Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Power Eraser detected ZeroAccess.kmem


  • This topic is locked This topic is locked
24 replies to this topic

#1 Rod Warrix

Rod Warrix

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 09 May 2012 - 03:56 PM

Hello,

I have been struggling with a infection on my xp home for months! NPE said it was ZeroAcess.kmem but could not remove it fuly even with their tools. Came by here and have been following all kinds of things to remove and thought it was gone but is still their. Computer run great for awhile after running ComboFix, TDDSKiller, Malwarebytes, Norton NPE ( Said infected with ZeroAcess.kmem file netbt.sys deleted and it replaced it self but still not a great improvement from system until ComboFix ran first time "I have also manually replaced this file with original!"), Norton Internet Security 2012, Sophos free, Avast free, Panda Active Scan Free, Norton Boot Recovery Scan, Online virus scans, lots of things been ran weeks straight and nothing. I started getting better results after reading and running idea's from another post here on "BleepingComputer.com" Then it began again and now no results even after running ComboFix that still say's I am infected with rootkit ZeroAcess I have my first log from ComboFix and should have all logs from most of the scans I did. Seems no Anti-Virus will cure it fully. Running differents ones come's up with various different virus names. Also have used MBRCheck.exe and is good also have those logs. Weeks straight of running all these multiple times still getting ComboFix telling me its still rootkit ZeroAcess infection. Computer really slow again but have partioned with other Windows 8 preview CE. Any help would be great! Got alread most of the programs listed here at BleepingComputer.com Please.. and Thank You! Also like to say tried Microsoft Fix it 50199.msi to rebuild tcp/ip stacks no help?!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 AM

Posted 09 May 2012 - 05:07 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 11 May 2012 - 11:40 AM

Hello here are some of the logs I have and will be running dds again to get that log to. Just ran Avast from second partition of the hard drive and it now again found that the pagefile.sys is again infected and again difference trojan win32.patched-ho and another file a0000.sys is infected with win32.harebot and it is stored in the system volume folder. I have deleted these before and disabled pagefile.sys for a few to allow the file to not be active and be deleted. Their seems to been a similarity with the file named a000003.sys last time was a0000010.sys and before that like a0000010.sys? Attaching files here let me know thanks.

Attached Files



#4 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 11 May 2012 - 03:35 PM

Here is the dds logs they are attached if this is ok?

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:40 PM

Posted 12 May 2012 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I have reviewed all your logs. All clean.

At this time I can only suggest you execute these instructions.

Delete these files in bold.
02:32:37.031 File: C:\Program Files\Panda Security\Panda ActiveScan Cleaner\PRFIH.dll **INFECTED** Win32:VB-CUN [Trj]
02:54:42.640 File: C:\TDSSKiller_Quarantine\03.05.2012_20.37.26\susp0000\svc0000\tsk0000.dta **INFECTED** Win32:Zeroot-B [Rtk]
02:54:43.640 File: C:\TDSSKiller_Quarantine\03.05.2012_20.37.26\susp0003\svc0000\tsk0000.dta **INFECTED** Win32:Zeroot-B [Rtk]
02:54:45.015 File: C:\TDSSKiller_Quarantine\04.04.2012_19.06.25\susp0000\svc0000\tsk0000.dta **INFECTED** Win32:Zeroot-B [Rtk]
===

Download HostsXpert

Tutorial, go here:
http://i28.photobucket.com/albums/c227/tetonbob/emoticons/HostsXpert4.jpg
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Download
  • Click: MVPs Hosts
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.
Note: If a custom Hosts file was in place, also edit those entries back in.
*/*
I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.

All you need to know about the hosts file.
http://www.mvps.org/winhelp2002/hosts.htm
====

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists with this computer.

#6 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 12 May 2012 - 06:55 PM

The problems still are slow system performance. Start up takes 10 mins to start. Sound seems to studder when starting until I clear the pagefile.sys than I works ok for a while. Running Avast free anti-virus from Windows Comsumer Preview 8 seems to find pagefile.sys infected when scanning in xp (which is slow) it does not come up with that scan. Now running Eset online scanner will post when finshed also ran Microsoft Safety Scanner took 13 hours and found nothing, Did a Norton Recovery Boot Tool boot scan it found nothing want to try NBRT NPE but not yet able to connect a wired connection It is what found the first root kit infection but could not remove it than did their zeroaccess fi download it also could not fi than on my own I did combo fix it work at first than I became reinfected with in hours. I am doing nothing on the XP system but virus scans of all sorts! Will be test all other free trial virus scanners. I know that I should only use one so disabling them should do the trick as far as conflicting with each other. Can you tell me why one virus scanner will notice the infection and others don't you got a recommendation of a paid scanner? You know of any scanner that are not just usaual market (e. Norton, Kaspersky, Avast) like even if it costed $200 - 300 or more but would be better than the rest? Sorry a little off topic their just wanted suggestion if possible. Will be back in a bit. Did also in past have infection in my website files that I upload to server ( my site RTW Merchants) but that was after I uploaded the files and after 20 some scans did it find the the files became infected! Wow! Well thanks BRB

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:40 PM

Posted 13 May 2012 - 08:57 AM

Step 1. Download TDSSKiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Step 2. Place TDSSKiller.exe in Malwarebytes Chameleon folder.
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o <- include the quotes.

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4. Execute TDSSKiller.exe by doubleclicking on it.
On a Windows Vista or 7 Right click the .exe and run as an Administrator.
Press Start Scan
If Malicious objects are found, ensure Cure is selected (it should be by default)
Click Continue then click Reboot now
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.version_date_time_log.txt

Attach that log, please.

