Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Stuff Going On..Please Help Me


  • Please log in to reply
22 replies to this topic

#1 cherdon

cherdon

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 08:30 AM

Within the last few days I have noticed strange things happening on my computer. The desktop is forever changing from windows classic to windows classic modified to windows xp. I use google as my homepage and its normally white, lately its all black at the top where the file, edit, view etc is not viewable. Ive gotten suspended from Twitter 3x in the last week for apparently aggressive following behaviour and spamming which I have done neither. I cannot click on any links in my gmail acct because it goes to about blank addy bar with nothing there. I cant receive any wordpress or feedburner email subscriptions to my outlook express. I have a paid Norton Internet Security which when scanned says everythings fine which it isn't. Ive tried Malwarebytes and a few other programs but the good ones wont fix anything unless you register them. I ran ESET online scanner and it came up with the following:

A variant of Win32/InstallCore.D application
A variant of Win32/Toolbar.Widgi application

Also I have a Dll missing which I wrote down somewhere but cant find it now :-(

At this time I cannot take this puter in to get a fresh install and I dont know how to do it myself so I'm hoping someone here can help me at least elimate some or all of the above problems I have mentioned in simple terms. I need to also find a good malware program or whatever is causing these issues that will actually fix the problem without having to purchase it online. Any help you can give me would be greatly appreciated. Thank you.

Edited by hamluis, 13 May 2012 - 08:37 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 13 May 2012 - 02:26 PM

Hello and welcome . Please run these next.

Is your DLL issue a.. "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message??

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 05:19 PM

Mshtml.dll was loaded but the Dll RegisterServer entry point was not found. This file cannot be registered.

#4 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 05:23 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Cheryl (administrator) on 13-05-2012 at 18:22:42
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : cheryl-30e26276

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : 00-25-22-18-87-FE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.17

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Sunday, May 13, 2012 6:33:31 AM

Lease Expires . . . . . . . . . . : Wednesday, May 16, 2012 6:33:31 AM

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.71, 74.125.226.67, 74.125.226.65, 74.125.226.78
74.125.226.66, 74.125.226.72, 74.125.226.73, 74.125.226.70, 74.125.226.64
74.125.226.68, 74.125.226.69



Pinging google.com [74.125.226.71] with 32 bytes of data:



Reply from 74.125.226.71: bytes=32 time=13ms TTL=54

Reply from 74.125.226.71: bytes=32 time=12ms TTL=54



Ping statistics for 74.125.226.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 13ms, Average = 12ms

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=45ms TTL=52

Reply from 209.191.122.70: bytes=32 time=48ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 48ms, Average = 46ms

Server: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 22 18 87 fe ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.17 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.17 192.168.2.17 20
192.168.2.17 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.17 192.168.2.17 20
224.0.0.0 240.0.0.0 192.168.2.17 192.168.2.17 20
255.255.255.255 255.255.255.255 192.168.2.17 192.168.2.17 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (05/13/2012 06:33:55 AM) (Source: Service Control Manager) (User: )
Description: The Uninterruptible Power Supply service terminated with the following error:
%%2481

Error: (05/13/2012 06:33:46 AM) (Source: UPS) (User: )
Description: The UPS service is not configured correctly.

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2

Error: (05/13/2012 00:33:24 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.4)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AI RoboForm (All Users)
AutoSizer
BufferChm (Version: 140.0.212.000)
C510 (Version: 140.0.344.000)
Destinations (Version: 140.0.167.000)
DeviceDiscovery (Version: 140.0.212.000)
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 140.0.211.000)
Haali Media Splitter
HP Photo Creations (Version: 1.0.0.2024)
HP Update (Version: 5.002.002.002)
HPAppStudio (Version: 140.0.95.000)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 14.0.8117.416)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
Norton Internet Security (Version: 19.7.0.9)
PokerStars.net
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.28.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5730)
Scan (Version: 140.0.80.000)
Segoe UI (Version: 14.0.4327.805)
SolutionCenter (Version: 140.0.214.000)
Status (Version: 140.0.256.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Devices: ================================

Name: Photosmart eStn C510 series
Description: Photosmart eStn C510 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2038.23 MB
Available physical RAM: 1168.26 MB
Total Pagefile: 2143.91 MB
Available Pagefile: 1302.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.12 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:225.86 GB) NTFS

