Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deep Malware Redirection (hijack) infection on workstation


  • This topic is locked This topic is locked
28 replies to this topic

#1 christopherw

christopherw

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 May 2012 - 06:11 PM

We were forwarded over from "Am I infected, what do I do" and so far malwarebytes found 10 security.hijacks in my workstation registry but it hasn't cured the redirect issue we are having when going to a particular search result on Google, Bing, MSN or Yahoo. Search Engine request we get redirected, direct request we're good with no redirection.

Currently using IE8 and FF on XP Pro 32bit.

I think malware in the system is preventing gmer from finishing its scan and causing the system to lock up or shut down with BSOD.

Here are my DDS logs thus far:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by RayRay at 15:39:16 on 2012-05-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2354 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.0.9\ips\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.0.9\coIEPlg.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [DellCleanup] c:\dell\WINCLEAN.EXE
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295454096651
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1830866F-6A4D-4D74-BBD8-91403669ADFA} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rayray\application data\mozilla\firefox\profiles\s9fukuj6.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04c14cd5-ee21-4228-869f-36400cbe73d5%7D&mid=5d2a31401a0447d6baccd16fff091fbc-c5e00aa2a576e69569ec9a6ba9456f8bf5945e3a&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2011-10-18%2011%3A40%3A10&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-5-6 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-5-6 26064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307000.009\symds.sys [2012-4-24 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307000.009\symefa.sys [2012-4-24 905336]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-5-6 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-5-6 299984]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-9 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307000.009\ccsetx86.sys [2012-4-24 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307000.009\ironx86.sys [2012-4-24 149624]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 378224]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-1-19 13336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.0.9\ccsvchst.exe [2012-4-24 138232]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-1-14 59904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-1-14 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-3-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-6 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-5-6 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-5-6 26192]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-1-14 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-1-14 168616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-16 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120516.001\IDSXpx86.sys [2012-5-16 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20120516.017\NAVENG.SYS [2012-5-17 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\virusdefs\20120516.017\NAVEX15.SYS [2012-5-17 1589752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-14 58600]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-5-6 251728]
S2 avgfws;AVG Firewall;"c:\program files\avg\avg10\avgfws.exe" --> c:\program files\avg\avg10\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-3-12 30944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2012-05-17 18:55:41 -------- d-----r- c:\program files\Skype
2012-05-17 14:03:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 14:03:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-17 14:03:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-17 13:51:37 -------- d-----w- c:\documents and settings\rayray\application data\FixZeroAccess
2012-05-17 02:16:28 -------- d-----w- c:\documents and settings\rayray\application data\Wise Registry Cleaner
2012-05-17 02:15:47 -------- d-----w- c:\program files\Wise
2012-05-17 01:57:20 -------- d-----w- c:\windows\pss
2012-05-17 00:53:31 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-05-17 00:53:28 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-05-17 00:53:28 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-05-17 00:53:26 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-05-17 00:53:24 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-05-17 00:53:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-05-17 00:53:10 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-05-17 00:53:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-05-17 00:53:08 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-05-17 00:53:07 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-05-17 00:53:07 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-05-17 00:53:00 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-05-17 00:51:58 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-05-17 00:50:58 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2012-05-17 00:49:58 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-05-17 00:48:58 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-05-17 00:47:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-05-17 00:46:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-05-17 00:45:59 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-05-17 00:44:57 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-05-17 00:43:57 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2012-05-17 00:42:59 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2012-05-17 00:41:59 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-05-17 00:40:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-05-17 00:39:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2012-05-17 00:38:59 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2012-05-17 00:27:16 -------- d-----w- c:\documents and settings\rayray\application data\ElevatedDiagnostics
2012-05-16 23:14:24 -------- d-----w- c:\documents and settings\rayray\AcunetixScanner
2012-05-16 23:13:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-16 23:12:51 -------- d-----w- c:\program files\HitmanPro
2012-05-15 20:45:45 -------- d-----w- c:\program files\Fiddler2
2012-05-07 12:52:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 15:14:43 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-04-30 15:14:43 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-04-25 12:14:02 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 12:14:02 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-24 12:30:50 905336 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symefa.sys
2012-04-24 12:30:50 574072 ----a-w- c:\windows\system32\drivers\nis\1307000.009\srtsp.sys
2012-04-24 12:30:50 388216 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symtdi.sys
2012-04-24 12:30:50 345208 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symtdiv.sys
2012-04-24 12:30:50 340088 ----a-r- c:\windows\system32\drivers\nis\1307000.009\symds.sys
2012-04-24 12:30:50 32888 ----a-w- c:\windows\system32\drivers\nis\1307000.009\srtspx.sys
2012-04-24 12:30:50 318584 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symnets.sys
2012-04-24 12:30:50 149624 ----a-w- c:\windows\system32\drivers\nis\1307000.009\ironx86.sys
2012-04-24 12:30:50 132744 ----a-w- c:\windows\system32\drivers\nis\1307000.009\ccsetx86.sys
2012-04-24 12:30:34 4782 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symvtcer.dat
2012-04-24 12:30:34 -------- d-----w- c:\windows\system32\drivers\nis\1307000.009
.
==================== Find3M ====================
.
2012-05-16 22:35:42 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-16 22:35:42 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-07 18:48:20 952 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-05-07 12:52:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:26:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23:21 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-28 01:52:57 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 15:40:25.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 18 May 2012 - 12:15 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 07:59 AM

Hi sorry for the delay I was getting some shut-eye. :thumbsup:

On it now and will post back shortly.

Cheers

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 18 May 2012 - 08:02 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 09:09 AM

hey just getting on it now. Had to reboot in safemode and do a system restore because this malware is starting to eat away at my ms programs...I hate this stuff!

Cheers

#6 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 09:21 AM

Ok here we go.

the logs from Security Check:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

Will run combofix now.

Cheers!

#7 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 10:08 AM

ok here's combofix:

ComboFix 12-05-18.02 - RayRay 05/18/2012 10:53:36.3.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2636 [GMT -4:00]
Running from: c:\documents and settings\RayRay\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\90AED82D59.sys
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a433cfbc1d971547.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\test
c:\windows\system32\waveGina.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 14:02 . 2012-05-18 14:12 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005
2012-05-18 13:34 . 2012-05-18 13:34 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-18 13:32 . 2012-05-18 13:32 -------- d-----w- c:\documents and settings\RayRay\AcunetixScanner
2012-05-18 13:32 . 2012-05-18 13:32 -------- d-----w- c:\program files\WinSCP
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\program files\Acunetix
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Local Settings\Application Data\ATTYToolbar
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Application Data\LivePerson
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Application Data\AVG
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Application Data\.purple
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Local Settings\Application Data\tific
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Application Data\Yahoo!
2012-05-18 13:30 . 2012-05-18 13:30 -------- d-----w- c:\documents and settings\RayRay\Application Data\Tific
2012-05-17 14:03 . 2012-05-18 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-05-17 02:16 . 2012-05-18 13:31 -------- d-----w- c:\documents and settings\RayRay\Application Data\Wise Registry Cleaner
2012-05-17 02:15 . 2012-05-17 02:15 -------- d-----w- c:\program files\Wise
2012-05-17 00:27 . 2012-05-17 16:51 -------- d-----w- c:\documents and settings\RayRay\Application Data\ElevatedDiagnostics
2012-05-16 23:13 . 2012-05-16 23:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-16 23:12 . 2012-05-16 23:12 -------- d-----w- c:\program files\HitmanPro
2012-05-16 16:01 . 2012-05-18 13:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 20:45 . 2012-05-18 13:32 -------- d-----w- c:\program files\Fiddler2
2012-05-11 18:46 . 2012-05-11 18:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-04-30 15:14 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-04-30 15:14 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-04-25 12:14 . 2012-04-25 12:14 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 12:14 . 2012-04-25 12:14 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 15:00 . 2011-01-19 17:14 0 ----a-w- c:\documents and settings\RayRay\Local Settings\Application Data\WavXMapDrive.bat
2012-04-11 13:26 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23 . 2008-04-25 16:16 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-28 01:52 . 2012-03-28 01:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-23 14:03 . 2012-03-13 00:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 14:03 . 2012-03-13 00:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2012-04-25 12:14 . 2011-10-04 01:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-09-09 472432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-05-25 737280]
"nwiz"="nwiz.exe" [2010-04-17 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13803520]
"NVHotkey"="nvHotkey.dll" [2010-04-17 86016]
"DellCleanup"="c:\dell\WINCLEAN.EXE" [2010-09-27 212992]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-07-09 2670592]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 159616]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1468272]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [1/19/2011 12:59 PM 17072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/18/2012 10:03 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/18/2012 10:03 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [5/9/2012 9:11 AM 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/18/2012 10:03 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/18/2012 10:03 AM 149624]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [3/24/2010 2:09 AM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [3/24/2010 2:09 AM 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [8/24/2010 2:46 PM 378224]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [1/19/2011 12:58 PM 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [1/19/2011 12:59 PM 60928]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/18/2012 10:02 AM 138232]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/8/2009 3:14 PM 5241448]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [1/14/2011 8:42 PM 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [1/19/2011 12:59 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/14/2011 8:42 PM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [1/14/2011 8:43 PM 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/14/2011 8:42 PM 168616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/30/2012 1:00 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120517.001\IDSXpx86.sys [5/18/2012 10:03 AM 356792]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/14/2011 8:42 PM 58600]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:14 AM 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04c14cd5-ee21-4228-869f-36400cbe73d5%7D&mid=5d2a31401a0447d6baccd16fff091fbc-c5e00aa2a576e69569ec9a6ba9456f8bf5945e3a&ds=AVG&v=10.0.0.7&lang=en&pr=pr&d=2011-10-18%2011%3A40%3A10&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNATT_~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 11:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1464)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\IDT\WDM\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-05-18 11:03:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 15:03
.
Pre-Run: 208,221,822,976 bytes free
Post-Run: 208,624,136,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0880B24919D0F2902CA0D6E4F87367DB


Once again thank you for taking the time to support this topic.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 18 May 2012 - 11:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 11:20 AM

Here's TDSSKILLER LOGS:

12:16:23.0390 1524 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:16:23.0671 1524 ============================================================
12:16:23.0671 1524 Current date / time: 2012/05/18 12:16:23.0671
12:16:23.0671 1524 SystemInfo:
12:16:23.0671 1524
12:16:23.0671 1524 OS Version: 5.1.2600 ServicePack: 3.0
12:16:23.0671 1524 Product type: Workstation
12:16:23.0671 1524 ComputerName: RAY
12:16:23.0671 1524 UserName: RayRay
12:16:23.0671 1524 Windows directory: C:\WINDOWS
12:16:23.0671 1524 System windows directory: C:\WINDOWS
12:16:23.0671 1524 Processor architecture: Intel x86
12:16:23.0671 1524 Number of processors: 8
12:16:23.0671 1524 Page size: 0x1000
12:16:23.0671 1524 Boot type: Normal boot
12:16:23.0671 1524 ============================================================
12:16:24.0609 1524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:16:24.0609 1524 ============================================================
12:16:24.0609 1524 \Device\Harddisk0\DR0:
12:16:24.0609 1524 MBR partitions:
12:16:24.0609 1524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x38000, BlocksNum 0x1D18C000
12:16:24.0609 1524 ============================================================
12:16:24.0656 1524 C: <-> \Device\Harddisk0\DR0\Partition0
12:16:24.0656 1524 ============================================================
12:16:24.0656 1524 Initialize success
12:16:24.0656 1524 ============================================================
12:16:28.0406 4176 ============================================================
12:16:28.0406 4176 Scan started
12:16:28.0406 4176 Mode: Manual;
12:16:28.0406 4176 ============================================================
12:16:29.0250 4176 Abiosdsk - ok
12:16:29.0281 4176 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:16:29.0296 4176 abp480n5 - ok
12:16:29.0328 4176 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\WINDOWS\system32\DRIVERS\Accelern.sys
12:16:29.0328 4176 Acceler - ok
12:16:29.0375 4176 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:16:29.0375 4176 ACPI - ok
12:16:29.0390 4176 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:16:29.0390 4176 ACPIEC - ok
12:16:29.0421 4176 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
12:16:29.0437 4176 adfs - ok
12:16:29.0468 4176 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:16:29.0468 4176 adpu160m - ok
12:16:29.0500 4176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:16:29.0515 4176 aec - ok
12:16:29.0546 4176 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
12:16:29.0562 4176 AESTAud - ok
12:16:29.0625 4176 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:16:29.0640 4176 AFD - ok
12:16:29.0656 4176 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:16:29.0671 4176 agp440 - ok
12:16:29.0687 4176 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:16:29.0703 4176 agpCPQ - ok
12:16:29.0718 4176 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:16:29.0718 4176 Aha154x - ok
12:16:29.0734 4176 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:16:29.0781 4176 aic78u2 - ok
12:16:29.0781 4176 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:16:29.0781 4176 aic78xx - ok
12:16:29.0812 4176 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:16:29.0812 4176 Alerter - ok
12:16:29.0843 4176 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:16:29.0843 4176 ALG - ok
12:16:29.0843 4176 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:16:29.0843 4176 AliIde - ok
12:16:29.0859 4176 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:16:29.0859 4176 alim1541 - ok
12:16:29.0859 4176 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:16:29.0875 4176 amdagp - ok
12:16:29.0875 4176 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:16:29.0875 4176 amsint - ok
12:16:29.0921 4176 ApfiltrService (3adde2de22d3c3f6d7fbdb450c6287d2) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:16:29.0937 4176 ApfiltrService - ok
12:16:30.0046 4176 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:16:30.0046 4176 Apple Mobile Device - ok
12:16:30.0078 4176 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:16:30.0078 4176 AppMgmt - ok
12:16:30.0109 4176 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:16:30.0109 4176 Arp1394 - ok
12:16:30.0109 4176 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:16:30.0125 4176 asc - ok
12:16:30.0140 4176 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:16:30.0140 4176 asc3350p - ok
12:16:30.0140 4176 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:16:30.0140 4176 asc3550 - ok
12:16:30.0218 4176 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:16:30.0250 4176 aspnet_state - ok
12:16:30.0281 4176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:16:30.0281 4176 AsyncMac - ok
12:16:30.0296 4176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:16:30.0296 4176 atapi - ok
12:16:30.0296 4176 Atdisk - ok
12:16:30.0312 4176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:16:30.0312 4176 Atmarpc - ok
12:16:30.0328 4176 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:16:30.0328 4176 AudioSrv - ok
12:16:30.0343 4176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:30.0343 4176 audstub - ok
12:16:30.0546 4176 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:16:30.0578 4176 BCM43XX - ok
12:16:30.0734 4176 BCMTPM (aa8629c3f91300645c64cf0084f94df1) C:\WINDOWS\system32\DRIVERS\btpmw32.sys
12:16:30.0750 4176 BCMTPM - ok
12:16:30.0781 4176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:16:30.0796 4176 Beep - ok
12:16:31.0031 4176 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
12:16:31.0031 4176 BHDrvx86 - ok
12:16:31.0109 4176 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:16:31.0109 4176 BITS - ok
12:16:31.0250 4176 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:16:31.0265 4176 Bonjour Service - ok
12:16:31.0296 4176 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:16:31.0296 4176 Browser - ok
12:16:31.0296 4176 catchme - ok
12:16:31.0375 4176 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:16:31.0375 4176 cbidf - ok
12:16:31.0375 4176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:31.0375 4176 cbidf2k - ok
12:16:31.0453 4176 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys
12:16:31.0453 4176 ccSet_NIS - ok
12:16:31.0453 4176 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:16:31.0453 4176 cd20xrnt - ok
12:16:31.0468 4176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:31.0468 4176 Cdaudio - ok
12:16:31.0484 4176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:31.0484 4176 Cdfs - ok
12:16:31.0500 4176 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:31.0515 4176 Cdrom - ok
12:16:31.0515 4176 Changer - ok
12:16:31.0515 4176 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:16:31.0515 4176 CiSvc - ok
12:16:31.0531 4176 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:16:31.0531 4176 ClipSrv - ok
12:16:31.0609 4176 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:31.0609 4176 clr_optimization_v2.0.50727_32 - ok
12:16:31.0625 4176 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:31.0640 4176 CmBatt - ok
12:16:31.0656 4176 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:16:31.0656 4176 CmdIde - ok
12:16:31.0687 4176 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:31.0687 4176 Compbatt - ok
12:16:31.0687 4176 COMSysApp - ok
12:16:31.0703 4176 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:16:31.0703 4176 Cpqarray - ok
12:16:31.0859 4176 Credential Vault Host Control Service (09fea7fbd6a29e3941a2ffc6f7aeb818) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
12:16:31.0859 4176 Credential Vault Host Control Service - ok
12:16:31.0875 4176 Credential Vault Host Storage (45bf153d51ed8790de8f8446b11deb57) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
12:16:31.0875 4176 Credential Vault Host Storage - ok
12:16:31.0906 4176 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:16:31.0906 4176 CryptSvc - ok
12:16:31.0921 4176 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
12:16:31.0921 4176 cvusbdrv - ok
12:16:31.0953 4176 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:16:31.0953 4176 dac2w2k - ok
12:16:31.0953 4176 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:16:31.0953 4176 dac960nt - ok
12:16:32.0015 4176 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:16:32.0015 4176 DcomLaunch - ok
12:16:32.0125 4176 dcpsysmgrsvc (f73080d9f2a78472ac8e7947f3f6c6aa) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
12:16:32.0125 4176 dcpsysmgrsvc - ok
12:16:32.0156 4176 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:16:32.0156 4176 Dhcp - ok
12:16:32.0156 4176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:32.0156 4176 Disk - ok
12:16:32.0156 4176 dmadmin - ok
12:16:32.0250 4176 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:16:32.0265 4176 dmboot - ok
12:16:32.0296 4176 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:16:32.0312 4176 dmio - ok
12:16:32.0343 4176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:16:32.0343 4176 dmload - ok
12:16:32.0359 4176 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:16:32.0359 4176 dmserver - ok
12:16:32.0375 4176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:16:32.0375 4176 DMusic - ok
12:16:32.0406 4176 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:16:32.0406 4176 Dnscache - ok
12:16:32.0437 4176 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:16:32.0468 4176 Dot3svc - ok
12:16:32.0515 4176 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:16:32.0515 4176 dpti2o - ok
12:16:32.0531 4176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:32.0546 4176 drmkaud - ok
12:16:32.0593 4176 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:16:32.0625 4176 e1kexpress - ok
12:16:32.0640 4176 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:16:32.0640 4176 EapHost - ok
12:16:32.0828 4176 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:16:32.0843 4176 eeCtrl - ok
12:16:32.0890 4176 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:16:32.0906 4176 EraserUtilRebootDrv - ok
12:16:32.0937 4176 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:16:32.0937 4176 ERSvc - ok
12:16:32.0968 4176 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:16:32.0984 4176 Eventlog - ok
12:16:33.0015 4176 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:16:33.0015 4176 EventSystem - ok
12:16:33.0046 4176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:33.0078 4176 Fastfat - ok
12:16:33.0109 4176 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:33.0109 4176 FastUserSwitchingCompatibility - ok
12:16:33.0156 4176 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:16:33.0156 4176 Fax - ok
12:16:33.0156 4176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:16:33.0156 4176 Fdc - ok
12:16:33.0187 4176 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:16:33.0187 4176 Fips - ok
12:16:33.0343 4176 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:16:33.0390 4176 FLEXnet Licensing Service - ok
12:16:33.0390 4176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:33.0390 4176 Flpydisk - ok
12:16:33.0437 4176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:16:33.0437 4176 FltMgr - ok
12:16:33.0531 4176 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:33.0562 4176 FontCache3.0.0.0 - ok
12:16:33.0593 4176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:33.0593 4176 Fs_Rec - ok
12:16:33.0609 4176 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:33.0609 4176 Ftdisk - ok
12:16:33.0640 4176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:16:33.0656 4176 GEARAspiWDM - ok
12:16:33.0687 4176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:33.0703 4176 Gpc - ok
12:16:33.0734 4176 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:16:33.0734 4176 HDAudBus - ok
12:16:33.0796 4176 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:33.0796 4176 helpsvc - ok
12:16:33.0812 4176 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:16:33.0812 4176 HidServ - ok
12:16:33.0812 4176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:33.0812 4176 hidusb - ok
12:16:33.0859 4176 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:16:33.0859 4176 hkmsvc - ok
12:16:33.0921 4176 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
12:16:33.0921 4176 HP Port Resolver - ok
12:16:33.0921 4176 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
12:16:33.0937 4176 HP Status Server - ok
12:16:33.0937 4176 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:16:33.0937 4176 hpn - ok
12:16:33.0968 4176 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:16:33.0968 4176 HPZid412 - ok
12:16:33.0984 4176 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:16:34.0000 4176 HPZipr12 - ok
12:16:34.0015 4176 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:16:34.0015 4176 HPZius12 - ok
12:16:34.0062 4176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:34.0078 4176 HTTP - ok
12:16:34.0093 4176 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:16:34.0125 4176 HTTPFilter - ok
12:16:34.0156 4176 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:16:34.0156 4176 i2omgmt - ok
12:16:34.0171 4176 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:16:34.0171 4176 i2omp - ok
12:16:34.0203 4176 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:34.0218 4176 i8042prt - ok
12:16:34.0296 4176 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\drivers\iaStor.sys
12:16:34.0312 4176 iaStor - ok
12:16:34.0390 4176 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:16:34.0390 4176 IAStorDataMgrSvc - ok
12:16:34.0593 4176 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:34.0625 4176 idsvc - ok
12:16:34.0843 4176 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120517.001\IDSxpx86.sys
12:16:34.0843 4176 IDSxpx86 - ok
12:16:34.0984 4176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:34.0984 4176 Imapi - ok
12:16:35.0015 4176 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:16:35.0015 4176 ImapiService - ok
12:16:35.0031 4176 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:16:35.0031 4176 ini910u - ok
12:16:35.0109 4176 InstallFilterService (987a2cc8ec0e86caa2d8068b1ed7b441) C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
12:16:35.0140 4176 InstallFilterService - ok