#8 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 13 May 2012 - 11:14 AM

Alright have done what was requested and here is the logs from tddskiller. Found nothing. I'd attach but said it swas to long to attach. So I'll try to post it here!
11:41:06.0281 1464 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:41:08.0312 1464 ============================================================
11:41:08.0312 1464 Current date / time: 2012/05/13 11:41:08.0312
11:41:08.0312 1464 SystemInfo:
11:41:08.0312 1464
11:41:08.0312 1464 OS Version: 5.1.2600 ServicePack: 3.0
11:41:08.0312 1464 Product type: Workstation
11:41:08.0312 1464 ComputerName: ACER-6E40E97492
11:41:08.0312 1464 Windows directory: C:\WINDOWS
11:41:08.0312 1464 System windows directory: C:\WINDOWS
11:41:08.0312 1464 Processor architecture: Intel x86
11:41:08.0312 1464 Number of processors: 2
11:41:08.0328 1464 Page size: 0x1000
11:41:08.0328 1464 Boot type: Normal boot
11:41:08.0328 1464 ============================================================
11:41:16.0421 1464 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x2CDD3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1B, Type 'K0', Flags 0x00000054
11:41:16.0484 1464 ============================================================
11:41:16.0484 1464 \Device\Harddisk0\DR0:
11:41:16.0515 1464 MBR partitions:
11:41:16.0531 1464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x4F9C9C3
11:41:16.0531 1464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x595F000, BlocksNum 0xD0B9800
11:41:16.0531 1464 ============================================================
11:41:16.0765 1464 C: <-> \Device\Harddisk0\DR0\Partition0
11:41:16.0890 1464 D: <-> \Device\Harddisk0\DR0\Partition1
11:41:16.0890 1464 ============================================================
11:41:16.0890 1464 Initialize success
11:41:16.0890 1464 ============================================================
11:41:29.0750 1508 ============================================================
11:41:29.0750 1508 Scan started
11:41:29.0765 1508 Mode: Manual;
11:41:29.0765 1508 ============================================================
11:41:37.0062 1508 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
11:41:37.0203 1508 6to4 - ok
11:41:38.0156 1508 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:41:38.0203 1508 Aavmker4 - ok
11:41:38.0234 1508 Abiosdsk - ok
11:41:38.0703 1508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:41:38.0750 1508 abp480n5 - ok
11:41:41.0171 1508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:41:41.0390 1508 ACPI - ok
11:41:41.0468 1508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:41:41.0656 1508 ACPIEC - ok
11:41:43.0750 1508 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:44.0093 1508 AdobeFlashPlayerUpdateSvc - ok
11:41:44.0796 1508 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:41:44.0921 1508 adpu160m - ok
11:41:45.0453 1508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:41:45.0984 1508 aec - ok
11:41:57.0687 1508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:41:58.0296 1508 AFD - ok
11:42:00.0656 1508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:42:00.0750 1508 agp440 - ok
11:42:01.0718 1508 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:42:01.0828 1508 agpCPQ - ok
11:42:03.0500 1508 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:42:03.0578 1508 Aha154x - ok
11:42:04.0859 1508 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:42:04.0953 1508 aic78u2 - ok
11:42:08.0734 1508 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:42:08.0875 1508 aic78xx - ok
11:42:11.0718 1508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:42:11.0937 1508 Alerter - ok
11:42:16.0000 1508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:42:16.0093 1508 ALG - ok
11:42:16.0421 1508 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:42:17.0046 1508 AliIde - ok
11:42:22.0796 1508 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:42:27.0687 1508 alim1541 - ok
11:43:35.0968 1508 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:43:40.0078 1508 Ambfilt - ok
11:43:45.0484 1508 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:43:45.0546 1508 amdagp - ok
11:43:45.0593 1508 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:43:45.0609 1508 amsint - ok
11:43:45.0640 1508 AppMgmt - ok
11:43:56.0031 1508 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
11:43:58.0218 1508 AR5416 - ok
11:43:59.0156 1508 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:43:59.0203 1508 asc - ok
11:43:59.0671 1508 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:43:59.0703 1508 asc3350p - ok
11:43:59.0812 1508 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:43:59.0828 1508 asc3550 - ok
11:44:00.0171 1508 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:44:00.0593 1508 aspnet_state - ok
11:44:00.0687 1508 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:44:00.0718 1508 aswFsBlk - ok
11:44:00.0843 1508 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
11:44:00.0937 1508 aswMon2 - ok
11:44:01.0015 1508 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
11:44:01.0046 1508 AswRdr - ok
11:44:02.0937 1508 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
11:44:03.0812 1508 aswSnx - ok
11:44:05.0234 1508 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
11:44:05.0812 1508 aswSP - ok
11:44:06.0000 1508 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
11:44:06.0062 1508 aswTdi - ok
11:44:06.0203 1508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:06.0296 1508 AsyncMac - ok
11:44:06.0843 1508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:07.0000 1508 atapi - ok
11:44:07.0046 1508 Atdisk - ok
11:44:07.0281 1508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:07.0343 1508 Atmarpc - ok
11:44:07.0968 1508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:44:08.0000 1508 AudioSrv - ok
11:44:08.0062 1508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:08.0140 1508 audstub - ok
11:44:08.0843 1508 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:44:08.0906 1508 avast! Antivirus - ok
11:44:09.0796 1508 BBSvc (ceabb1e93186e7056ea46cbad8f8fd85) C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe
11:44:10.0015 1508 BBSvc - ok
11:44:11.0750 1508 BBUpdate (c0d34db1235b6a5c3df5a5c212d67f73) C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe
11:44:11.0984 1508 BBUpdate - ok
