Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Success/Failure Audits with Logon/Logoff attempts


  • Please log in to reply
8 replies to this topic

#1 TripleInstance

TripleInstance

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 26 July 2012 - 11:24 AM

*Windows XP, SP3, fully updated
*Running Norton 360, fully updated, firewalled
*Motorola Modem (SB5100, Surfboard cable modem)

In my event viewer I am seeing many policy changes, Privilege use changes, and logon/logoff attempts.

Some examples are:

Many logon/logoff attempts
Failure audits for logon failures (bad user name or password)
Attempts to change my logon password
Failure Audits for attempting to log in under my account
Success Audits for Anonymous login
Logon processes being trusted to submit logon requests
Notification packages being activated to submit password or account changes

These all occur within 1 minute and happen just after I login to Windows. Is this a trojan or a rootkit? Not too sure what is going on here but I feel like someone is accessing my computer.


I have scanned using Norton 360 and Norton Power Eraser, Malwarebytes, Trend Micro Housecall in safe mode and nothing has come up. I have used Microsoft Security Analyzer to 2.2 to try and find issues - none has come up.

I ran a rootkit revealer (www.sysinternals.com) and received some suspicious registry entries (data mismatch between windows API and raw hive data and Key name contains embedded nulss) these fall under HKLM\security\policy\secrets\sac* and HKLM\software\microsoft\DbgagD\1* and some cookies that are hidden from windows api and the directory index.

Any help would be appreciated,

Thanks,

Len.

Edited by hamluis, 26 July 2012 - 12:01 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:10:56 PM

Posted 29 July 2012 - 07:02 PM

Hello TripleInstance and welcome to Bleeping Computer! :thumbup2: My name is swagger and I'll be assisting you.

Please follow the directions below, asking any questions before you proceed if you do not understand something completely.

::TDSS Killer::

Download the TDSS Killer and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.7.48.0).
  • Double-click on TDSSKiller.exe to run it.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan.
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan result - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
::ESET Online Scanner::

Please run a free online scan with the ESET Online Scanner.
  • Tick the box next to Yes, I accept the Terms of Use.
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan Archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    (NOTE: If Eset doesn't find any threats, it will NOT produce any log.)
::MiniToolBox::

Download MiniToolBox and save it to your

Desktop.

  • Double-click MiniToolBox.exe to run it.
  • Check mark the following boxes:

    Report IE Proxy Settings
    Report FF Proxy Settings
    List content of Hosts
    List IP Configuration
    List Winsock entries
    List last 10 Event Viewer Errors
    List Installed Programs
    List Devices (Only problems)
    List Users, Partitions and Memory size.

  • Click the Go button and post the log file (Result.txt).

    (NOTE: The Result.txt should appear when the program completes. If the log does not automatically

    appear it should be on your desktop or in the folder the file was downloaded to.)
regards,

swagger

#3 TripleInstance

TripleInstance
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 29 July 2012 - 08:34 PM

Thanks for the tips,

Eset online scanner didn't find anything. Here is the TDSkiller file and the Minitoolbox file...