========================= Users: ========================================

User accounts for \\CHERYL-30E26276

Administrator ASPNET Cheryl
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

#5 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 05:29 PM

18:25:59.0500 0732 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:26:00.0579 0732 ============================================================
18:26:00.0579 0732 Current date / time: 2012/05/13 18:26:00.0579
18:26:00.0579 0732 SystemInfo:
18:26:00.0579 0732
18:26:00.0579 0732 OS Version: 5.1.2600 ServicePack: 3.0
18:26:00.0579 0732 Product type: Workstation
18:26:00.0579 0732 ComputerName: CHERYL-30E26276
18:26:00.0579 0732 UserName: Cheryl
18:26:00.0579 0732 Windows directory: C:\WINDOWS
18:26:00.0579 0732 System windows directory: C:\WINDOWS
18:26:00.0579 0732 Processor architecture: Intel x86
18:26:00.0579 0732 Number of processors: 2
18:26:00.0579 0732 Page size: 0x1000
18:26:00.0579 0732 Boot type: Normal boot
18:26:00.0579 0732 ============================================================
18:26:03.0422 0732 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:26:03.0516 0732 ============================================================
18:26:03.0516 0732 \Device\Harddisk0\DR0:
18:26:03.0516 0732 MBR partitions:
18:26:03.0516 0732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
18:26:03.0516 0732 ============================================================
18:26:03.0563 0732 C: <-> \Device\Harddisk0\DR0\Partition0
18:26:03.0563 0732 ============================================================
18:26:03.0563 0732 Initialize success
18:26:03.0563 0732 ============================================================
18:26:23.0235 5592 ============================================================
18:26:23.0235 5592 Scan started
18:26:23.0235 5592 Mode: Manual; TDLFS;
18:26:23.0235 5592 ============================================================
18:26:23.0438 5592 Abiosdsk - ok
18:26:23.0438 5592 abp480n5 - ok
18:26:23.0469 5592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:23.0469 5592 ACPI - ok
18:26:23.0500 5592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:23.0516 5592 ACPIEC - ok
18:26:23.0547 5592 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:26:23.0547 5592 AdobeFlashPlayerUpdateSvc - ok
18:26:23.0563 5592 adpu160m - ok
18:26:23.0579 5592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:23.0579 5592 aec - ok
18:26:23.0610 5592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:26:23.0625 5592 AFD - ok
18:26:23.0625 5592 Aha154x - ok
18:26:23.0625 5592 aic78u2 - ok
18:26:23.0625 5592 aic78xx - ok
18:26:23.0672 5592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:26:23.0672 5592 Alerter - ok
18:26:23.0688 5592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:26:23.0688 5592 ALG - ok
18:26:23.0688 5592 AliIde - ok
18:26:23.0688 5592 amsint - ok
18:26:23.0704 5592 asc - ok
18:26:23.0704 5592 asc3350p - ok
18:26:23.0704 5592 asc3550 - ok
18:26:23.0782 5592 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:26:23.0797 5592 aspnet_state - ok
18:26:23.0813 5592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:23.0813 5592 AsyncMac - ok
18:26:23.0844 5592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:23.0844 5592 atapi - ok
18:26:23.0844 5592 Atdisk - ok
18:26:23.0860 5592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:23.0860 5592 Atmarpc - ok
18:26:23.0875 5592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:26:23.0875 5592 AudioSrv - ok
18:26:23.0907 5592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:23.0907 5592 audstub - ok
18:26:23.0938 5592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:23.0938 5592 Beep - ok
18:26:24.0125 5592 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
18:26:24.0125 5592 BHDrvx86 - ok
18:26:24.0172 5592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:26:24.0204 5592 BITS - ok
18:26:24.0219 5592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:26:24.0219 5592 Browser - ok
18:26:24.0250 5592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:24.0250 5592 cbidf2k - ok
18:26:24.0266 5592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:26:24.0266 5592 CCDECODE - ok
18:26:24.0329 5592 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
18:26:24.0329 5592 ccSet_NIS - ok
18:26:24.0329 5592 cd20xrnt - ok
18:26:24.0344 5592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:24.0360 5592 Cdaudio - ok
18:26:24.0375 5592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:24.0375 5592 Cdfs - ok
18:26:24.0407 5592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:24.0422 5592 Cdrom - ok
18:26:24.0422 5592 Changer - ok
18:26:24.0438 5592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:26:24.0438 5592 CiSvc - ok
18:26:24.0469 5592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:26:24.0469 5592 ClipSrv - ok
