-03 07:43 . 2012-04-05 05:58 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-03 07:39 . 2012-04-24 17:16 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-03 07:39 . 2012-04-03 07:39 -------- d-----w- c:\program files\Norton Internet Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 09:23 . 2011-06-21 23:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-15 07:01 . 2012-03-15 07:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-15 07:01 . 2011-05-14 08:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-26 16:11 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-26 16:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-26 16:11 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-26 16:11 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-26 16:12 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2012-03-26 08:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_09.14.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-29 18:08 . 2012-04-29 18:08 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
+ 2012-04-29 17:59 . 2012-04-29 17:59 16384 c:\windows\Temp\Perflib_Perfdata_158.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-22 3171760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
run_startmenu.cmd [2004-10-11 45]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-19 06:00 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-07-22 08:05 3171760 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 21:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 14:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-10-18 21:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\symds.sys [4/24/2012 12:09 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\symefa.sys [4/24/2012 12:09 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/24/2012 12:13 AM 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [4/24/2012 12:09 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\ironx86.sys [4/24/2012 12:09 AM 149624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/3/2012 4:22 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSXpx86.sys [4/27/2012 11:36 PM 356280]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S1 MpKsl62a86370;MpKsl62a86370;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811B1580-9627-4C6D-9B5A-669089B795FC}\MpKsl62a86370.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811B1580-9627-4C6D-9B5A-669089B795FC}\MpKsl62a86370.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2010 4:26 PM 136176]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [10/24/2011 11:39 AM 25728]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [4/6/2009 8:13 PM 45344]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2010 4:26 PM 136176]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/2/2010 1:29 AM 36928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2011 5:52 AM 27064]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [10/24/2011 11:39 AM 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [10/24/2011 11:39 AM 108032]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 23:25]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-12 23:25]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882975283-9876242-1659485762-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 06:00]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882975283-9876242-1659485762-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-19 06:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm381YYus&ptb=5CE92650-C134-47E9-AF5B-A0D244D1029A
uInternet Settings,ProxyOverride = local;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\
FF - prefs.js: browser.search.selectedEngine - Radio 1.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 11:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):96,fe,c7,34,ae,a6,f0,47,de,db,a5,9b,5b,9e,e8,f7,21,66,b1,91,6e,
d8,72,75,17,9b,a7,e8,bf,6b,8d,57,d6,3f,57,99,8b,f8,3c,9d,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\idmmbc.dll
.
Completion time: 2012-04-29 11:48:38
ComboFix-quarantined-files.txt 2012-04-29 18:48
ComboFix2.txt 2012-04-27 09:22
.
Pre-Run: 25,789,362,176 bytes free
Post-Run: 25,777,188,864 bytes free
.
- - End Of File - - 13753B413F2D27E55AD2A50034E59B8B

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 29 April 2012 - 02:16 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

FrostWire 4.21.8
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 29 April 2012 - 02:17 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 29 April 2012 - 08:24 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.29.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: COMPUTER [administrator]

4/29/2012 5:06:31 PM
mbam-log-2012-04-29 (17-06-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190207
Time elapsed: 20 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:05 PM, on 4/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm381YYus&ptb=5CE92650-C134-47E9-AF5B-A0D244D1029A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: run_startmenu.cmd
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279754964859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6875 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 30 April 2012 - 04:14 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - Global Startup: run_startmenu.cmd
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 01 May 2012 - 02:10 AM

Do i have to do the Eset Online Scanner? That scan takes 3 or 4 plus to complete.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 01 May 2012 - 02:20 AM

I would prefere that we do as it will make sure there are no left overs on the computer


If you would rather do it overnight that is fine with me as I am in no hurry and would rather be sure


but in the end it is up to you so let me know what you decide



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 01 May 2012 - 02:51 AM

I'll do it but I'll probably have it done tomorrow night.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users