21:26:00.0515 1016 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:26:02.0031 1016 ============================================================
21:26:02.0031 1016 Current date / time: 2012/07/29 21:26:02.0031
21:26:02.0031 1016 SystemInfo:
21:26:02.0031 1016
21:26:02.0031 1016 OS Version: 5.1.2600 ServicePack: 3.0
21:26:02.0031 1016 Product type: Workstation
21:26:02.0031 1016 ComputerName: LEN-UW5UVYXACQQ
21:26:02.0031 1016 UserName: Len
21:26:02.0031 1016 Windows directory: C:\WINDOWS
21:26:02.0031 1016 System windows directory: C:\WINDOWS
21:26:02.0031 1016 Processor architecture: Intel x86
21:26:02.0031 1016 Number of processors: 1
21:26:02.0031 1016 Page size: 0x1000
21:26:02.0031 1016 Boot type: Normal boot
21:26:02.0031 1016 ============================================================
21:26:02.0812 1016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
21:26:02.0812 1016 ============================================================
21:26:02.0812 1016 \Device\Harddisk0\DR0:
21:26:02.0812 1016 MBR partitions:
21:26:02.0812 1016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706981
21:26:02.0812 1016 ============================================================
21:26:02.0828 1016 C: <-> \Device\Harddisk0\DR0\Partition0
21:26:02.0828 1016 ============================================================
21:26:02.0828 1016 Initialize success
21:26:02.0828 1016 ============================================================
21:26:22.0937 3824 ============================================================
21:26:22.0937 3824 Scan started
21:26:22.0937 3824 Mode: Manual;
21:26:22.0937 3824 ============================================================
21:26:24.0187 3824 04293766 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\04293766.sys
21:26:24.0203 3824 04293766 - ok
21:26:24.0218 3824 Abiosdsk - ok
21:26:24.0234 3824 abp480n5 - ok
21:26:24.0250 3824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:26:24.0265 3824 ACPI - ok
21:26:24.0296 3824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:26:24.0312 3824 ACPIEC - ok
21:26:24.0375 3824 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:26:24.0375 3824 AdobeFlashPlayerUpdateSvc - ok
21:26:24.0390 3824 adpu160m - ok
21:26:24.0421 3824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:26:24.0421 3824 aec - ok
21:26:24.0484 3824 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:26:24.0484 3824 AFD - ok
21:26:24.0500 3824 Aha154x - ok
21:26:24.0515 3824 aic78u2 - ok
21:26:24.0531 3824 aic78xx - ok
21:26:24.0578 3824 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:26:24.0578 3824 Alerter - ok
21:26:24.0609 3824 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:26:24.0609 3824 ALG - ok
21:26:24.0625 3824 AliIde - ok
21:26:24.0656 3824 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:26:24.0656 3824 AmdK7 - ok
21:26:24.0671 3824 amsint - ok
21:26:24.0734 3824 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:26:24.0734 3824 Apple Mobile Device - ok
21:26:24.0750 3824 AppMgmt - ok
21:26:24.0781 3824 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:26:24.0781 3824 Arp1394 - ok
21:26:24.0796 3824 asc - ok
21:26:24.0796 3824 asc3350p - ok
21:26:24.0812 3824 asc3550 - ok
21:26:24.0906 3824 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:26:24.0906 3824 aspnet_state - ok
21:26:24.0937 3824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:26:24.0937 3824 AsyncMac - ok
21:26:24.0953 3824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:26:24.0953 3824 atapi - ok
21:26:24.0968 3824 Atdisk - ok
21:26:25.0015 3824 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe
21:26:25.0031 3824 Ati HotKey Poller - ok
21:26:25.0093 3824 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe
21:26:25.0109 3824 ATI Smart - ok
21:26:25.0281 3824 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:26:25.0312 3824 ati2mtag - ok
21:26:25.0390 3824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:26:25.0406 3824 Atmarpc - ok
21:26:25.0437 3824 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:26:25.0437 3824 AudioSrv - ok
21:26:25.0468 3824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:26:25.0468 3824 audstub - ok
21:26:25.0515 3824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:26:25.0531 3824 Beep - ok
21:26:25.0640 3824 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
21:26:25.0640 3824 BHDrvx86 - ok
21:26:25.0687 3824 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:26:25.0718 3824 BITS - ok
21:26:25.0796 3824 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:26:25.0796 3824 Bonjour Service - ok
21:26:25.0859 3824 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:26:25.0875 3824 Browser - ok
21:26:25.0906 3824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:26:25.0906 3824 cbidf2k - ok