12:16:35.0140 4176 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:16:35.0156 4176 IntelIde - ok
12:16:35.0156 4176 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:16:35.0171 4176 intelppm - ok
12:16:35.0187 4176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:16:35.0187 4176 Ip6Fw - ok
12:16:35.0187 4176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:35.0187 4176 IpFilterDriver - ok
12:16:35.0203 4176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:35.0234 4176 IpInIp - ok
12:16:35.0296 4176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:35.0328 4176 IpNat - ok
12:16:35.0453 4176 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
12:16:35.0468 4176 iPod Service - ok
12:16:35.0484 4176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:35.0500 4176 IPSec - ok
12:16:35.0500 4176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:35.0515 4176 IRENUM - ok
12:16:35.0546 4176 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:35.0562 4176 isapnp - ok
12:16:35.0625 4176 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:16:35.0625 4176 JavaQuickStarterService - ok
12:16:35.0656 4176 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:35.0656 4176 Kbdclass - ok
12:16:35.0671 4176 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:16:35.0671 4176 kbdhid - ok
12:16:35.0718 4176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:16:35.0718 4176 kmixer - ok
12:16:35.0718 4176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:35.0734 4176 KSecDD - ok
12:16:35.0765 4176 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:16:35.0765 4176 LanmanServer - ok
12:16:35.0796 4176 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:16:35.0796 4176 lanmanworkstation - ok
12:16:35.0796 4176 lbrtfdc - ok
12:16:35.0812 4176 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:16:35.0812 4176 LmHosts - ok
12:16:35.0906 4176 MatSvc (9f04b1edc2dca29bbea94f37dacb55b7) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
12:16:35.0906 4176 MatSvc - ok
12:16:35.0984 4176 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
12:16:36.0000 4176 McciCMService - ok
12:16:36.0015 4176 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:16:36.0031 4176 Messenger - ok
12:16:36.0062 4176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:36.0062 4176 mnmdd - ok
12:16:36.0093 4176 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:16:36.0093 4176 mnmsrvc - ok
12:16:36.0109 4176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:16:36.0109 4176 Modem - ok
12:16:36.0125 4176 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:36.0125 4176 Mouclass - ok
12:16:36.0140 4176 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:36.0156 4176 mouhid - ok
12:16:36.0171 4176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:36.0171 4176 MountMgr - ok
12:16:36.0218 4176 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:16:36.0218 4176 MozillaMaintenance - ok
12:16:36.0234 4176 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:16:36.0234 4176 mraid35x - ok
12:16:36.0265 4176 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:16:36.0281 4176 MREMP50 - ok
12:16:36.0281 4176 MREMPR5 - ok
12:16:36.0281 4176 MRENDIS5 - ok
12:16:36.0296 4176 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:16:36.0296 4176 MRESP50 - ok
12:16:36.0312 4176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:36.0328 4176 MRxDAV - ok
12:16:36.0375 4176 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:36.0390 4176 MRxSmb - ok
12:16:36.0421 4176 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:16:36.0421 4176 MSDTC - ok
12:16:36.0421 4176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:16:36.0421 4176 Msfs - ok
12:16:36.0437 4176 MSIServer - ok
12:16:36.0437 4176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:36.0468 4176 MSKSSRV - ok
12:16:36.0484 4176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:36.0500 4176 MSPCLOCK - ok
12:16:36.0531 4176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:16:36.0531 4176 MSPQM - ok
12:16:36.0531 4176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:16:36.0531 4176 mssmbios - ok
12:16:36.0562 4176 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:16:36.0578 4176 Mup - ok
12:16:36.0609 4176 NAL (428c611928df3e96538a482117e659f7) C:\WINDOWS\system32\Drivers\iqvw32.sys
12:16:36.0609 4176 NAL - ok
12:16:36.0656 4176 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:16:36.0687 4176 napagent - ok
12:16:36.0875 4176 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120517.023\NAVENG.SYS
12:16:36.0875 4176 NAVENG - ok
12:16:37.0000 4176 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120517.023\NAVEX15.SYS
12:16:37.0000 4176 NAVEX15 - ok
12:16:37.0156 4176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:16:37.0156 4176 NDIS - ok
12:16:37.0187 4176 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:16:37.0203 4176 NdisTapi - ok
12:16:37.0234 4176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:16:37.0234 4176 Ndisuio - ok
12:16:37.0250 4176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:16:37.0281 4176 NdisWan - ok
12:16:37.0312 4176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:16:37.0343 4176 NDProxy - ok
12:16:37.0359 4176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:16:37.0359 4176 NetBIOS - ok
12:16:37.0406 4176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:16:37.0406 4176 NetBT - ok
12:16:37.0437 4176 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:37.0453 4176 NetDDE - ok
12:16:37.0453 4176 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:37.0453 4176 NetDDEdsdm - ok
12:16:37.0484 4176 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:37.0484 4176 Netlogon - ok
12:16:37.0562 4176 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:16:37.0562 4176 Netman - ok
12:16:37.0656 4176 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:16:37.0687 4176 NetTcpPortSharing - ok
12:16:37.0718 4176 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:16:37.0718 4176 NIC1394 - ok
12:16:37.0953 4176 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
12:16:37.0953 4176 NIS - ok
12:16:38.0015 4176 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:16:38.0015 4176 Nla - ok
12:16:38.0046 4176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:16:38.0046 4176 Npfs - ok
12:16:38.0156 4176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:16:38.0171 4176 Ntfs - ok
12:16:38.0218 4176 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:38.0218 4176 NtLmSsp - ok
12:16:38.0281 4176 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:16:38.0281 4176 NtmsSvc - ok
12:16:38.0296 4176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:16:38.0296 4176 Null - ok
12:16:38.0875 4176 nv (0d3d6537671d6a31a58c654f82b77110) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:16:39.0031 4176 nv - ok
12:16:39.0203 4176 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
12:16:39.0218 4176 NVHDA - ok
12:16:39.0640 4176 NVIDIA Performance Driver Service (8234151a1d602d3175de4859e32d5289) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
12:16:39.0734 4176 NVIDIA Performance Driver Service - ok
12:16:39.0859 4176 nvsvc (87ff0b427c6645dfaf15ccd6ae7823b6) C:\WINDOWS\system32\nvsvc32.exe
12:16:39.0859 4176 nvsvc - ok
12:16:39.0921 4176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:16:39.0921 4176 NwlnkFlt - ok
12:16:39.0937 4176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:16:39.0937 4176 NwlnkFwd - ok
12:16:40.0046 4176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:16:40.0046 4176 odserv - ok
12:16:40.0093 4176 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:16:40.0093 4176 ohci1394 - ok
12:16:40.0125 4176 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:40.0125 4176 ose - ok
12:16:40.0140 4176 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:16:40.0156 4176 Parport - ok
12:16:40.0156 4176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:16:40.0156 4176 PartMgr - ok
12:16:40.0156 4176 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:16:40.0156 4176 ParVdm - ok
12:16:40.0171 4176 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
12:16:40.0203 4176 PBADRV - ok
12:16:40.0203 4176 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:16:40.0218 4176 PCI - ok
12:16:40.0218 4176 PCIDump - ok
12:16:40.0218 4176 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:16:40.0218 4176 PCIIde - ok
12:16:40.0234 4176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:16:40.0265 4176 Pcmcia - ok
12:16:40.0265 4176 PDCOMP - ok
12:16:40.0265 4176 PDFRAME - ok
12:16:40.0281 4176 PDRELI - ok
12:16:40.0281 4176 PDRFRAME - ok
12:16:40.0328 4176 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:16:40.0328 4176 perc2 - ok
12:16:40.0328 4176 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:16:40.0359 4176 perc2hib - ok
12:16:40.0406 4176 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:16:40.0406 4176 PlugPlay - ok
12:16:40.0437 4176 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
12:16:40.0453 4176 Pml Driver HPZ12 - ok
12:16:40.0484 4176 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:40.0484 4176 PolicyAgent - ok
12:16:40.0515 4176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:16:40.0515 4176 PptpMiniport - ok
12:16:40.0515 4176 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:40.0515 4176 ProtectedStorage - ok
12:16:40.0531 4176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:16:40.0531 4176 PSched - ok
12:16:40.0578 4176 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:16:40.0578 4176 PSI_SVC_2 - ok
12:16:40.0593 4176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:16:40.0609 4176 Ptilink - ok
12:16:40.0640 4176 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:16:40.0640 4176 ql1080 - ok
12:16:40.0656 4176 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:16:40.0656 4176 Ql10wnt - ok
12:16:40.0671 4176 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:16:40.0671 4176 ql12160 - ok
12:16:40.0671 4176 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:16:40.0687 4176 ql1240 - ok
12:16:40.0703 4176 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:16:40.0703 4176 ql1280 - ok
12:16:40.0703 4176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:16:40.0703 4176 RasAcd - ok
12:16:40.0734 4176 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:16:40.0734 4176 RasAuto - ok
12:16:40.0734 4176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:16:40.0750 4176 Rasl2tp - ok
12:16:40.0765 4176 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:16:40.0765 4176 RasMan - ok
12:16:40.0781 4176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:16:40.0781 4176 RasPppoe - ok
12:16:40.0781 4176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:16:40.0812 4176 Raspti - ok
12:16:40.0828 4176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:16:40.0828 4176 Rdbss - ok
12:16:40.0859 4176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:16:40.0859 4176 RDPCDD - ok
12:16:40.0890 4176 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:16:40.0890 4176 rdpdr - ok
12:16:40.0921 4176 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:16:40.0953 4176 RDPWD - ok
12:16:40.0984 4176 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:16:40.0984 4176 RDSessMgr - ok
12:16:41.0015 4176 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:16:41.0015 4176 redbook - ok
12:16:41.0031 4176 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:16:41.0031 4176 RemoteAccess - ok
12:16:41.0062 4176 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:16:41.0062 4176 RemoteRegistry - ok
12:16:41.0093 4176 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
12:16:41.0093 4176 risdpcie - ok
12:16:41.0109 4176 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:16:41.0109 4176 RpcLocator - ok
12:16:41.0187 4176 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:16:41.0187 4176 RpcSs - ok
12:16:41.0218 4176 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:16:41.0234 4176 RSVP - ok
12:16:41.0265 4176 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:41.0265 4176 SamSs - ok
12:16:41.0296 4176 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:16:41.0296 4176 SCardSvr - ok
12:16:41.0328 4176 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:16:41.0328 4176 Schedule - ok
12:16:41.0359 4176 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:16:41.0359 4176 sdbus - ok
12:16:41.0375 4176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:16:41.0375 4176 Secdrv - ok
12:16:41.0390 4176 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:16:41.0390 4176 seclogon - ok
12:16:41.0593 4176 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
12:16:41.0640 4176 SecureStorageService - ok
12:16:41.0640 4176 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:16:41.0640 4176 SENS - ok
12:16:41.0671 4176 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:16:41.0671 4176 Serial - ok
12:16:41.0687 4176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:16:41.0703 4176 Sfloppy - ok
12:16:41.0765 4176 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:16:41.0781 4176 SharedAccess - ok
12:16:41.0812 4176 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:41.0828 4176 ShellHWDetection - ok
12:16:41.0828 4176 Simbad - ok
12:16:41.0843 4176 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:16:41.0843 4176 sisagp - ok
12:16:41.0875 4176 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:16:41.0875 4176 Sparrow - ok
12:16:41.0906 4176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:16:41.0906 4176 splitter - ok
12:16:41.0937 4176 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:16:41.0937 4176 Spooler - ok
12:16:41.0968 4176 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:16:41.0968 4176 sr - ok
12:16:42.0015 4176 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:16:42.0015 4176 srservice - ok
12:16:42.0125 4176 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS
12:16:42.0125 4176 SRTSP - ok
12:16:42.0140 4176 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS
12:16:42.0156 4176 SRTSPX - ok
12:16:42.0187 4176 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:16:42.0203 4176 Srv - ok
12:16:42.0218 4176 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:16:42.0234 4176 SSDPSRV - ok