18:26:24.0532 5592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:26:24.0532 5592 clr_optimization_v2.0.50727_32 - ok
18:26:24.0563 5592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:26:24.0579 5592 clr_optimization_v4.0.30319_32 - ok
18:26:24.0579 5592 CmdIde - ok
18:26:24.0594 5592 COMSysApp - ok
18:26:24.0594 5592 Cpqarray - ok
18:26:24.0610 5592 cpuz134 - ok
18:26:24.0610 5592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:26:24.0625 5592 CryptSvc - ok
18:26:24.0625 5592 dac2w2k - ok
18:26:24.0625 5592 dac960nt - ok
18:26:24.0657 5592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:26:24.0672 5592 DcomLaunch - ok
18:26:24.0688 5592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:26:24.0688 5592 Dhcp - ok
18:26:24.0719 5592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:24.0719 5592 Disk - ok
18:26:24.0719 5592 dmadmin - ok
18:26:24.0766 5592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:24.0782 5592 dmboot - ok
18:26:24.0797 5592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:26:24.0797 5592 dmio - ok
18:26:24.0829 5592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:24.0829 5592 dmload - ok
18:26:24.0844 5592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:26:24.0844 5592 dmserver - ok
18:26:24.0875 5592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:24.0891 5592 DMusic - ok
18:26:24.0922 5592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:26:24.0922 5592 Dnscache - ok
18:26:24.0938 5592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:26:24.0938 5592 Dot3svc - ok
18:26:24.0938 5592 dpti2o - ok
18:26:24.0969 5592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:24.0969 5592 drmkaud - ok
18:26:24.0985 5592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:26:24.0985 5592 EapHost - ok
18:26:25.0047 5592 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:26:25.0063 5592 eeCtrl - ok
18:26:25.0079 5592 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:26:25.0079 5592 EraserUtilRebootDrv - ok
18:26:25.0094 5592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:26:25.0094 5592 ERSvc - ok
18:26:25.0125 5592 esgiguard - ok
18:26:25.0157 5592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:26:25.0157 5592 Eventlog - ok
18:26:25.0188 5592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:26:25.0188 5592 EventSystem - ok
18:26:25.0219 5592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:25.0219 5592 Fastfat - ok
18:26:25.0250 5592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:26:25.0250 5592 FastUserSwitchingCompatibility - ok
18:26:25.0266 5592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:26:25.0266 5592 Fdc - ok
18:26:25.0282 5592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:26:25.0282 5592 Fips - ok
18:26:25.0297 5592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:26:25.0297 5592 Flpydisk - ok
18:26:25.0329 5592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:26:25.0329 5592 FltMgr - ok
18:26:25.0360 5592 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
18:26:25.0360 5592 FlyUsb - ok
18:26:25.0438 5592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:26:25.0438 5592 FontCache3.0.0.0 - ok
18:26:25.0454 5592 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:26:25.0454 5592 fssfltr - ok
18:26:25.0469 5592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:25.0469 5592 Fs_Rec - ok
18:26:25.0500 5592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:25.0500 5592 Ftdisk - ok
18:26:25.0532 5592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:25.0532 5592 Gpc - ok
18:26:25.0579 5592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:25.0579 5592 gupdate - ok
18:26:25.0579 5592 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:25.0579 5592 gupdatem - ok
18:26:25.0610 5592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:26:25.0625 5592 HDAudBus - ok
18:26:25.0641 5592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:26:25.0641 5592 helpsvc - ok
18:26:25.0688 5592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:26:25.0688 5592 HidServ - ok
18:26:25.0719 5592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:26:25.0719 5592 hidusb - ok
18:26:25.0735 5592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:26:25.0735 5592 hkmsvc - ok
18:26:25.0735 5592 hpn - ok
18:26:25.0797 5592 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:26:25.0797 5592 hpqcxs08 - ok
18:26:25.0829 5592 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:26:25.0829 5592 hpqddsvc - ok
18:26:25.0875 5592 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:26:25.0875 5592 HPSLPSVC - ok
18:26:25.0907 5592 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:26:25.0907 5592 HPZid412 - ok
18:26:25.0922 5592 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:26:25.0922 5592 HPZipr12 - ok
18:26:25.0922 5592 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:26:25.0938 5592 HPZius12 - ok