11:44:12.0062 1508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:44:12.0093 1508 Beep - ok
11:44:14.0921 1508 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
11:44:16.0015 1508 BHDrvx86 - ok
11:44:16.0953 1508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:44:17.0421 1508 BITS - ok
11:44:19.0078 1508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:44:19.0171 1508 Browser - ok
11:44:19.0843 1508 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:44:19.0875 1508 BthEnum - ok
11:44:20.0343 1508 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
11:44:20.0421 1508 BTHMODEM - ok
11:44:20.0906 1508 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:44:21.0000 1508 BthPan - ok
11:44:22.0343 1508 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
11:44:23.0343 1508 BTHPORT - ok
11:44:23.0953 1508 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
11:44:24.0031 1508 BthServ - ok
11:44:24.0218 1508 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:44:24.0609 1508 BTHUSB - ok
11:44:25.0046 1508 catchme - ok
11:44:25.0125 1508 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:44:25.0156 1508 cbidf - ok
11:44:25.0187 1508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:25.0203 1508 cbidf2k - ok
11:44:25.0281 1508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:44:25.0296 1508 CCDECODE - ok
11:44:25.0812 1508 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
11:44:26.0062 1508 ccSet_NIS - ok
11:44:26.0125 1508 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:44:26.0140 1508 cd20xrnt - ok
11:44:26.0234 1508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:26.0281 1508 Cdaudio - ok
11:44:27.0000 1508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:27.0046 1508 Cdfs - ok
11:44:27.0187 1508 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:27.0250 1508 Cdrom - ok
11:44:27.0281 1508 Changer - ok
11:44:27.0359 1508 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:44:27.0375 1508 cisvc - ok
11:44:27.0437 1508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:44:27.0468 1508 ClipSrv - ok
11:44:28.0078 1508 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:44:28.0250 1508 clr_optimization_v2.0.50727_32 - ok
11:44:28.0781 1508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:44:28.0906 1508 clr_optimization_v4.0.30319_32 - ok
11:44:28.0968 1508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:44:28.0984 1508 CmBatt - ok
11:44:29.0031 1508 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:44:29.0031 1508 CmdIde - ok
11:44:29.0062 1508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:44:29.0078 1508 Compbatt - ok
11:44:29.0093 1508 COMSysApp - ok
11:44:29.0171 1508 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:44:29.0187 1508 Cpqarray - ok
11:44:29.0328 1508 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
11:44:29.0343 1508 cpudrv - ok
11:44:29.0359 1508 cpuz134 - ok
11:44:29.0468 1508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:44:29.0671 1508 CryptSvc - ok
11:44:29.0968 1508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:44:30.0109 1508 dac2w2k - ok
11:44:30.0156 1508 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:44:30.0171 1508 dac960nt - ok
11:44:30.0265 1508 dc3d (b7ef38c2c22a7805de919cff5e16a372) C:\WINDOWS\system32\DRIVERS\dc3d.sys
11:44:30.0296 1508 dc3d - ok
11:44:31.0046 1508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:44:31.0375 1508 DcomLaunch - ok
11:44:31.0843 1508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:44:31.0953 1508 Dhcp - ok
11:44:32.0000 1508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:32.0031 1508 Disk - ok
11:44:32.0062 1508 DKbFltr - ok
11:44:32.0078 1508 dmadmin - ok
11:44:34.0015 1508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:44:34.0953 1508 dmboot - ok
11:44:35.0171 1508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:44:35.0312 1508 dmio - ok
11:44:35.0343 1508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:44:35.0375 1508 dmload - ok
11:44:35.0437 1508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:44:35.0453 1508 dmserver - ok
11:44:35.0875 1508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:44:35.0953 1508 DMusic - ok
11:44:36.0046 1508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:44:36.0093 1508 Dnscache - ok
11:44:36.0265 1508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:44:36.0359 1508 Dot3svc - ok
11:44:36.0406 1508 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:44:36.0421 1508 dpti2o - ok
11:44:36.0453 1508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:36.0468 1508 drmkaud - ok
11:44:36.0843 1508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:44:36.0875 1508 EapHost - ok
11:44:37.0359 1508 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:44:37.0750 1508 eeCtrl - ok
11:44:38.0046 1508 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:44:38.0156 1508 EraserUtilRebootDrv - ok
11:44:38.0328 1508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:44:38.0375 1508 ERSvc - ok
11:44:38.0875 1508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:44:38.0984 1508 Eventlog - ok
11:44:39.0234 1508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:44:39.0453 1508 EventSystem - ok
11:44:39.0968 1508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:40.0093 1508 Fastfat - ok
11:44:40.0265 1508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:44:40.0375 1508 FastUserSwitchingCompatibility - ok
11:44:40.0421 1508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:44:40.0453 1508 Fdc - ok
11:44:40.0515 1508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:44:40.0609 1508 Fips - ok
11:44:40.0890 1508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:44:40.0906 1508 Flpydisk - ok
11:44:41.0046 1508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:44:41.0171 1508 FltMgr - ok
11:44:41.0296 1508 fltsrv (c7f875e5d98974b0a4a385e6759af677) C:\WINDOWS\system32\DRIVERS\fltsrv.sys
11:44:41.0359 1508 fltsrv - ok
11:44:41.0843 1508 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:44:41.0921 1508 FontCache3.0.0.0 - ok
11:44:42.0031 1508 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:44:42.0078 1508 fssfltr - ok
11:44:43.0109 1508 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:44:43.0890 1508 fsssvc - ok
11:44:44.0093 1508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:44.0125 1508 Fs_Rec - ok
11:44:44.0265 1508 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