12:16:42.0328 4176 STacSV (95e100d2aab23a591a01655e6063d36e) C:\Program Files\IDT\WDM\stacsv.exe
12:16:42.0328 4176 STacSV - ok
12:16:42.0359 4176 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\WINDOWS\system32\DRIVERS\stdfltn.sys
12:16:42.0359 4176 stdflt - ok
12:16:42.0562 4176 STHDA (72c411579358a57941f8d0b3a67175b4) C:\WINDOWS\system32\drivers\sthda.sys
12:16:42.0578 4176 STHDA - ok
12:16:42.0718 4176 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:16:42.0734 4176 StillCam - ok
12:16:42.0781 4176 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:16:42.0781 4176 stisvc - ok
12:16:42.0796 4176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:16:42.0796 4176 swenum - ok
12:16:42.0812 4176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:16:42.0812 4176 swmidi - ok
12:16:42.0812 4176 SwPrv - ok
12:16:42.0828 4176 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:16:42.0828 4176 symc810 - ok
12:16:42.0843 4176 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:16:42.0875 4176 symc8xx - ok
12:16:42.0968 4176 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS
12:16:42.0968 4176 SymDS - ok
12:16:43.0031 4176 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS
12:16:43.0046 4176 SymEFA - ok
12:16:43.0093 4176 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:16:43.0093 4176 SymEvent - ok
12:16:43.0125 4176 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:16:43.0125 4176 SymIM - ok
12:16:43.0125 4176 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:16:43.0125 4176 SymIMMP - ok
12:16:43.0156 4176 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS
12:16:43.0156 4176 SymIRON - ok
12:16:43.0218 4176 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS
12:16:43.0218 4176 SYMTDI - ok
12:16:43.0234 4176 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:16:43.0234 4176 sym_hi - ok
12:16:43.0250 4176 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:16:43.0250 4176 sym_u3 - ok
12:16:43.0265 4176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:16:43.0265 4176 sysaudio - ok
12:16:43.0296 4176 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:16:43.0328 4176 SysmonLog - ok
12:16:43.0375 4176 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:16:43.0390 4176 TapiSrv - ok
12:16:43.0453 4176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:16:43.0453 4176 Tcpip - ok
12:16:43.0671 4176 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:16:43.0703 4176 tcsd_win32.exe - ok
12:16:43.0859 4176 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
12:16:43.0890 4176 TdmService - ok
12:16:44.0015 4176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:16:44.0015 4176 TDPIPE - ok
12:16:44.0031 4176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:16:44.0031 4176 TDTCP - ok
12:16:44.0062 4176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:16:44.0078 4176 TermDD - ok
12:16:44.0140 4176 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:16:44.0140 4176 TermService - ok
12:16:44.0171 4176 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:44.0171 4176 Themes - ok
12:16:44.0187 4176 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:16:44.0187 4176 TlntSvr - ok
12:16:44.0203 4176 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:16:44.0203 4176 TosIde - ok
12:16:44.0218 4176 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:16:44.0218 4176 TrkWks - ok
12:16:44.0234 4176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:16:44.0234 4176 Udfs - ok
12:16:44.0250 4176 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:16:44.0250 4176 ultra - ok
12:16:44.0296 4176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:16:44.0312 4176 Update - ok
12:16:44.0343 4176 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:16:44.0343 4176 upnphost - ok
12:16:44.0359 4176 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:16:44.0359 4176 UPS - ok
12:16:44.0390 4176 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:16:44.0406 4176 usbaudio - ok
12:16:44.0437 4176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:16:44.0437 4176 usbccgp - ok
12:16:44.0453 4176 USBCCID (64ca8ed4b0980aae46beb3727046e860) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:16:44.0468 4176 USBCCID - ok
12:16:44.0484 4176 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:16:44.0484 4176 usbehci - ok
12:16:44.0515 4176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:16:44.0531 4176 usbhub - ok
12:16:44.0578 4176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:16:44.0593 4176 usbprint - ok
12:16:44.0625 4176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:16:44.0625 4176 usbscan - ok
12:16:44.0656 4176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:16:44.0656 4176 USBSTOR - ok
12:16:44.0671 4176 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:16:44.0687 4176 usbuhci - ok
12:16:44.0703 4176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:16:44.0703 4176 VgaSave - ok
12:16:44.0703 4176 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:16:44.0718 4176 viaagp - ok
12:16:44.0734 4176 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:16:44.0750 4176 ViaIde - ok
12:16:44.0765 4176 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:16:44.0765 4176 VolSnap - ok
12:16:44.0828 4176 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:16:44.0828 4176 VSS - ok
12:16:44.0875 4176 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:16:44.0875 4176 w32time - ok
12:16:44.0906 4176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:16:44.0921 4176 Wanarp - ok
12:16:44.0968 4176 WavxDMgr (81f117b7834fa0b78c2354208d185528) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
12:16:44.0968 4176 WavxDMgr - ok
12:16:45.0031 4176 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:16:45.0031 4176 Wdf01000 - ok
12:16:45.0031 4176 WDICA - ok
12:16:45.0062 4176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:16:45.0062 4176 wdmaud - ok
12:16:45.0078 4176 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:16:45.0078 4176 WebClient - ok
12:16:45.0156 4176 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:16:45.0156 4176 winmgmt - ok
12:16:45.0265 4176 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
12:16:45.0312 4176 WinRM - ok
12:16:45.0312 4176 wltrysvc - ok
12:16:45.0343 4176 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
12:16:45.0343 4176 WmdmPmSN - ok
12:16:45.0453 4176 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:16:45.0453 4176 Wmi - ok
12:16:45.0531 4176 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:16:45.0531 4176 WmiAcpi - ok
12:16:45.0562 4176 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:16:45.0562 4176 WmiApSrv - ok
12:16:45.0578 4176 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:16:45.0593 4176 WS2IFSL - ok
12:16:45.0640 4176 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:16:45.0640 4176 wscsvc - ok
12:16:45.0656 4176 WSearch - ok
12:16:45.0671 4176 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:16:45.0671 4176 wuauserv - ok
12:16:45.0718 4176 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:16:45.0734 4176 WZCSVC - ok
12:16:45.0750 4176 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:16:45.0781 4176 xmlprov - ok
12:16:45.0812 4176 YahooAUService - ok
12:16:45.0843 4176 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:16:46.0234 4176 \Device\Harddisk0\DR0 - ok
12:16:46.0234 4176 Boot (0x1200) (91f7c0e3e233cbe18c77cfa070926b4c) \Device\Harddisk0\DR0\Partition0
12:16:46.0234 4176 \Device\Harddisk0\DR0\Partition0 - ok
12:16:46.0234 4176 ============================================================
12:16:46.0234 4176 Scan finished
12:16:46.0234 4176 ============================================================
12:16:46.0234 0724 Detected object count: 0
12:16:46.0234 0724 Actual detected object count: 0
12:16:51.0203 4616 ============================================================
12:16:51.0203 4616 Scan started
12:16:51.0203 4616 Mode: Manual; TDLFS;
12:16:51.0203 4616 ============================================================
12:16:51.0953 4616 Abiosdsk - ok
12:16:51.0984 4616 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:16:51.0984 4616 abp480n5 - ok
12:16:52.0000 4616 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\WINDOWS\system32\DRIVERS\Accelern.sys
12:16:52.0000 4616 Acceler - ok
12:16:52.0031 4616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:16:52.0031 4616 ACPI - ok
12:16:52.0046 4616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:16:52.0046 4616 ACPIEC - ok
12:16:52.0078 4616 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
12:16:52.0078 4616 adfs - ok
12:16:52.0109 4616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:16:52.0109 4616 adpu160m - ok
12:16:52.0125 4616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:16:52.0140 4616 aec - ok
12:16:52.0171 4616 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
12:16:52.0171 4616 AESTAud - ok
12:16:52.0203 4616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:16:52.0203 4616 AFD - ok
12:16:52.0203 4616 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:16:52.0203 4616 agp440 - ok
12:16:52.0203 4616 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:16:52.0203 4616 agpCPQ - ok
12:16:52.0218 4616 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:16:52.0218 4616 Aha154x - ok
12:16:52.0218 4616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:16:52.0218 4616 aic78u2 - ok
12:16:52.0234 4616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:16:52.0234 4616 aic78xx - ok
12:16:52.0265 4616 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:16:52.0265 4616 Alerter - ok
12:16:52.0296 4616 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:16:52.0296 4616 ALG - ok
12:16:52.0296 4616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:16:52.0296 4616 AliIde - ok
12:16:52.0312 4616 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:16:52.0312 4616 alim1541 - ok
12:16:52.0312 4616 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:16:52.0312 4616 amdagp - ok
12:16:52.0312 4616 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:16:52.0312 4616 amsint - ok
12:16:52.0359 4616 ApfiltrService (3adde2de22d3c3f6d7fbdb450c6287d2) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:16:52.0375 4616 ApfiltrService - ok
12:16:52.0468 4616 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:16:52.0468 4616 Apple Mobile Device - ok
12:16:52.0484 4616 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:16:52.0484 4616 AppMgmt - ok
12:16:52.0515 4616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:16:52.0515 4616 Arp1394 - ok
12:16:52.0531 4616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:16:52.0531 4616 asc - ok
12:16:52.0531 4616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:16:52.0531 4616 asc3350p - ok
12:16:52.0531 4616 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:16:52.0531 4616 asc3550 - ok
12:16:52.0609 4616 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:16:52.0609 4616 aspnet_state - ok
12:16:52.0609 4616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:16:52.0625 4616 AsyncMac - ok
12:16:52.0625 4616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:16:52.0625 4616 atapi - ok
12:16:52.0625 4616 Atdisk - ok
12:16:52.0640 4616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:16:52.0640 4616 Atmarpc - ok
12:16:52.0656 4616 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:16:52.0656 4616 AudioSrv - ok
12:16:52.0671 4616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:52.0671 4616 audstub - ok
12:16:52.0906 4616 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:16:52.0921 4616 BCM43XX - ok
12:16:53.0078 4616 BCMTPM (aa8629c3f91300645c64cf0084f94df1) C:\WINDOWS\system32\DRIVERS\btpmw32.sys
12:16:53.0078 4616 BCMTPM - ok
12:16:53.0093 4616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:16:53.0093 4616 Beep - ok
12:16:53.0359 4616 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
12:16:53.0359 4616 BHDrvx86 - ok
12:16:53.0406 4616 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:16:53.0421 4616 BITS - ok
12:16:53.0531 4616 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:16:53.0531 4616 Bonjour Service - ok
12:16:53.0593 4616 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:16:53.0593 4616 Browser - ok
12:16:53.0593 4616 catchme - ok
12:16:53.0656 4616 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:16:53.0656 4616 cbidf - ok
12:16:53.0656 4616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:53.0656 4616 cbidf2k - ok
12:16:53.0734 4616 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys
12:16:53.0734 4616 ccSet_NIS - ok
12:16:53.0734 4616 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:16:53.0734 4616 cd20xrnt - ok
12:16:53.0734 4616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:53.0734 4616 Cdaudio - ok
12:16:53.0750 4616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:53.0765 4616 Cdfs - ok
12:16:53.0781 4616 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:53.0781 4616 Cdrom - ok
12:16:53.0781 4616 Changer - ok
12:16:53.0812 4616 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:16:53.0812 4616 CiSvc - ok
12:16:53.0843 4616 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:16:53.0843 4616 ClipSrv - ok
12:16:53.0937 4616 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:53.0937 4616 clr_optimization_v2.0.50727_32 - ok
12:16:53.0968 4616 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:53.0968 4616 CmBatt - ok
12:16:53.0984 4616 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:16:53.0984 4616 CmdIde - ok
12:16:54.0000 4616 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:54.0000 4616 Compbatt - ok
12:16:54.0000 4616 COMSysApp - ok
12:16:54.0015 4616 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:16:54.0015 4616 Cpqarray - ok
12:16:54.0109 4616 Credential Vault Host Control Service (09fea7fbd6a29e3941a2ffc6f7aeb818) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
12:16:54.0125 4616 Credential Vault Host Control Service - ok
12:16:54.0140 4616 Credential Vault Host Storage (45bf153d51ed8790de8f8446b11deb57) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
12:16:54.0140 4616 Credential Vault Host Storage - ok
12:16:54.0171 4616 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:16:54.0171 4616 CryptSvc - ok