21:26:25.0968 3824 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys
21:26:25.0968 3824 ccSet_N360 - ok
21:26:26.0000 3824 cd20xrnt - ok
21:26:26.0000 3824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:26:26.0015 3824 Cdaudio - ok
21:26:26.0062 3824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:26:26.0062 3824 Cdfs - ok
21:26:26.0078 3824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:26:26.0078 3824 Cdrom - ok
21:26:26.0093 3824 Changer - ok
21:26:26.0140 3824 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:26:26.0140 3824 cisvc - ok
21:26:26.0156 3824 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:26:26.0156 3824 ClipSrv - ok
21:26:26.0250 3824 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:26:26.0250 3824 clr_optimization_v2.0.50727_32 - ok
21:26:26.0312 3824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:26:26.0328 3824 clr_optimization_v4.0.30319_32 - ok
21:26:26.0328 3824 CmdIde - ok
21:26:26.0343 3824 COMSysApp - ok
21:26:26.0375 3824 Cpqarray - ok
21:26:26.0421 3824 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:26:26.0421 3824 CryptSvc - ok
21:26:26.0437 3824 dac2w2k - ok
21:26:26.0453 3824 dac960nt - ok
21:26:26.0515 3824 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:26:26.0515 3824 DcomLaunch - ok
21:26:26.0546 3824 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:26:26.0562 3824 Dhcp - ok
21:26:26.0578 3824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:26:26.0578 3824 Disk - ok
21:26:26.0593 3824 dmadmin - ok
21:26:26.0625 3824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:26:26.0656 3824 dmboot - ok
21:26:26.0687 3824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:26:26.0703 3824 dmio - ok
21:26:26.0718 3824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:26:26.0718 3824 dmload - ok
21:26:26.0765 3824 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:26:26.0765 3824 dmserver - ok
21:26:26.0781 3824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:26:26.0781 3824 DMusic - ok
21:26:26.0828 3824 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:26:26.0828 3824 Dnscache - ok
21:26:26.0859 3824 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:26:26.0875 3824 Dot3svc - ok
21:26:26.0875 3824 dpti2o - ok
21:26:26.0890 3824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:26:26.0890 3824 drmkaud - ok
21:26:26.0906 3824 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:26:26.0906 3824 EapHost - ok
21:26:27.0000 3824 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:26:27.0015 3824 eeCtrl - ok
21:26:27.0046 3824 EL90Xbc (b61eaf446adf55cc0d0d5c5bbd3d1cae) C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
21:26:27.0046 3824 EL90Xbc - ok
21:26:27.0078 3824 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:26:27.0078 3824 EraserUtilRebootDrv - ok
21:26:27.0125 3824 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:26:27.0125 3824 ERSvc - ok
21:26:27.0187 3824 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:26:27.0187 3824 Eventlog - ok
21:26:27.0250 3824 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:26:27.0250 3824 EventSystem - ok
21:26:27.0281 3824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:26:27.0281 3824 Fastfat - ok
21:26:27.0359 3824 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:26:27.0375 3824 FastUserSwitchingCompatibility - ok
21:26:27.0390 3824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:26:27.0390 3824 Fdc - ok
21:26:27.0406 3824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:26:27.0406 3824 Fips - ok
21:26:27.0437 3824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:26:27.0437 3824 Flpydisk - ok
21:26:27.0453 3824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:26:27.0453 3824 FltMgr - ok
21:26:27.0546 3824 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:26:27.0546 3824 FontCache3.0.0.0 - ok
21:26:27.0578 3824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:26:27.0578 3824 Fs_Rec - ok
21:26:27.0609 3824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:26:27.0609 3824 Ftdisk - ok
21:26:27.0625 3824 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:26:27.0625 3824 gameenum - ok
21:26:27.0640 3824 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:26:27.0640 3824 GEARAspiWDM - ok
21:26:27.0703 3824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:26:27.0703 3824 Gpc - ok
21:26:27.0765 3824 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:26:27.0781 3824 helpsvc - ok
21:26:27.0781 3824 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:26:27.0796 3824 HidServ - ok
21:26:27.0812 3824 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:26:27.0812 3824 hidusb - ok
21:26:27.0828 3824 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:26:27.0843 3824 hkmsvc - ok
21:26:27.0843 3824 hpn - ok
21:26:27.0859 3824 hpt3xx - ok