18:26:25.0954 5592 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
18:26:25.0969 5592 HSFHWBS2 - ok
18:26:26.0000 5592 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
18:26:26.0016 5592 HSF_DP - ok
18:26:26.0047 5592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:26.0063 5592 HTTP - ok
18:26:26.0079 5592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:26:26.0094 5592 HTTPFilter - ok
18:26:26.0094 5592 i2omgmt - ok
18:26:26.0094 5592 i2omp - ok
18:26:26.0125 5592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:26.0141 5592 i8042prt - ok
18:26:26.0313 5592 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:26:26.0391 5592 ialm - ok
18:26:26.0500 5592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:26:26.0516 5592 idsvc - ok
18:26:26.0672 5592 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSxpx86.sys
18:26:26.0672 5592 IDSxpx86 - ok
18:26:26.0735 5592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:26.0750 5592 Imapi - ok
18:26:26.0766 5592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:26:26.0766 5592 ImapiService - ok
18:26:26.0766 5592 ini910u - ok
18:26:26.0922 5592 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:26:26.0985 5592 IntcAzAudAddService - ok
18:26:27.0047 5592 IntelIde - ok
18:26:27.0079 5592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:27.0079 5592 intelppm - ok
18:26:27.0094 5592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:26:27.0094 5592 Ip6Fw - ok
18:26:27.0110 5592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:27.0110 5592 IpFilterDriver - ok
18:26:27.0125 5592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:27.0125 5592 IpInIp - ok
18:26:27.0157 5592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:27.0157 5592 IpNat - ok
18:26:27.0188 5592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:27.0188 5592 IPSec - ok
18:26:27.0219 5592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:27.0219 5592 IRENUM - ok
18:26:27.0250 5592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:27.0250 5592 isapnp - ok
18:26:27.0313 5592 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
18:26:27.0329 5592 JavaQuickStarterService - ok
18:26:27.0344 5592 JL2005C (a7b973de438a6b98ca7f365837d2f548) C:\WINDOWS\system32\Drivers\jl2005c.sys
18:26:27.0344 5592 JL2005C - ok
18:26:27.0375 5592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:27.0375 5592 Kbdclass - ok
18:26:27.0391 5592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:26:27.0391 5592 kbdhid - ok
18:26:27.0422 5592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:27.0422 5592 kmixer - ok
18:26:27.0469 5592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:27.0469 5592 KSecDD - ok
18:26:27.0500 5592 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:26:27.0500 5592 LanmanServer - ok
18:26:27.0532 5592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:26:27.0532 5592 lanmanworkstation - ok
18:26:27.0532 5592 lbrtfdc - ok
18:26:27.0797 5592 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
18:26:27.0844 5592 LeapFrog Connect Device Service - ok
18:26:27.0907 5592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:26:27.0907 5592 LmHosts - ok
18:26:27.0922 5592 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:26:27.0938 5592 mdmxsdk - ok
18:26:27.0954 5592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:26:27.0954 5592 Messenger - ok
18:26:27.0985 5592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:27.0985 5592 mnmdd - ok
18:26:28.0000 5592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:26:28.0000 5592 mnmsrvc - ok
18:26:28.0016 5592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:26:28.0016 5592 Modem - ok
18:26:28.0047 5592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:28.0047 5592 Mouclass - ok
18:26:28.0063 5592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:26:28.0063 5592 mouhid - ok
18:26:28.0079 5592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:28.0079 5592 MountMgr - ok
18:26:28.0079 5592 mraid35x - ok
18:26:28.0125 5592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:28.0125 5592 MRxDAV - ok
18:26:28.0172 5592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:28.0172 5592 MRxSmb - ok
18:26:28.0204 5592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:26:28.0204 5592 MSDTC - ok
18:26:28.0235 5592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:28.0235 5592 Msfs - ok
18:26:28.0235 5592 MSIServer - ok
18:26:28.0266 5592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:28.0266 5592 MSKSSRV - ok
18:26:28.0297 5592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:28.0297 5592 MSPCLOCK - ok
18:26:28.0313 5592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:28.0313 5592 MSPQM - ok
18:26:28.0344 5592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:28.0344 5592 mssmbios - ok
18:26:28.0360 5592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:26:28.0375 5592 MSTEE - ok