12:16:54.0187 4616 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
12:16:54.0187 4616 cvusbdrv - ok
12:16:54.0218 4616 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:16:54.0218 4616 dac2w2k - ok
12:16:54.0218 4616 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:16:54.0218 4616 dac960nt - ok
12:16:54.0281 4616 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:16:54.0281 4616 DcomLaunch - ok
12:16:54.0390 4616 dcpsysmgrsvc (f73080d9f2a78472ac8e7947f3f6c6aa) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
12:16:54.0406 4616 dcpsysmgrsvc - ok
12:16:54.0421 4616 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:16:54.0421 4616 Dhcp - ok
12:16:54.0421 4616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:54.0421 4616 Disk - ok
12:16:54.0437 4616 dmadmin - ok
12:16:54.0515 4616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:16:54.0515 4616 dmboot - ok
12:16:54.0562 4616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:16:54.0562 4616 dmio - ok
12:16:54.0578 4616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:16:54.0578 4616 dmload - ok
12:16:54.0578 4616 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:16:54.0578 4616 dmserver - ok
12:16:54.0593 4616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:16:54.0593 4616 DMusic - ok
12:16:54.0609 4616 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:16:54.0625 4616 Dnscache - ok
12:16:54.0625 4616 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:16:54.0625 4616 Dot3svc - ok
12:16:54.0640 4616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:16:54.0640 4616 dpti2o - ok
12:16:54.0656 4616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:54.0656 4616 drmkaud - ok
12:16:54.0687 4616 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:16:54.0687 4616 e1kexpress - ok
12:16:54.0718 4616 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:16:54.0718 4616 EapHost - ok
12:16:54.0843 4616 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:16:54.0843 4616 eeCtrl - ok
12:16:54.0890 4616 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:16:54.0890 4616 EraserUtilRebootDrv - ok
12:16:54.0906 4616 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:16:54.0906 4616 ERSvc - ok
12:16:54.0937 4616 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:16:54.0937 4616 Eventlog - ok
12:16:54.0968 4616 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:16:54.0968 4616 EventSystem - ok
12:16:55.0000 4616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:55.0000 4616 Fastfat - ok
12:16:55.0015 4616 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:55.0031 4616 FastUserSwitchingCompatibility - ok
12:16:55.0062 4616 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:16:55.0062 4616 Fax - ok
12:16:55.0062 4616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:16:55.0062 4616 Fdc - ok
12:16:55.0078 4616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:16:55.0078 4616 Fips - ok
12:16:55.0156 4616 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:16:55.0156 4616 FLEXnet Licensing Service - ok
12:16:55.0156 4616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:55.0156 4616 Flpydisk - ok
12:16:55.0187 4616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:16:55.0187 4616 FltMgr - ok
12:16:55.0281 4616 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:55.0281 4616 FontCache3.0.0.0 - ok
12:16:55.0296 4616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:55.0296 4616 Fs_Rec - ok
12:16:55.0312 4616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:55.0312 4616 Ftdisk - ok
12:16:55.0343 4616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:16:55.0343 4616 GEARAspiWDM - ok
12:16:55.0359 4616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:55.0359 4616 Gpc - ok
12:16:55.0390 4616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:16:55.0390 4616 HDAudBus - ok
12:16:55.0437 4616 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:55.0437 4616 helpsvc - ok
12:16:55.0468 4616 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:16:55.0468 4616 HidServ - ok
12:16:55.0484 4616 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:55.0484 4616 hidusb - ok
12:16:55.0515 4616 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:16:55.0515 4616 hkmsvc - ok
12:16:55.0578 4616 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
12:16:55.0578 4616 HP Port Resolver - ok
12:16:55.0593 4616 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
12:16:55.0593 4616 HP Status Server - ok
12:16:55.0609 4616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:16:55.0609 4616 hpn - ok
12:16:55.0640 4616 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:16:55.0640 4616 HPZid412 - ok
12:16:55.0671 4616 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:16:55.0671 4616 HPZipr12 - ok
12:16:55.0687 4616 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:16:55.0687 4616 HPZius12 - ok
12:16:55.0750 4616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:55.0750 4616 HTTP - ok
12:16:55.0781 4616 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:16:55.0781 4616 HTTPFilter - ok
12:16:55.0796 4616 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:16:55.0796 4616 i2omgmt - ok
12:16:55.0812 4616 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:16:55.0812 4616 i2omp - ok
12:16:55.0828 4616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:55.0828 4616 i8042prt - ok
12:16:55.0890 4616 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\drivers\iaStor.sys
12:16:55.0890 4616 iaStor - ok
12:16:55.0984 4616 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:16:55.0984 4616 IAStorDataMgrSvc - ok
12:16:56.0171 4616 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:56.0171 4616 idsvc - ok
12:16:56.0421 4616 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120517.001\IDSxpx86.sys
12:16:56.0421 4616 IDSxpx86 - ok
12:16:56.0546 4616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:56.0546 4616 Imapi - ok
12:16:56.0578 4616 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:16:56.0578 4616 ImapiService - ok
12:16:56.0593 4616 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:16:56.0593 4616 ini910u - ok
12:16:56.0671 4616 InstallFilterService (987a2cc8ec0e86caa2d8068b1ed7b441) C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
12:16:56.0671 4616 InstallFilterService - ok
12:16:56.0687 4616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:16:56.0687 4616 IntelIde - ok
12:16:56.0703 4616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:16:56.0703 4616 intelppm - ok
12:16:56.0703 4616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:16:56.0718 4616 Ip6Fw - ok
12:16:56.0718 4616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:56.0718 4616 IpFilterDriver - ok
12:16:56.0718 4616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:56.0718 4616 IpInIp - ok
12:16:56.0781 4616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:56.0781 4616 IpNat - ok
12:16:56.0906 4616 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
12:16:56.0906 4616 iPod Service - ok
12:16:56.0937 4616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:56.0937 4616 IPSec - ok
12:16:56.0953 4616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:56.0953 4616 IRENUM - ok
12:16:57.0000 4616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:57.0000 4616 isapnp - ok
12:16:57.0062 4616 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:16:57.0062 4616 JavaQuickStarterService - ok
12:16:57.0093 4616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:57.0093 4616 Kbdclass - ok
12:16:57.0109 4616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:16:57.0109 4616 kbdhid - ok
12:16:57.0140 4616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:16:57.0140 4616 kmixer - ok
12:16:57.0156 4616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:57.0156 4616 KSecDD - ok
12:16:57.0187 4616 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:16:57.0203 4616 LanmanServer - ok
12:16:57.0218 4616 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:16:57.0234 4616 lanmanworkstation - ok
12:16:57.0234 4616 lbrtfdc - ok
12:16:57.0265 4616 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:16:57.0265 4616 LmHosts - ok
12:16:57.0343 4616 MatSvc (9f04b1edc2dca29bbea94f37dacb55b7) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
12:16:57.0343 4616 MatSvc - ok
12:16:57.0421 4616 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
12:16:57.0421 4616 McciCMService - ok
12:16:57.0421 4616 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:16:57.0421 4616 Messenger - ok
12:16:57.0437 4616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:57.0437 4616 mnmdd - ok
12:16:57.0453 4616 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:16:57.0453 4616 mnmsrvc - ok
12:16:57.0468 4616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:16:57.0468 4616 Modem - ok
12:16:57.0484 4616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:57.0484 4616 Mouclass - ok
12:16:57.0500 4616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:57.0500 4616 mouhid - ok
12:16:57.0531 4616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:57.0531 4616 MountMgr - ok
12:16:57.0562 4616 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:16:57.0562 4616 MozillaMaintenance - ok
12:16:57.0578 4616 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:16:57.0578 4616 mraid35x - ok
12:16:57.0593 4616 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:16:57.0593 4616 MREMP50 - ok
12:16:57.0593 4616 MREMPR5 - ok
12:16:57.0593 4616 MRENDIS5 - ok
12:16:57.0609 4616 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:16:57.0609 4616 MRESP50 - ok
12:16:57.0625 4616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:57.0625 4616 MRxDAV - ok
12:16:57.0687 4616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:57.0687 4616 MRxSmb - ok
12:16:57.0718 4616 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:16:57.0718 4616 MSDTC - ok
12:16:57.0718 4616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:16:57.0718 4616 Msfs - ok
12:16:57.0718 4616 MSIServer - ok
12:16:57.0734 4616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:57.0734 4616 MSKSSRV - ok
12:16:57.0734 4616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:57.0734 4616 MSPCLOCK - ok
12:16:57.0734 4616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:16:57.0750 4616 MSPQM - ok
12:16:57.0750 4616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:16:57.0750 4616 mssmbios - ok
12:16:57.0765 4616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:16:57.0765 4616 Mup - ok
12:16:57.0812 4616 NAL (428c611928df3e96538a482117e659f7) C:\WINDOWS\system32\Drivers\iqvw32.sys
12:16:57.0812 4616 NAL - ok
12:16:57.0828 4616 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:16:57.0843 4616 napagent - ok
12:16:58.0031 4616 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120517.023\NAVENG.SYS
12:16:58.0031 4616 NAVENG - ok
12:16:58.0218 4616 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120517.023\NAVEX15.SYS
12:16:58.0234 4616 NAVEX15 - ok
12:16:58.0421 4616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:16:58.0421 4616 NDIS - ok
12:16:58.0453 4616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:16:58.0453 4616 NdisTapi - ok
12:16:58.0468 4616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:16:58.0468 4616 Ndisuio - ok
12:16:58.0484 4616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:16:58.0484 4616 NdisWan - ok
12:16:58.0515 4616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:16:58.0515 4616 NDProxy - ok
12:16:58.0546 4616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:16:58.0546 4616 NetBIOS - ok
12:16:58.0578 4616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:16:58.0578 4616 NetBT - ok
12:16:58.0609 4616 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:58.0625 4616 NetDDE - ok
12:16:58.0625 4616 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:58.0625 4616 NetDDEdsdm - ok
12:16:58.0656 4616 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:58.0656 4616 Netlogon - ok
12:16:58.0687 4616 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:16:58.0687 4616 Netman - ok
12:16:58.0781 4616 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:16:58.0796 4616 NetTcpPortSharing - ok
12:16:58.0828 4616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:16:58.0828 4616 NIC1394 - ok
12:16:59.0078 4616 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
12:16:59.0078 4616 NIS - ok
12:16:59.0140 4616 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:16:59.0140 4616 Nla - ok
12:16:59.0156 4616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:16:59.0156 4616 Npfs - ok
12:16:59.0250 4616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:16:59.0250 4616 Ntfs - ok
12:16:59.0296 4616 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:59.0296 4616 NtLmSsp - ok
12:16:59.0343 4616 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:16:59.0343 4616 NtmsSvc - ok
12:16:59.0375 4616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:16:59.0375 4616 Null - ok
12:16:59.0921 4616 nv (0d3d6537671d6a31a58c654f82b77110) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:17:00.0000 4616 nv - ok
12:17:00.0171 4616 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
12:17:00.0171 4616 NVHDA - ok
12:17:00.0578 4616 NVIDIA Performance Driver Service (8234151a1d602d3175de4859e32d5289) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
12:17:00.0625 4616 NVIDIA Performance Driver Service - ok
12:17:00.0703 4616 nvsvc (87ff0b427c6645dfaf15ccd6ae7823b6) C:\WINDOWS\system32\nvsvc32.exe
12:17:00.0703 4616 nvsvc - ok
12:17:00.0734 4616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:17:00.0734 4616 NwlnkFlt - ok
12:17:00.0734 4616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:17:00.0734 4616 NwlnkFwd - ok
12:17:00.0843 4616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:17:00.0843 4616 odserv - ok
12:17:00.0906 4616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:17:00.0906 4616 ohci1394 - ok
12:17:00.0921 4616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:00.0921 4616 ose - ok
12:17:00.0968 4616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:17:00.0968 4616 Parport - ok
12:17:00.0968 4616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:17:00.0968 4616 PartMgr - ok