11:44:44.0343 1508 FTDIBUS - ok
11:44:44.0484 1508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:44.0656 1508 Ftdisk - ok
11:44:44.0984 1508 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
11:44:45.0046 1508 FTSER2K - ok
11:44:45.0140 1508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:45.0171 1508 Gpc - ok
11:44:45.0328 1508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:44:45.0437 1508 HDAudBus - ok
11:44:45.0562 1508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:44:45.0593 1508 helpsvc - ok
11:44:45.0640 1508 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:44:45.0671 1508 HidServ - ok
11:44:45.0703 1508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:45.0734 1508 HidUsb - ok
11:44:45.0828 1508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:44:45.0906 1508 hkmsvc - ok
11:44:45.0984 1508 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:44:46.0000 1508 hpn - ok
11:44:46.0296 1508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:46.0500 1508 HTTP - ok
11:44:46.0578 1508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:44:46.0593 1508 HTTPFilter - ok
11:44:46.0625 1508 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:44:46.0640 1508 i2omgmt - ok
11:44:46.0687 1508 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:44:46.0703 1508 i2omp - ok
11:44:46.0796 1508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:46.0843 1508 i8042prt - ok
11:44:51.0859 1508 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:44:56.0796 1508 ialm - ok
11:44:57.0890 1508 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:44:58.0656 1508 idsvc - ok
11:44:59.0093 1508 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120511.001\IDSxpx86.sys
11:44:59.0375 1508 IDSxpx86 - ok
11:44:59.0953 1508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:44:59.0984 1508 Imapi - ok
11:45:00.0156 1508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:45:00.0281 1508 ImapiService - ok
11:45:00.0343 1508 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:45:00.0359 1508 ini910u - ok
11:45:00.0453 1508 int15.sys - ok
11:45:06.0828 1508 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:45:12.0859 1508 IntcAzAudAddService - ok
11:45:13.0609 1508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:45:13.0625 1508 IntelIde - ok
11:45:13.0687 1508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:45:13.0734 1508 intelppm - ok
11:45:13.0796 1508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:45:13.0843 1508 Ip6Fw - ok
11:45:13.0921 1508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:45:13.0968 1508 IpFilterDriver - ok
11:45:14.0031 1508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:45:14.0046 1508 IpInIp - ok
11:45:14.0359 1508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:45:14.0531 1508 IpNat - ok
11:45:14.0640 1508 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
11:45:14.0687 1508 Iprip - ok
11:45:14.0765 1508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:45:14.0828 1508 IPSec - ok
11:45:14.0890 1508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:45:14.0906 1508 IRENUM - ok
11:45:14.0968 1508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:45:15.0000 1508 isapnp - ok
11:45:15.0296 1508 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:45:15.0437 1508 JavaQuickStarterService - ok
11:45:15.0593 1508 JMCR (96fd653cb89280a4079a2e037be574f7) C:\WINDOWS\system32\DRIVERS\jmcr.sys
11:45:15.0734 1508 JMCR - ok
11:45:15.0828 1508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:45:15.0859 1508 Kbdclass - ok
11:45:15.0906 1508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:45:15.0937 1508 kbdhid - ok
11:45:16.0140 1508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:45:16.0312 1508 kmixer - ok
11:45:16.0359 1508 km_filter (d59657714e1c85a6584663970c052cb6) C:\WINDOWS\system32\drivers\km_filter.sys
11:45:16.0375 1508 km_filter - ok
11:45:16.0500 1508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:45:16.0578 1508 KSecDD - ok
11:45:16.0718 1508 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:45:16.0812 1508 LanmanServer - ok
11:45:16.0968 1508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:45:17.0093 1508 lanmanworkstation - ok
11:45:17.0109 1508 LaptopService - ok
11:45:17.0140 1508 lbrtfdc - ok
11:45:17.0218 1508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:45:17.0250 1508 LmHosts - ok
11:45:17.0421 1508 M3000Srv (29ed05c1dafd2e830dfe48de212dd34f) C:\WINDOWS\system32\Drivers\M3000KNT.sys
11:45:17.0546 1508 M3000Srv - ok
11:45:17.0593 1508 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:45:17.0625 1508 mbamchameleon - ok
11:45:17.0718 1508 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
11:45:17.0734 1508 MBAMProtector - ok
11:45:18.0312 1508 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:45:18.0906 1508 MBAMService - ok
11:45:18.0937 1508 mcdbus - ok
11:45:19.0031 1508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:45:19.0062 1508 Messenger - ok
11:45:19.0125 1508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:45:19.0125 1508 mnmdd - ok
11:45:19.0187 1508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:45:19.0218 1508 mnmsrvc - ok
11:45:19.0281 1508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:45:19.0296 1508 Modem - ok
11:45:20.0484 1508 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:45:21.0656 1508 Monfilt - ok
11:45:22.0437 1508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:45:22.0453 1508 Mouclass - ok
11:45:22.0531 1508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:45:22.0546 1508 mouhid - ok
11:45:22.0593 1508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:45:22.0640 1508 MountMgr - ok
11:45:22.0671 1508 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:45:22.0687 1508 mraid35x - ok
11:45:22.0906 1508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:45:23.0062 1508 MRxDAV - ok
11:45:23.0453 1508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:45:23.0859 1508 MRxSmb - ok
11:45:23.0906 1508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:45:23.0937 1508 MSDTC - ok
11:45:24.0015 1508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:45:24.0031 1508 Msfs - ok
11:45:24.0046 1508 MSIServer - ok
11:45:24.0109 1508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:45:24.0109 1508 MSKSSRV - ok
11:45:24.0140 1508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:45:24.0156 1508 MSPCLOCK - ok