18:26:28.0407 5592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:26:28.0407 5592 Mup - ok
18:26:28.0438 5592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:26:28.0438 5592 NABTSFEC - ok
18:26:28.0469 5592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:26:28.0469 5592 napagent - ok
18:26:28.0641 5592 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120512.016\NAVENG.SYS
18:26:28.0641 5592 NAVENG - ok
18:26:28.0704 5592 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120512.016\NAVEX15.SYS
18:26:28.0735 5592 NAVEX15 - ok
18:26:28.0813 5592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:28.0813 5592 NDIS - ok
18:26:28.0844 5592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:26:28.0844 5592 NdisIP - ok
18:26:28.0875 5592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:28.0875 5592 NdisTapi - ok
18:26:28.0907 5592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:28.0907 5592 Ndisuio - ok
18:26:28.0938 5592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:28.0938 5592 NdisWan - ok
18:26:28.0954 5592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:28.0969 5592 NDProxy - ok
18:26:29.0000 5592 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
18:26:29.0000 5592 Net Driver HPZ12 - ok
18:26:29.0000 5592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:29.0000 5592 NetBIOS - ok
18:26:29.0032 5592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:29.0032 5592 NetBT - ok
18:26:29.0079 5592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:26:29.0079 5592 NetDDE - ok
18:26:29.0079 5592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:26:29.0079 5592 NetDDEdsdm - ok
18:26:29.0094 5592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:26:29.0110 5592 Netlogon - ok
18:26:29.0141 5592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:26:29.0157 5592 Netman - ok
18:26:29.0235 5592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:26:29.0235 5592 NetTcpPortSharing - ok
18:26:29.0375 5592 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
18:26:29.0375 5592 NIS - ok
18:26:29.0407 5592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:26:29.0407 5592 Nla - ok
18:26:29.0422 5592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:29.0422 5592 Npfs - ok
18:26:29.0469 5592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:29.0469 5592 Ntfs - ok
18:26:29.0485 5592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:26:29.0485 5592 NtLmSsp - ok
18:26:29.0532 5592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:26:29.0532 5592 NtmsSvc - ok
18:26:29.0563 5592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:29.0563 5592 Null - ok
18:26:29.0579 5592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:29.0594 5592 NwlnkFlt - ok
18:26:29.0594 5592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:29.0594 5592 NwlnkFwd - ok
18:26:29.0641 5592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:29.0641 5592 Parport - ok
18:26:29.0657 5592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:29.0657 5592 PartMgr - ok
18:26:29.0672 5592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:29.0672 5592 ParVdm - ok
18:26:29.0704 5592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:29.0704 5592 PCI - ok
18:26:29.0704 5592 PCIDump - ok
18:26:29.0750 5592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:29.0750 5592 PCIIde - ok
18:26:29.0782 5592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:29.0782 5592 Pcmcia - ok
18:26:29.0782 5592 PDCOMP - ok
18:26:29.0782 5592 PDFRAME - ok
18:26:29.0797 5592 PDRELI - ok
18:26:29.0797 5592 PDRFRAME - ok
18:26:29.0797 5592 perc2 - ok
18:26:29.0813 5592 perc2hib - ok
18:26:29.0844 5592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:26:29.0844 5592 PlugPlay - ok
18:26:29.0875 5592 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
18:26:29.0875 5592 Pml Driver HPZ12 - ok
18:26:29.0875 5592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:26:29.0891 5592 PolicyAgent - ok
18:26:29.0922 5592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:29.0922 5592 PptpMiniport - ok
18:26:29.0922 5592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:26:29.0922 5592 ProtectedStorage - ok
18:26:29.0938 5592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:29.0938 5592 PSched - ok
18:26:29.0969 5592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:29.0969 5592 Ptilink - ok
18:26:29.0969 5592 ql1080 - ok
18:26:29.0969 5592 Ql10wnt - ok
18:26:29.0985 5592 ql12160 - ok
18:26:29.0985 5592 ql1240 - ok
18:26:29.0985 5592 ql1280 - ok
18:26:30.0000 5592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:30.0000 5592 RasAcd - ok
18:26:30.0032 5592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:26:30.0032 5592 RasAuto - ok
18:26:30.0047 5592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:30.0047 5592 Rasl2tp - ok
18:26:30.0079 5592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:26:30.0079 5592 RasMan - ok