12:17:00.0984 4616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:17:00.0984 4616 ParVdm - ok
12:17:00.0984 4616 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
12:17:01.0000 4616 PBADRV - ok
12:17:01.0000 4616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:17:01.0000 4616 PCI - ok
12:17:01.0000 4616 PCIDump - ok
12:17:01.0000 4616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:17:01.0000 4616 PCIIde - ok
12:17:01.0015 4616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:17:01.0015 4616 Pcmcia - ok
12:17:01.0015 4616 PDCOMP - ok
12:17:01.0015 4616 PDFRAME - ok
12:17:01.0015 4616 PDRELI - ok
12:17:01.0031 4616 PDRFRAME - ok
12:17:01.0031 4616 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:17:01.0031 4616 perc2 - ok
12:17:01.0046 4616 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:17:01.0046 4616 perc2hib - ok
12:17:01.0078 4616 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:17:01.0078 4616 PlugPlay - ok
12:17:01.0109 4616 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
12:17:01.0109 4616 Pml Driver HPZ12 - ok
12:17:01.0156 4616 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:01.0156 4616 PolicyAgent - ok
12:17:01.0171 4616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:17:01.0171 4616 PptpMiniport - ok
12:17:01.0171 4616 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:01.0171 4616 ProtectedStorage - ok
12:17:01.0187 4616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:17:01.0203 4616 PSched - ok
12:17:01.0250 4616 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:17:01.0250 4616 PSI_SVC_2 - ok
12:17:01.0265 4616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:17:01.0265 4616 Ptilink - ok
12:17:01.0281 4616 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:17:01.0281 4616 ql1080 - ok
12:17:01.0296 4616 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:17:01.0296 4616 Ql10wnt - ok
12:17:01.0328 4616 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:17:01.0328 4616 ql12160 - ok
12:17:01.0343 4616 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:17:01.0343 4616 ql1240 - ok
12:17:01.0375 4616 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:17:01.0375 4616 ql1280 - ok
12:17:01.0375 4616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:17:01.0375 4616 RasAcd - ok
12:17:01.0406 4616 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:17:01.0406 4616 RasAuto - ok
12:17:01.0421 4616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:17:01.0421 4616 Rasl2tp - ok
12:17:01.0453 4616 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:17:01.0453 4616 RasMan - ok
12:17:01.0468 4616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:17:01.0468 4616 RasPppoe - ok
12:17:01.0484 4616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:17:01.0484 4616 Raspti - ok
12:17:01.0515 4616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:17:01.0515 4616 Rdbss - ok
12:17:01.0546 4616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:17:01.0546 4616 RDPCDD - ok
12:17:01.0562 4616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:17:01.0578 4616 rdpdr - ok
12:17:01.0609 4616 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:17:01.0609 4616 RDPWD - ok
12:17:01.0640 4616 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:17:01.0640 4616 RDSessMgr - ok
12:17:01.0671 4616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:17:01.0671 4616 redbook - ok
12:17:01.0703 4616 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:17:01.0703 4616 RemoteAccess - ok
12:17:01.0718 4616 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:17:01.0718 4616 RemoteRegistry - ok
12:17:01.0750 4616 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
12:17:01.0750 4616 risdpcie - ok
12:17:01.0781 4616 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:17:01.0781 4616 RpcLocator - ok
12:17:01.0843 4616 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:17:01.0859 4616 RpcSs - ok
12:17:01.0890 4616 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:17:01.0890 4616 RSVP - ok
12:17:01.0937 4616 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:01.0937 4616 SamSs - ok
12:17:01.0984 4616 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:17:01.0984 4616 SCardSvr - ok
12:17:02.0015 4616 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:17:02.0015 4616 Schedule - ok
12:17:02.0031 4616 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:17:02.0031 4616 sdbus - ok
12:17:02.0046 4616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:17:02.0046 4616 Secdrv - ok
12:17:02.0062 4616 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:17:02.0078 4616 seclogon - ok
12:17:02.0281 4616 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
12:17:02.0281 4616 SecureStorageService - ok
12:17:02.0296 4616 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:17:02.0296 4616 SENS - ok
12:17:02.0312 4616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:17:02.0312 4616 Serial - ok
12:17:02.0328 4616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:17:02.0328 4616 Sfloppy - ok
12:17:02.0390 4616 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:17:02.0390 4616 SharedAccess - ok
12:17:02.0437 4616 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:17:02.0437 4616 ShellHWDetection - ok
12:17:02.0437 4616 Simbad - ok
12:17:02.0453 4616 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:17:02.0453 4616 sisagp - ok
12:17:02.0468 4616 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:17:02.0468 4616 Sparrow - ok
12:17:02.0484 4616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:17:02.0484 4616 splitter - ok
12:17:02.0515 4616 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:17:02.0531 4616 Spooler - ok
12:17:02.0546 4616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:17:02.0562 4616 sr - ok
12:17:02.0593 4616 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:17:02.0609 4616 srservice - ok
12:17:02.0703 4616 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SRTSP.SYS
12:17:02.0718 4616 SRTSP - ok
12:17:02.0734 4616 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307010.005\SRTSPX.SYS
12:17:02.0734 4616 SRTSPX - ok
12:17:02.0796 4616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:17:02.0796 4616 Srv - ok
12:17:02.0812 4616 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:17:02.0812 4616 SSDPSRV - ok
12:17:02.0906 4616 STacSV (95e100d2aab23a591a01655e6063d36e) C:\Program Files\IDT\WDM\stacsv.exe
12:17:02.0906 4616 STacSV - ok
12:17:02.0937 4616 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\WINDOWS\system32\DRIVERS\stdfltn.sys
12:17:02.0937 4616 stdflt - ok
12:17:03.0078 4616 STHDA (72c411579358a57941f8d0b3a67175b4) C:\WINDOWS\system32\drivers\sthda.sys
12:17:03.0093 4616 STHDA - ok
12:17:03.0250 4616 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:17:03.0250 4616 StillCam - ok
12:17:03.0296 4616 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:17:03.0312 4616 stisvc - ok
12:17:03.0343 4616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:17:03.0343 4616 swenum - ok
12:17:03.0359 4616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:17:03.0359 4616 swmidi - ok
12:17:03.0359 4616 SwPrv - ok
12:17:03.0375 4616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:17:03.0375 4616 symc810 - ok
12:17:03.0390 4616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:17:03.0390 4616 symc8xx - ok
12:17:03.0484 4616 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMDS.SYS
12:17:03.0484 4616 SymDS - ok
12:17:03.0546 4616 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307010.005\SYMEFA.SYS
12:17:03.0546 4616 SymEFA - ok
12:17:03.0578 4616 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:17:03.0578 4616 SymEvent - ok
12:17:03.0609 4616 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:17:03.0609 4616 SymIM - ok
12:17:03.0609 4616 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:17:03.0609 4616 SymIMMP - ok
12:17:03.0625 4616 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.SYS
12:17:03.0625 4616 SymIRON - ok
12:17:03.0671 4616 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307010.005\SYMTDI.SYS
12:17:03.0671 4616 SYMTDI - ok
12:17:03.0687 4616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:17:03.0687 4616 sym_hi - ok
12:17:03.0703 4616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:17:03.0703 4616 sym_u3 - ok
12:17:03.0718 4616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:17:03.0718 4616 sysaudio - ok
12:17:03.0750 4616 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:17:03.0750 4616 SysmonLog - ok
12:17:03.0781 4616 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:17:03.0781 4616 TapiSrv - ok
12:17:03.0828 4616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:17:03.0828 4616 Tcpip - ok
12:17:04.0015 4616 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:17:04.0031 4616 tcsd_win32.exe - ok
12:17:04.0250 4616 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
12:17:04.0265 4616 TdmService - ok
12:17:04.0421 4616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:17:04.0421 4616 TDPIPE - ok
12:17:04.0437 4616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:17:04.0453 4616 TDTCP - ok
12:17:04.0468 4616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:17:04.0468 4616 TermDD - ok
12:17:04.0515 4616 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:17:04.0515 4616 TermService - ok
12:17:04.0546 4616 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:17:04.0546 4616 Themes - ok
12:17:04.0562 4616 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:17:04.0562 4616 TlntSvr - ok
12:17:04.0578 4616 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:17:04.0578 4616 TosIde - ok
12:17:04.0593 4616 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:17:04.0593 4616 TrkWks - ok
12:17:04.0609 4616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:17:04.0609 4616 Udfs - ok
12:17:04.0609 4616 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:17:04.0609 4616 ultra - ok
12:17:04.0656 4616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:17:04.0656 4616 Update - ok
12:17:04.0687 4616 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:17:04.0703 4616 upnphost - ok
12:17:04.0718 4616 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:17:04.0718 4616 UPS - ok
12:17:04.0734 4616 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:17:04.0750 4616 usbaudio - ok
12:17:04.0765 4616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:17:04.0765 4616 usbccgp - ok
12:17:04.0812 4616 USBCCID (64ca8ed4b0980aae46beb3727046e860) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:17:04.0812 4616 USBCCID - ok
12:17:04.0843 4616 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:17:04.0843 4616 usbehci - ok
12:17:04.0859 4616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:17:04.0859 4616 usbhub - ok
12:17:04.0890 4616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:17:04.0890 4616 usbprint - ok
12:17:04.0921 4616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:17:04.0921 4616 usbscan - ok
12:17:04.0937 4616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:17:04.0937 4616 USBSTOR - ok
12:17:04.0953 4616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:17:04.0953 4616 usbuhci - ok
12:17:04.0953 4616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:17:04.0953 4616 VgaSave - ok
12:17:04.0968 4616 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:17:04.0968 4616 viaagp - ok
12:17:04.0984 4616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:17:04.0984 4616 ViaIde - ok
12:17:05.0015 4616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:17:05.0015 4616 VolSnap - ok
12:17:05.0062 4616 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:17:05.0078 4616 VSS - ok
12:17:05.0109 4616 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:17:05.0109 4616 w32time - ok
12:17:05.0125 4616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:17:05.0125 4616 Wanarp - ok
12:17:05.0156 4616 WavxDMgr (81f117b7834fa0b78c2354208d185528) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
12:17:05.0171 4616 WavxDMgr - ok
12:17:05.0218 4616 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:17:05.0234 4616 Wdf01000 - ok
12:17:05.0234 4616 WDICA - ok
12:17:05.0265 4616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:17:05.0265 4616 wdmaud - ok
12:17:05.0281 4616 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:17:05.0296 4616 WebClient - ok
12:17:05.0359 4616 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:17:05.0375 4616 winmgmt - ok
12:17:05.0468 4616 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
12:17:05.0484 4616 WinRM - ok
12:17:05.0484 4616 wltrysvc - ok
12:17:05.0500 4616 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
12:17:05.0500 4616 WmdmPmSN - ok
12:17:05.0578 4616 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:17:05.0578 4616 Wmi - ok
12:17:05.0640 4616 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:17:05.0640 4616 WmiAcpi - ok
12:17:05.0687 4616 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:17:05.0687 4616 WmiApSrv - ok
12:17:05.0703 4616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:17:05.0703 4616 WS2IFSL - ok
12:17:05.0750 4616 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:17:05.0750 4616 wscsvc - ok
12:17:05.0750 4616 WSearch - ok
12:17:05.0781 4616 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:17:05.0796 4616 wuauserv - ok
12:17:05.0843 4616 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:17:05.0859 4616 WZCSVC - ok
12:17:05.0890 4616 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:17:05.0890 4616 xmlprov - ok
12:17:05.0921 4616 YahooAUService - ok
12:17:05.0953 4616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:17:07.0015 4616 \Device\Harddisk0\DR0 - ok
12:17:07.0031 4616 Boot (0x1200) (91f7c0e3e233cbe18c77cfa070926b4c) \Device\Harddisk0\DR0\Partition0
12:17:07.0046 4616 \Device\Harddisk0\DR0\Partition0 - ok
12:17:07.0046 4616 ============================================================
12:17:07.0046 4616 Scan finished
12:17:07.0046 4616 ============================================================
12:17:07.0046 4124 Detected object count: 0
12:17:07.0046 4124 Actual detected object count: 0
12:17:13.0562 5032 Deinitialize success