11:45:24.0187 1508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:45:24.0203 1508 MSPQM - ok
11:45:24.0250 1508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:45:24.0265 1508 mssmbios - ok
11:45:24.0312 1508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:45:24.0328 1508 MSTEE - ok
11:45:24.0453 1508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:45:24.0531 1508 Mup - ok
11:45:24.0640 1508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:45:24.0718 1508 NABTSFEC - ok
11:45:25.0015 1508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:45:25.0265 1508 napagent - ok
11:45:25.0515 1508 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120512.016\NAVENG.SYS
11:45:25.0609 1508 NAVENG - ok
11:45:26.0953 1508 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120512.016\NAVEX15.SYS
11:45:28.0203 1508 NAVEX15 - ok
11:45:29.0156 1508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:45:29.0296 1508 NDIS - ok
11:45:29.0343 1508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:45:29.0359 1508 NdisIP - ok
11:45:29.0421 1508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:45:29.0437 1508 NdisTapi - ok
11:45:29.0468 1508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:45:29.0484 1508 Ndisuio - ok
11:45:29.0593 1508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:45:29.0671 1508 NdisWan - ok
11:45:29.0750 1508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:45:29.0781 1508 NDProxy - ok
11:45:29.0843 1508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:45:29.0875 1508 NetBIOS - ok
11:45:30.0062 1508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:45:30.0234 1508 NetBT - ok
11:45:30.0375 1508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:45:30.0468 1508 NetDDE - ok
11:45:30.0500 1508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:45:30.0515 1508 NetDDEdsdm - ok
11:45:30.0562 1508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:45:30.0578 1508 Netlogon - ok
11:45:30.0796 1508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:45:31.0000 1508 Netman - ok
11:45:31.0281 1508 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:45:31.0390 1508 NetTcpPortSharing - ok
11:45:31.0453 1508 NielGfx (372631a6ddf9be64c713dd221eecc6af) C:\WINDOWS\system32\drivers\nielgfx.sys
11:45:31.0453 1508 NielGfx - ok
11:45:31.0515 1508 nielprt (52e0fc19acbc9b0fef19ac50bb008c6d) C:\WINDOWS\system32\DRIVERS\nielprt.sys
11:45:31.0531 1508 nielprt - ok
11:45:31.0968 1508 NielsenUpdate (c86e60ce7fea4e00891036b29344bc02) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
11:45:32.0234 1508 NielsenUpdate - ok
11:45:32.0468 1508 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
11:45:32.0609 1508 NIS - ok
11:45:32.0859 1508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:45:33.0109 1508 Nla - ok
11:45:33.0156 1508 nnrnstdi (66f6952248ece6b791629ba6c1ff7568) C:\WINDOWS\system32\drivers\nnrnstdi.sys
11:45:33.0171 1508 nnrnstdi - ok
11:45:33.0234 1508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:45:33.0265 1508 Npfs - ok
11:45:33.0765 1508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:45:34.0328 1508 Ntfs - ok
11:45:34.0468 1508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:45:34.0468 1508 NtLmSsp - ok
11:45:34.0890 1508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:45:35.0234 1508 NtmsSvc - ok
11:45:35.0312 1508 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
11:45:35.0328 1508 NuidFltr - ok
11:45:35.0390 1508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:45:35.0390 1508 Null - ok
11:45:35.0437 1508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:45:35.0453 1508 NwlnkFlt - ok
11:45:35.0500 1508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:45:35.0531 1508 NwlnkFwd - ok
11:45:35.0640 1508 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
11:45:35.0703 1508 p2pgasvc - ok
11:45:36.0078 1508 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
11:45:36.0437 1508 p2pimsvc - ok
11:45:36.0484 1508 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
11:45:36.0515 1508 p2psvc - ok
11:45:36.0609 1508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:45:36.0671 1508 Parport - ok
11:45:36.0718 1508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:45:36.0750 1508 PartMgr - ok
11:45:36.0781 1508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:45:36.0796 1508 ParVdm - ok
11:45:36.0859 1508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:45:36.0921 1508 PCI - ok
11:45:36.0937 1508 PCIDump - ok
11:45:36.0968 1508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:45:36.0984 1508 PCIIde - ok
11:45:37.0109 1508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:45:37.0203 1508 Pcmcia - ok
11:45:37.0218 1508 PDCOMP - ok
11:45:37.0234 1508 PDFRAME - ok
11:45:37.0265 1508 PDRELI - ok
11:45:37.0296 1508 PDRFRAME - ok
11:45:37.0328 1508 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:45:37.0359 1508 perc2 - ok
11:45:37.0375 1508 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:45:37.0437 1508 perc2hib - ok
11:45:37.0859 1508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:45:37.0875 1508 PlugPlay - ok
11:45:37.0921 1508 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
11:45:37.0937 1508 PNRPSvc - ok
11:45:38.0031 1508 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
11:45:38.0078 1508 Point32 - ok
11:45:38.0109 1508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:45:38.0125 1508 PolicyAgent - ok
11:45:38.0203 1508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:45:38.0234 1508 PptpMiniport - ok
11:45:38.0265 1508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:45:38.0281 1508 ProtectedStorage - ok
11:45:38.0359 1508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:45:38.0734 1508 PSched - ok
11:45:38.0765 1508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:45:38.0796 1508 Ptilink - ok
11:45:38.0859 1508 pwdrvio (681ae4f1927fe0fdeee2863f1684088d) C:\WINDOWS\system32\pwdrvio.sys
11:45:38.0875 1508 pwdrvio - ok
11:45:38.0921 1508 pwdspio (bc60895ce021309ebd887d2f22055654) C:\WINDOWS\system32\pwdspio.sys
11:45:38.0937 1508 pwdspio - ok
11:45:39.0015 1508 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:45:39.0046 1508 ql1080 - ok
11:45:39.0156 1508 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:45:39.0187 1508 Ql10wnt - ok
11:45:39.0250 1508 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:45:39.0281 1508 ql12160 - ok