18:26:30.0094 5592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:30.0094 5592 RasPppoe - ok
18:26:30.0110 5592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:30.0125 5592 Raspti - ok
18:26:30.0157 5592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:30.0157 5592 Rdbss - ok
18:26:30.0172 5592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:30.0172 5592 RDPCDD - ok
18:26:30.0204 5592 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:30.0204 5592 RDPWD - ok
18:26:30.0235 5592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:26:30.0235 5592 RDSessMgr - ok
18:26:30.0266 5592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:30.0266 5592 redbook - ok
18:26:30.0297 5592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:26:30.0297 5592 RemoteAccess - ok
18:26:30.0329 5592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:26:30.0329 5592 RpcLocator - ok
18:26:30.0360 5592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:26:30.0375 5592 RpcSs - ok
18:26:30.0407 5592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:26:30.0407 5592 RSVP - ok
18:26:30.0438 5592 rt2870 (4311d22a38f7e403475aa2c338768c11) C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:26:30.0438 5592 rt2870 - ok
18:26:30.0469 5592 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:26:30.0485 5592 RTLE8023xp - ok
18:26:30.0516 5592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:26:30.0516 5592 SamSs - ok
18:26:30.0547 5592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:26:30.0547 5592 SCardSvr - ok
18:26:30.0579 5592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:26:30.0579 5592 Schedule - ok
18:26:30.0594 5592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:30.0594 5592 Secdrv - ok
18:26:30.0625 5592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:26:30.0641 5592 seclogon - ok
18:26:30.0641 5592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:26:30.0657 5592 SENS - ok
18:26:30.0657 5592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:30.0672 5592 serenum - ok
18:26:30.0688 5592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:30.0688 5592 Serial - ok
18:26:30.0719 5592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:30.0719 5592 Sfloppy - ok
18:26:30.0750 5592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:26:30.0750 5592 SharedAccess - ok
18:26:30.0766 5592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:26:30.0782 5592 ShellHWDetection - ok
18:26:30.0782 5592 Simbad - ok
18:26:30.0813 5592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:26:30.0813 5592 SLIP - ok
18:26:30.0813 5592 Sparrow - ok
18:26:30.0844 5592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:30.0844 5592 splitter - ok
18:26:30.0875 5592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:26:30.0875 5592 Spooler - ok
18:26:30.0907 5592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:30.0907 5592 sr - ok
18:26:30.0922 5592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:26:30.0938 5592 srservice - ok
18:26:31.0000 5592 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
18:26:31.0000 5592 SRTSP - ok
18:26:31.0016 5592 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
18:26:31.0016 5592 SRTSPX - ok
18:26:31.0047 5592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:31.0063 5592 Srv - ok
18:26:31.0094 5592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:26:31.0094 5592 SSDPSRV - ok
18:26:31.0125 5592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:26:31.0141 5592 stisvc - ok
18:26:31.0172 5592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:26:31.0172 5592 streamip - ok
18:26:31.0188 5592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:31.0204 5592 swenum - ok
18:26:31.0204 5592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:31.0204 5592 swmidi - ok
18:26:31.0219 5592 SwPrv - ok
18:26:31.0219 5592 symc810 - ok
18:26:31.0219 5592 symc8xx - ok
18:26:31.0250 5592 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
18:26:31.0250 5592 SymDS - ok
18:26:31.0344 5592 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
18:26:31.0360 5592 SymEFA - ok
18:26:31.0391 5592 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:26:31.0391 5592 SymEvent - ok
18:26:31.0407 5592 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
18:26:31.0407 5592 SymIRON - ok
18:26:31.0422 5592 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
18:26:31.0438 5592 SYMTDI - ok
18:26:31.0438 5592 sym_hi - ok
18:26:31.0438 5592 sym_u3 - ok
18:26:31.0469 5592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:31.0469 5592 sysaudio - ok
18:26:31.0500 5592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:26:31.0500 5592 SysmonLog - ok
18:26:31.0516 5592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:26:31.0516 5592 TapiSrv - ok
18:26:31.0563 5592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:31.0563 5592 Tcpip - ok