Working on ASWMBR.

#10 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 11:22 AM

Also wanted to let you know that after the combofix ran I check the quarantined folder and it had files in there labelled as viruses. :thumbup2:

I haven't gone on google yet to check things out but I will shortly after I run aswmbr

#11 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 11:45 AM

Ok Avast crashed my system giving me the BSOD. Stopped at C:Documents and Settings/

I've never been able to get a full run through on Avast, always crashes.

#12 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 02:03 PM

Google redirect still occuring. What other avenues do you recommend we take?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 18 May 2012 - 04:34 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 08:44 PM

Hi Gringo,
sorry for the late reply. I had to do another system restore because my workstation was acting up. Also noticed an additional user in safe mode labelled: Administrator

I didn't create that user. Could access the user without the correct password. All kinds of stuff was freaking out on me which is why I had to do a major system restore.

Here's the logs you requested:

OTL logfile created on: 5/18/2012 9:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\RayRay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.73% Memory free
5.08 Gb Paging File | 3.87 Gb Available in Paging File | 76.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 181.25 Gb Free Space | 77.87% Space Free | Partition Type: NTFS

Computer Name: RAY | User Name: RayRay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\RayRay\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
PRC - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ()
MOD - C:\WINDOWS\system32\Wavx_ESC_Logging.dll ()
MOD - C:\WINDOWS\system32\wxvault.dll ()
MOD - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
MOD - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()


========== Win32 Services (SafeList) ==========

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (InstallFilterService) -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\RayRay\LOCALS~1\Temp\catchme.sys File not found
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120518.006\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilDrv11122) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120518.006\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120402.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\symtdi.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\SymEFA.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\SymDS.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120202.002\IDSXpx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys (Symantec Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (e1kexpress) Intel® -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (risdpcie) -- C:\WINDOWS\system32\drivers\risdpe86.sys (REDC)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (Acceler) -- C:\WINDOWS\system32\drivers\Accelern.sys (ST Microelectronics)
DRV - (stdflt) -- C:\WINDOWS\system32\drivers\stdfltn.sys (ST Microelectronics)
DRV - (BCMTPM) -- C:\WINDOWS\system32\drivers\btpmw32.sys (Broadcom Corp.)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-9541066-2834051161-270261326-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/18 18:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/05/18 20:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/18 17:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 17:17:27 | 000,000,000 | ---D | M]