11:45:39.0359 1508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:45:39.0437 1508 ql1240 - ok
11:45:39.0796 1508 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:45:39.0828 1508 ql1280 - ok
11:45:39.0875 1508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:45:39.0875 1508 RasAcd - ok
11:45:39.0984 1508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:45:40.0078 1508 RasAuto - ok
11:45:40.0156 1508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:45:40.0203 1508 Rasl2tp - ok
11:45:40.0390 1508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:45:40.0625 1508 RasMan - ok
11:45:40.0890 1508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:45:40.0937 1508 RasPppoe - ok
11:45:40.0984 1508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:45:41.0015 1508 Raspti - ok
11:45:41.0218 1508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:45:41.0359 1508 Rdbss - ok
11:45:41.0390 1508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:45:41.0406 1508 RDPCDD - ok
11:45:41.0609 1508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:45:41.0765 1508 rdpdr - ok
11:45:41.0937 1508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:45:42.0093 1508 RDPWD - ok
11:45:42.0250 1508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:45:42.0375 1508 RDSessMgr - ok
11:45:42.0453 1508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:45:42.0500 1508 redbook - ok
11:45:42.0578 1508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:45:42.0625 1508 RemoteAccess - ok
11:45:42.0703 1508 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:45:42.0765 1508 RFCOMM - ok
11:45:42.0875 1508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:45:42.0953 1508 RpcLocator - ok
11:45:43.0328 1508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:45:43.0343 1508 RpcSs - ok
11:45:43.0500 1508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:45:43.0625 1508 RSVP - ok
11:45:43.0937 1508 RTLE8023xp (71439e5bf872a91db450641be445f51c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:45:44.0265 1508 RTLE8023xp - ok
11:45:44.0343 1508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:45:44.0359 1508 SamSs - ok
11:45:44.0484 1508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:45:44.0562 1508 SCardSvr - ok
11:45:44.0781 1508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:45:44.0953 1508 Schedule - ok
11:45:45.0078 1508 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:45:45.0156 1508 sdbus - ok
11:45:46.0312 1508 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:45:47.0312 1508 SDScannerService - ok
11:45:48.0328 1508 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:45:49.0359 1508 SDUpdateService - ok
11:45:50.0343 1508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:45:50.0359 1508 Secdrv - ok
11:45:50.0437 1508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:45:50.0468 1508 seclogon - ok
11:45:50.0531 1508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:45:50.0578 1508 SENS - ok
11:45:50.0609 1508 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:45:50.0640 1508 Serenum - ok
11:45:50.0718 1508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:45:50.0781 1508 Serial - ok
11:45:50.0875 1508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:45:50.0906 1508 Sfloppy - ok
11:45:51.0250 1508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:45:51.0515 1508 SharedAccess - ok
11:45:51.0671 1508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:45:51.0687 1508 ShellHWDetection - ok
11:45:51.0703 1508 Simbad - ok
11:45:51.0781 1508 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
11:45:51.0812 1508 SimpTcp - ok
11:45:51.0906 1508 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:45:51.0937 1508 sisagp - ok
11:45:52.0015 1508 SliceDisk5 - ok
11:45:52.0062 1508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:45:52.0078 1508 SLIP - ok
11:45:52.0265 1508 snapman (f8326833aecd439a78f2df66aafe7f8e) C:\WINDOWS\system32\DRIVERS\snapman.sys
11:45:52.0390 1508 snapman - ok
11:45:52.0468 1508 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
11:45:52.0500 1508 SNMP - ok
11:45:52.0546 1508 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
11:45:52.0578 1508 SNMPTRAP - ok
11:45:52.0609 1508 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:45:52.0625 1508 Sparrow - ok
11:45:52.0687 1508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:45:52.0687 1508 splitter - ok
11:45:52.0812 1508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:45:52.0906 1508 Spooler - ok
11:45:53.0031 1508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:45:53.0109 1508 sr - ok
11:45:53.0296 1508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:45:53.0453 1508 srservice - ok
11:45:54.0187 1508 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
11:45:54.0687 1508 SRTSP - ok
11:45:54.0750 1508 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
11:45:54.0781 1508 SRTSPX - ok
11:45:55.0156 1508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:45:55.0453 1508 Srv - ok
11:45:55.0625 1508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:45:55.0703 1508 SSDPSRV - ok
11:45:56.0078 1508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:45:56.0390 1508 stisvc - ok
11:45:56.0453 1508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:45:56.0468 1508 streamip - ok
11:45:56.0515 1508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:45:56.0531 1508 swenum - ok
11:45:56.0609 1508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:45:56.0656 1508 swmidi - ok
11:45:56.0687 1508 SwPrv - ok
11:45:56.0750 1508 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:45:56.0765 1508 symc810 - ok
11:45:56.0812 1508 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:45:56.0843 1508 symc8xx - ok
11:45:57.0171 1508 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
11:45:57.0437 1508 SymDS - ok
11:45:58.0234 1508 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
11:45:58.0953 1508 SymEFA - ok
11:45:59.0140 1508 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:45:59.0265 1508 SymEvent - ok
11:45:59.0359 1508 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:45:59.0406 1508 SymIM - ok
11:45:59.0421 1508 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
11:45:59.0437 1508 SymIMMP - ok
11:45:59.0593 1508 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
11:45:59.0718 1508 SymIRON - ok
11:46:00.0078 1508 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
11:46:00.0390 1508 SYMTDI - ok