18:26:31.0594 5592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:31.0594 5592 TDPIPE - ok
18:26:31.0610 5592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:31.0610 5592 TDTCP - ok
18:26:31.0641 5592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:31.0641 5592 TermDD - ok
18:26:31.0657 5592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:26:31.0657 5592 TermService - ok
18:26:31.0688 5592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:26:31.0688 5592 Themes - ok
18:26:31.0704 5592 TosIde - ok
18:26:31.0735 5592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:26:31.0735 5592 TrkWks - ok
18:26:31.0766 5592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:31.0766 5592 Udfs - ok
18:26:31.0766 5592 ultra - ok
18:26:31.0797 5592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:31.0813 5592 Update - ok
18:26:31.0829 5592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:26:31.0829 5592 upnphost - ok
18:26:31.0844 5592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:26:31.0844 5592 UPS - ok
18:26:31.0875 5592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:26:31.0875 5592 usbccgp - ok
18:26:31.0907 5592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:31.0907 5592 usbehci - ok
18:26:31.0922 5592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:31.0922 5592 usbhub - ok
18:26:31.0954 5592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:26:31.0954 5592 usbprint - ok
18:26:31.0969 5592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:31.0969 5592 usbscan - ok
18:26:32.0000 5592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:26:32.0000 5592 USBSTOR - ok
18:26:32.0000 5592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:26:32.0016 5592 usbuhci - ok
18:26:32.0032 5592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:32.0047 5592 VgaSave - ok
18:26:32.0047 5592 ViaIde - ok
18:26:32.0063 5592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:32.0063 5592 VolSnap - ok
18:26:32.0094 5592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:26:32.0094 5592 VSS - ok
18:26:32.0125 5592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:26:32.0125 5592 W32Time - ok
18:26:32.0172 5592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:32.0172 5592 Wanarp - ok
18:26:32.0219 5592 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:26:32.0219 5592 Wdf01000 - ok
18:26:32.0219 5592 WDICA - ok
18:26:32.0250 5592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:32.0250 5592 wdmaud - ok
18:26:32.0266 5592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:26:32.0266 5592 WebClient - ok
18:26:32.0313 5592 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
18:26:32.0313 5592 winachsf - ok
18:26:32.0375 5592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:26:32.0375 5592 winmgmt - ok
18:26:32.0438 5592 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:26:32.0485 5592 WinRM - ok
18:26:32.0594 5592 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:32.0594 5592 wlidsvc - ok
18:26:32.0688 5592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:26:32.0688 5592 WmdmPmSN - ok
18:26:32.0719 5592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:26:32.0735 5592 WmiApSrv - ok
18:26:32.0782 5592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:26:32.0782 5592 WMPNetworkSvc - ok
18:26:32.0860 5592 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:32.0875 5592 WPFFontCache_v0400 - ok
18:26:32.0938 5592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:26:32.0938 5592 WS2IFSL - ok
18:26:32.0969 5592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:26:32.0969 5592 wscsvc - ok
18:26:32.0985 5592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:26:33.0000 5592 WSTCODEC - ok
18:26:33.0016 5592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:26:33.0016 5592 wuauserv - ok
18:26:33.0047 5592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:26:33.0063 5592 WudfPf - ok
18:26:33.0079 5592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:26:33.0079 5592 WudfRd - ok
18:26:33.0110 5592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:26:33.0110 5592 WudfSvc - ok
18:26:33.0141 5592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:26:33.0141 5592 WZCSVC - ok
18:26:33.0172 5592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:26:33.0172 5592 xmlprov - ok
18:26:33.0188 5592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:26:33.0485 5592 \Device\Harddisk0\DR0 - ok
18:26:33.0485 5592 Boot (0x1200) (b6271cf153423e0e57ae1b1cd3955b1f) \Device\Harddisk0\DR0\Partition0
18:26:33.0500 5592 \Device\Harddisk0\DR0\Partition0 - ok
18:26:33.0500 5592 ============================================================
18:26:33.0500 5592 Scan finished
18:26:33.0500 5592 ============================================================
18:26:33.0500 5036 Detected object count: 0
18:26:33.0500 5036 Actual detected object count: 0