[2011/06/17 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Extensions
[2011/06/17 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Extensions\websecurify@gnucitizen.org
[2012/05/18 17:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions
[2012/05/18 17:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/07 19:34:23 | 000,000,000 | ---D | M] (att.net Toolbar) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/18 17:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/05/18 17:16:58 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}(2)
[2012/05/18 17:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2012/05/18 17:16:58 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}(2)
[2011/04/11 17:10:34 | 000,000,000 | ---D | M] (Acunetix Web Scanner (Free Edition)) -- C:\Documents and Settings\RayRay\Application Data\Mozilla\Firefox\Profiles\s9fukuj6.default\extensions\acunetixwebscanner@attila.gerendi
[2012/02/10 11:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/10 11:40:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/08 17:07:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/18 10:49:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/29 14:33:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/29 14:33:46 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/18 11:00:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-9541066-2834051161-270261326-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellCleanup] c:\dell\winclean.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-9541066-2834051161-270261326-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-9541066-2834051161-270261326-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-9541066-2834051161-270261326-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-9541066-2834051161-270261326-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295454096651 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1830866F-6A4D-4D74-BBD8-91403669ADFA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 21:33:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RayRay\Desktop\OTL.exe
[2012/05/18 20:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/18 20:32:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/18 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/18 20:30:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\RayRay\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/18 18:18:47 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\RayRay\Desktop\tdsskiller.exe
[2012/05/18 18:15:17 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/18 18:15:17 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/18 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/05/18 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/05/18 18:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/05/18 18:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/05/18 18:04:19 | 006,254,016 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\RayRay\Desktop\NRnR.exe
[2012/05/18 17:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/18 17:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/05/18 17:39:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/18 17:37:33 | 000,944,264 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\RayRay\Desktop\SkypeSetup.exe
[2012/05/18 17:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Start Menu\Programs\IETester
[2012/05/18 17:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\magent_firecheckout
[2012/05/18 17:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Aman Software
[2012/05/18 17:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/05/18 17:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\template
[2012/05/18 17:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/05/18 17:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\Brush_Set_28___Birds_by_punksafetypin
[2012/05/18 17:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\Wood_Patterns
[2012/05/18 17:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\WinMTR-v092
[2012/05/18 17:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\WebCruiserPro
[2012/05/18 17:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\kldetector13
[2012/05/18 17:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\ICOFormat-1.6f9-win
[2012/05/18 17:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2012/05/18 17:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/18 17:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2012/05/18 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/05/18 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/05/18 17:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/18 17:16:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\Yahoo!
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Local Settings\Application Data\tific
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\Tific
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\LivePerson
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\AVG
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Local Settings\Application Data\ATTYToolbar
[2012/05/18 17:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Acunetix
[2012/05/18 17:14:11 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/05/18 17:14:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/18 17:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Test
[2012/05/18 17:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/05/18 17:14:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/18 16:18:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/05/18 14:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/18 14:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/05/18 13:15:38 | 000,000,000 | ---D | C] -- C:\RECYCLER(3)
[2012/05/18 10:51:53 | 000,000,000 | ---D | C] -- C:\cmdcons(2)
[2012/05/18 09:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Skype(3)
[2012/05/17 22:44:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8(2)
[2012/05/17 14:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Skype(2)
[2012/05/17 10:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
[2012/05/17 10:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2012/05/16 22:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\Wise Registry Cleaner
[2012/05/16 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012/05/16 21:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/16 20:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Application Data\ElevatedDiagnostics
[2012/05/16 12:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 10:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/05/15 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\My Documents\Fiddler2
[2012/05/15 16:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2012/05/11 15:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\wendy-lp-std-medium
[2012/05/11 14:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/05/10 18:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\Desktop\New Folder
[2012/05/08 18:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\My Documents\retrobabyEmail-Finals
[2012/05/02 16:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RayRay\My Documents\newdir
[2012/04/25 08:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 21:33:13 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RayRay\Desktop\OTL.exe
[2012/05/18 20:32:07 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 20:30:58 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\RayRay\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/18 20:26:51 | 000,065,172 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2012/05/18 20:26:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\RayRay\Local Settings\Application Data\WavXMapDrive.bat
[2012/05/18 20:26:47 | 000,048,734 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/05/18 20:26:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/18 20:26:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 20:25:51 | 3479,060,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 20:24:49 | 000,588,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\Cat.DB
[2012/05/18 18:21:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\omc7qsvx.exe
[2012/05/18 18:18:47 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\RayRay\Desktop\tdsskiller.exe
[2012/05/18 18:15:17 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/18 18:15:17 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/18 18:15:17 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/18 18:15:17 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/18 18:15:14 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/05/18 18:04:27 | 006,254,016 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\RayRay\Desktop\NRnR.exe
[2012/05/18 17:54:35 | 000,522,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/18 17:51:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 17:48:58 | 000,598,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/18 17:48:58 | 000,138,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/18 17:39:22 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/18 17:37:35 | 000,944,264 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\RayRay\Desktop\SkypeSetup.exe
[2012/05/18 15:57:24 | 000,597,275 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Cat.DB
[2012/05/18 15:55:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/18 11:00:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/17 15:36:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\RayRay\defogger_reenable
[2012/05/16 18:26:55 | 000,048,734 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/05/16 15:12:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\RayRay\Application Data\winscp.rnd
[2012/05/15 09:13:06 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\RayRay\My Documents\NSR_fairpricehosting.net_2012-05-15(1).csv
[2012/05/15 09:11:32 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\RayRay\My Documents\NSR_fairpricehosting.com_2012-05-15(1).csv
[2012/05/14 12:15:34 | 000,898,048 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\Scrap.shs
[2012/05/11 15:33:50 | 000,050,006 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\wendy-lp-std-medium.zip
[2012/05/11 13:29:12 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\RayRay\My Documents\Default.rdp
[2012/05/11 10:23:09 | 000,029,131 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\SUB.csv
[2012/05/10 18:50:29 | 000,029,948 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\subscribers.csv
[2012/05/08 18:37:00 | 002,510,185 | ---- | M] () -- C:\Documents and Settings\RayRay\My Documents\retrobabyEmail-Finals.zip
[2012/05/01 22:10:58 | 008,106,249 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\localtit2.zip
[2012/05/01 22:07:36 | 008,110,211 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\localtit2.csv
[2012/05/01 22:05:47 | 008,108,864 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\localtit.csv.zip
[2012/04/27 21:12:23 | 005,358,862 | ---- | M] () -- C:\Documents and Settings\RayRay\Desktop\gnomes.eps
[2012/04/18 23:41:32 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\isolate.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 20:32:07 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 18:21:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\omc7qsvx.exe
[2012/05/18 18:15:17 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/18 18:15:17 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/18 18:15:14 | 000,002,237 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/05/18 17:39:22 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/18 17:19:04 | 3479,060,480 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/17 15:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\RayRay\defogger_reenable
[2012/05/15 09:13:06 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\RayRay\My Documents\NSR_fairpricehosting.net_2012-05-15(1).csv
[2012/05/15 09:11:24 | 000,002,058 | ---- | C] () -- C:\Documents and Settings\RayRay\My Documents\NSR_fairpricehosting.com_2012-05-15(1).csv
[2012/05/11 16:04:54 | 001,383,576 | ---- | C] () -- C:\Documents and Settings\RayRay\My Documents\_MG_7775.jpg
[2012/05/11 16:00:33 | 001,219,343 | ---- | C] () -- C:\Documents and Settings\RayRay\My Documents\_MG_7766.jpg
[2012/05/11 15:33:49 | 000,050,006 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\wendy-lp-std-medium.zip
[2012/05/11 13:29:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\RayRay\My Documents\Default.rdp
[2012/05/11 10:23:09 | 000,029,131 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\SUB.csv
[2012/05/10 12:14:28 | 000,029,948 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\subscribers.csv
[2012/05/08 18:37:43 | 002,510,185 | ---- | C] () -- C:\Documents and Settings\RayRay\My Documents\retrobabyEmail-Finals.zip
[2012/05/07 08:59:00 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/01 22:10:57 | 008,106,249 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\localtit2.zip
[2012/05/01 22:07:36 | 008,110,211 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\localtit2.csv
[2012/05/01 22:05:47 | 008,108,864 | ---- | C] () -- C:\Documents and Settings\RayRay\Desktop\localtit.csv.zip
[2012/02/17 12:51:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 11:25:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 21:12:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 21:12:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 21:12:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 21:12:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/14 21:12:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/14 20:21:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 11:02:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\RayRay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 18:17:07 | 000,053,524 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/14 09:54:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/09 20:31:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/21 13:51:23 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/21 13:51:23 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\90AED82D59.sys
[2011/04/11 17:09:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/02/24 16:30:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\RayRay\Application Data\winscp.rnd
[2011/02/09 12:06:39 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\RayRay\Local Settings\Application Data\fusioncache.dat
[2011/02/09 11:56:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/02/09 11:56:07 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/02/09 11:55:05 | 000,000,694 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/01/31 17:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/19 21:34:46 | 000,108,336 | ---- | C] () -- C:\Program Files\Photoshop CS4 Lisez-moi.pdf
[2011/01/19 21:34:46 | 000,103,148 | ---- | C] () -- C:\Program Files\Lame de Photoshop CS4.pdf
[2011/01/19 21:34:46 | 000,065,686 | ---- | C] () -- C:\Program Files\Photoshop CS4 Read Me.pdf
[2011/01/19 18:03:10 | 000,196,140 | ---- | C] () -- C:\Program Files\Dreamweaver CS4 Lisez-moi.pdf
[2011/01/19 18:03:10 | 000,186,678 | ---- | C] () -- C:\Program Files\Lame de Dreamweaver CS4.pdf
[2011/01/19 18:03:10 | 000,084,227 | ---- | C] () -- C:\Program Files\Dreamweaver CS4 Read Me.pdf
[2011/01/19 13:14:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\RayRay\Local Settings\Application Data\WavXMapDrive.bat
[2011/01/19 13:09:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/01/19 13:00:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/01/19 13:00:23 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/01/19 13:00:23 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/01/19 12:56:46 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2011/01/19 12:56:46 | 000,206,216 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
[2011/01/19 12:56:36 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2011/01/19 12:43:17 | 000,048,734 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/01/14 20:43:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2011/01/14 20:42:58 | 001,589,414 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/14 20:38:34 | 000,001,157 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Files - Unicode (All) ==========
[2011/08/02 19:57:55 | 000,000,017 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\燈
[2011/08/02 19:57:55 | 000,000,017 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\燈

< End of report >

#15 christopherw

christopherw
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 18 May 2012 - 08:51 PM

btw: that redirect is still happening. I really hope I don't have to format the harddrive and do a fresh install. Anyway of telling if this is a tcp/ip virus that is somehow triggered by the http_user_agent? i.e. Google, Bing, Yahoo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users