11:46:00.0468 1508 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:46:00.0500 1508 sym_hi - ok
11:46:00.0578 1508 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:46:00.0609 1508 sym_u3 - ok
11:46:00.0859 1508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:46:00.0921 1508 sysaudio - ok
11:46:01.0078 1508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:46:01.0171 1508 SysmonLog - ok
11:46:01.0437 1508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:46:01.0656 1508 TapiSrv - ok
11:46:02.0015 1508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:46:02.0328 1508 Tcpip - ok
11:46:02.0578 1508 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
11:46:02.0765 1508 Tcpip6 - ok
11:46:02.0828 1508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:46:02.0843 1508 TDPIPE - ok
11:46:02.0875 1508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:46:02.0906 1508 TDTCP - ok
11:46:02.0984 1508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:46:03.0031 1508 TermDD - ok
11:46:03.0328 1508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:46:03.0609 1508 TermService - ok
11:46:03.0765 1508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:46:03.0781 1508 Themes - ok
11:46:03.0843 1508 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:46:03.0859 1508 TosIde - ok
11:46:03.0968 1508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:46:04.0062 1508 TrkWks - ok
11:46:05.0531 1508 TuneUp.UtilitiesSvc (f5c1dade735d6213309e519ae053b818) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
11:46:06.0812 1508 TuneUp.UtilitiesSvc - ok
11:46:06.0875 1508 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
11:46:06.0875 1508 TuneUpUtilitiesDrv - ok
11:46:07.0562 1508 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:46:07.0578 1508 tunmp - ok
11:46:07.0671 1508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:46:07.0750 1508 Udfs - ok
11:46:07.0828 1508 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:46:07.0859 1508 ultra - ok
11:46:08.0234 1508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:46:08.0578 1508 Update - ok
11:46:08.0781 1508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:46:09.0000 1508 upnphost - ok
11:46:09.0062 1508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:46:09.0093 1508 UPS - ok
11:46:09.0171 1508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:46:09.0187 1508 usbccgp - ok
11:46:09.0265 1508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:46:09.0296 1508 usbehci - ok
11:46:09.0359 1508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:46:09.0421 1508 usbhub - ok
11:46:09.0515 1508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:46:09.0546 1508 USBSTOR - ok
11:46:09.0609 1508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:46:09.0625 1508 usbuhci - ok
11:46:09.0703 1508 UxTuneUp (14395a9948d89325175b9ef944f6cf26) C:\WINDOWS\System32\uxtuneup.dll
11:46:09.0734 1508 UxTuneUp - ok
11:46:09.0796 1508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:46:09.0812 1508 VgaSave - ok
11:46:09.0890 1508 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:46:09.0921 1508 viaagp - ok
11:46:09.0953 1508 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:46:09.0968 1508 ViaIde - ok
11:46:10.0046 1508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:46:10.0078 1508 VolSnap - ok
11:46:10.0390 1508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:46:10.0671 1508 VSS - ok
11:46:10.0859 1508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:46:11.0015 1508 W32Time - ok
11:46:11.0109 1508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:46:11.0156 1508 Wanarp - ok
11:46:11.0609 1508 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:46:12.0000 1508 Wdf01000 - ok
11:46:12.0031 1508 WDICA - ok
11:46:12.0125 1508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:46:12.0203 1508 wdmaud - ok
11:46:12.0312 1508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:46:12.0375 1508 WebClient - ok
11:46:12.0625 1508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:46:12.0812 1508 winmgmt - ok
11:46:14.0000 1508 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
11:46:15.0000 1508 WinRM - ok
11:46:15.0125 1508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:46:15.0156 1508 WmdmPmSN - ok
11:46:15.0312 1508 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:46:15.0328 1508 WmiAcpi - ok
11:46:15.0484 1508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:46:15.0593 1508 WmiApSrv - ok
11:46:16.0531 1508 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:46:17.0296 1508 WMPNetworkSvc - ok
11:46:18.0359 1508 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:46:18.0968 1508 WPFFontCache_v0400 - ok
11:46:19.0500 1508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:46:19.0515 1508 WS2IFSL - ok
11:46:19.0734 1508 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:46:19.0812 1508 wscsvc - ok
11:46:19.0828 1508 WSearch - ok
11:46:19.0906 1508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:46:19.0921 1508 WSTCODEC - ok
11:46:19.0968 1508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:46:19.0984 1508 wuauserv - ok
11:46:20.0109 1508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:46:20.0171 1508 WudfPf - ok
11:46:20.0265 1508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:46:20.0343 1508 WudfRd - ok
11:46:20.0437 1508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:46:20.0500 1508 WudfSvc - ok
11:46:20.0937 1508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:46:21.0343 1508 WZCSVC - ok
11:46:21.0375 1508 XAMPP - ok
11:46:21.0562 1508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:46:21.0671 1508 xmlprov - ok
11:46:21.0828 1508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:46:22.0468 1508 \Device\Harddisk0\DR0 - ok
11:46:22.0468 1508 Boot (0x1200) (0b6e61d71ea102cca007d0152165a3ae) \Device\Harddisk0\DR0\Partition0
11:46:22.0484 1508 \Device\Harddisk0\DR0\Partition0 - ok
11:46:22.0515 1508 Boot (0x1200) (c37349c0197e7865dda1f4d41c64b3ea) \Device\Harddisk0\DR0\Partition1
11:46:22.0531 1508 \Device\Harddisk0\DR0\Partition1 - ok
11:46:22.0531 1508 ============================================================
11:46:22.0531 1508 Scan finished
11:46:22.0531 1508 ============================================================
11:46:22.0562 4432 Detected object count: 0
11:46:22.0562 4432 Actual detected object count: 0
11:49:51.0718 2540 Deinitialize success