It did not reboot because nothing was detected.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 13 May 2012 - 06:48 PM

Please run one nore scan Did you run a Full mBAM scan?


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Also run the SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 07:00 PM

I ran malwarebytes but not sure if I ran a full scan or not, will do so again. I dont have my windows xp CD to run the SFC (System File Checker)scan so what happens in that case? I better wait for a response from you since I apparently need the CD to do so.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 13 May 2012 - 07:11 PM

OK, run MBAM and postvthe log.

Run SFC as it may not ask for the disk.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 07:49 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cheryl :: CHERYL-30E26276 [administrator]

5/13/2012 8:04:03 PM
mbam-log-2012-05-13 (20-04-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249585
Time elapsed: 38 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 08:03 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 20:49:58
-----------------------------
20:49:58.157 OS Version: Windows 5.1.2600 Service Pack 3
20:49:58.157 Number of processors: 2 586 0x170A
20:49:58.157 ComputerName: CHERYL-30E26276 UserName: Cheryl
20:50:04.891 Initialize success
20:52:52.375 AVAST engine defs: 12051301
20:54:43.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10
20:54:43.172 Disk 0 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 3
20:54:43.188 Disk 0 MBR read successfully
20:54:43.188 Disk 0 MBR scan
20:54:43.219 Disk 0 Windows XP default MBR code
20:54:43.219 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
20:54:43.219 Disk 0 scanning sectors +625121280
20:54:43.297 Disk 0 scanning C:\WINDOWS\system32\drivers
20:54:50.391 Service scanning
20:55:02.750 Modules scanning
20:55:08.313 Disk 0 trace - called modules:
20:55:08.329 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:55:08.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5f2ab8]
20:55:08.329 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a57e9e8]
20:55:08.329 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-10[0x8a57ed98]
20:55:08.907 AVAST engine scan C:\WINDOWS
20:55:19.954 AVAST engine scan C:\WINDOWS\system32
20:57:43.454 AVAST engine scan C:\WINDOWS\system32\drivers
20:58:02.610 AVAST engine scan C:\Documents and Settings\Cheryl
21:02:32.891 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cheryl\Desktop\MBR.dat"
21:02:32.891 The log file has been saved successfully to "C:\Documents and Settings\Cheryl\Desktop\aswMBR.txt"

#11 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 08:11 PM

I tried to run the SFC (System File Checker) but get the following error in a grey square box with a red x upper left
Windows cannot find sfc /scannow so I am unfortunately unable to do this check :-( unless you have any other ideas.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 13 May 2012 - 08:27 PM

Please download the Avira AntiVir Rescue System .

Place a blank CD in your burner and double-click on the rescue system package (rescuecd.exe) to burn it to a CD/DVD which you can then use to boot your computer and run a scan. For detailed instructions, refer to the Tutorial for Avira Rescue CD. If you encounter problems running Avira AntiVir Rescue System, you can get further assistance at the Avira Tools Support Forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 May 2012 - 09:03 PM

I wanted to thank you boopme for all your help. I've been thinking that maybe I do infact have the Windows XP CD but unfortunately I cannot get to it until tomorrow. So before I download the Avira AntiVir Rescue System I would like to check to see if I can find the XP disk first. I will check back tomorrow with you. Have a nice evening and thanks again :-)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 13 May 2012 - 09:25 PM

You're welcome,thats fine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 14 May 2012 - 01:44 PM

Hi Boopme

I found my windows xp home edition cd, now the product key I wrote on the cover is not the same as the one on my puter. Have no idea why but I have taken my computer into different computer repair places for various reasons so I'm not sure why. Anyways, I ran Belarc Advisor and the product key it states I have is the same one on the sticker so I'm hoping the CD is also the same and not a different one. If for some odd reason, the CD is not the correct one would it screw everything up by inserting it? AND do I still continue to do system file checker? Now you stated a note for Vista/Win 7 users but I am neither so I take for granted I ignore that and do I just do what Ive pasted below my posting?? I am ready to go forward once I hear back from you because Ive never done this before and I want to make sure my puter doesn't crash if I do this. Will check back frequently. Thanks



You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users