#9 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 13 May 2012 - 07:30 PM

Also having problems using msconfig it will not allow me to save the changes because of not having administrator rights even though I am the admin and have also tried safe mode User name: Administrator and it will say the same things! I can manually edit the boot log I did so by adding the /sos. I am now undoing the /sos manually. Sound is choppy when starting up in past off and on it was fine. Logging into safe mode seems to be faster and normal with no problems. I uninstalled two tool bars and ran ESet online scanner took 8 hours but found some adware (tool bars and apps which I use but is fine that it removed them) and some type html/srcgen.b in my website files I have lots of lots of log files from scanners and did see this type in one that was also found in the registry and removed. Just uninstalled combofix it was complete. Seen some thing searching with Google that had a fix for policies and privileges that would reset them to original setting but did not use the idea yet. Still slower than expected starting up in past timed @ about 3mins should be good but now is like 7 - 10mins. I have TuneUp Utilities 2011 installed that does the cleaning and am looking into other Optimization tools. Use to use IOBit.com program that help to deeply unintstall programs it was really great until it deleted a main system file (nomalz.dll) but was very easy to fix by replacing file so I left it alone for the last past year. Is their a cleaner thats free for now that I could get to do a search for left over files, registry enteries, and system connections.? I have not the money right now maybe in month to buy any programs. Also in past I disabled agp440.sys from starting up and today enabled it again to start up auto. Will get back with what I am doing in a littler bit. Thanks for the help!

#10 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 14 May 2012 - 12:53 AM

After unintstalling bing bar and bablyon toolbar my internet connection seized no browsers able to connect to internet on that system. Tried reseting and all it say when using Network Diagnosis Tool that winsock catalog is something and will try to fix have to restart but no luck. Uninstalling wireless card and reinstalling with a better updated driver. Did start in safemode no networking Administrator icon (still saying when using msconfig no access or rights to change but does some times works other times it does not!) and ran MalwareBytes quick scan and it came back with a trojan.downloader infection again. Restarted and still no connection to internet through browsers. Here is Log of infection

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: ACER-6E40E97492 [administrator]

Protection: Disabled

5/14/2012 12:46:03 AM
mbam-log-2012-05-14 (00-59-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241973
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 14 May 2012 - 04:49 AM

I have now fixed the winsock problem by safemode command prompt: netsh winsock reset . I have re-ran Malwarebytes to see if it could fix the problem and have done three scans and now nothing comes up. I see in the log file it says that no actions taken but I clicked apply to remove entery I did though before doing that opened the file location Malwarebytes offered to do it and nothing was their! FP or just came and gone? Computer still a little hesitant to start in safemode some slowerness than usual! I will if not answered back take video of startup and post to youtube to be seen. I get this black screen when starting up for about 30 sec than shows users to log in which even in safemode takes like 20 secs to select a user.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:40 PM

Posted 14 May 2012 - 08:21 AM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please let me know what problem persists.

#13 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 14 May 2012 - 08:54 AM

Ok will run again and I believe I have the last log with 29 infections most were tool bars. I just got a BSOD and this will be the forth in the past week. IRQL_NOT_EQUAL_OR_LESS it still dumping the cache. I seem not to have a working browser now with normal boot up but in safemode they work (Chrome, IE 8) Uninstalled ComboFix then believe not being able to connect to internet. I also have a Panda Active Scan log and looking toward running KasperSky free scan have not yet tried that out. I will first run ESet again! Will get back to you ASAP Would like to make a boot log and submit it to see if theirs something their that should not be that is slowing the computer down. You mind if I send something like this and can you tell me anything about my boot up? Is their a better program out their that Would log the booting than Windows XP /bootlog option? Please and thanks!

#14 Rod Warrix

Rod Warrix
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:06:40 PM

Posted 14 May 2012 - 08:58 AM

Sorry to post so much but I think I should add to BSOD when computer restarted Windows 8 Consumer Preview started to repair drive C:\ this has happened before like running Norton IS 2012 and it stopped than when restarted it had to repair this is like the seventh time this has happened but it does repair and is good to go to load even though slow XP.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:40 PM

Posted 14 May 2012 - 12:38 PM

We Need to Diagnose Your BlueScreen

1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter

Safe Mode

2. Select "Disable Automatic Restart on System Failure", as shown here:

Posted Image

When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Posted Image

A file name might be listed too. Please report this in your next post




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users