21:26:27.0921 3824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:26:27.0921 3824 HTTP - ok
21:26:27.0953 3824 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:26:27.0953 3824 HTTPFilter - ok
21:26:27.0968 3824 i2omgmt - ok
21:26:27.0984 3824 i2omp - ok
21:26:28.0000 3824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:26:28.0000 3824 i8042prt - ok
21:26:28.0078 3824 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:26:28.0093 3824 idsvc - ok
21:26:28.0250 3824 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120727.001\IDSxpx86.sys
21:26:28.0250 3824 IDSxpx86 - ok
21:26:28.0500 3824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:26:28.0500 3824 Imapi - ok
21:26:28.0515 3824 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:26:28.0515 3824 ImapiService - ok
21:26:28.0531 3824 ini910u - ok
21:26:28.0562 3824 IntelIde - ok
21:26:28.0593 3824 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:26:28.0593 3824 ip6fw - ok
21:26:28.0609 3824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:26:28.0609 3824 IpFilterDriver - ok
21:26:28.0625 3824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:26:28.0625 3824 IpInIp - ok
21:26:28.0656 3824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:26:28.0656 3824 IpNat - ok
21:26:28.0750 3824 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:26:28.0765 3824 iPod Service - ok
21:26:28.0781 3824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:26:28.0781 3824 IPSec - ok
21:26:28.0812 3824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:26:28.0812 3824 IRENUM - ok
21:26:28.0843 3824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:26:28.0843 3824 isapnp - ok
21:26:28.0906 3824 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:26:28.0906 3824 JavaQuickStarterService - ok
21:26:28.0921 3824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:26:28.0937 3824 Kbdclass - ok
21:26:28.0953 3824 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:26:28.0953 3824 kbdhid - ok
21:26:28.0984 3824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:26:28.0984 3824 kmixer - ok
21:26:29.0015 3824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:26:29.0031 3824 KSecDD - ok
21:26:29.0109 3824 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:26:29.0109 3824 lanmanserver - ok
21:26:29.0140 3824 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:26:29.0140 3824 lanmanworkstation - ok
21:26:29.0156 3824 lbrtfdc - ok
21:26:29.0203 3824 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:26:29.0203 3824 LmHosts - ok
21:26:29.0296 3824 McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe
21:26:29.0296 3824 McComponentHostService - ok
21:26:29.0328 3824 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:26:29.0328 3824 Messenger - ok
21:26:29.0359 3824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:26:29.0359 3824 mnmdd - ok
21:26:29.0390 3824 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:26:29.0390 3824 mnmsrvc - ok
21:26:29.0421 3824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:26:29.0421 3824 Modem - ok
21:26:29.0437 3824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:26:29.0437 3824 Mouclass - ok
21:26:29.0468 3824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:26:29.0468 3824 mouhid - ok
21:26:29.0484 3824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:26:29.0484 3824 MountMgr - ok
21:26:29.0500 3824 mraid35x - ok
21:26:29.0531 3824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:26:29.0531 3824 MRxDAV - ok
21:26:29.0562 3824 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:26:29.0578 3824 MRxSmb - ok
21:26:29.0625 3824 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:26:29.0625 3824 MSDTC - ok
21:26:29.0640 3824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:26:29.0640 3824 Msfs - ok
21:26:29.0656 3824 MSIServer - ok
21:26:29.0687 3824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:26:29.0687 3824 MSKSSRV - ok
21:26:29.0703 3824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:26:29.0703 3824 MSPCLOCK - ok
21:26:29.0718 3824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:26:29.0718 3824 MSPQM - ok
21:26:29.0734 3824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:26:29.0734 3824 mssmbios - ok
21:26:29.0781 3824 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:26:29.0781 3824 ms_mpu401 - ok
21:26:29.0828 3824 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:26:29.0828 3824 Mup - ok
21:26:29.0921 3824 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
21:26:29.0921 3824 N360 - ok
21:26:29.0953 3824 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:26:29.0953 3824 napagent - ok
21:26:30.0031 3824 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120727.033\NAVENG.SYS
21:26:30.0046 3824 NAVENG - ok
21:26:30.0125 3824 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120727.033\NAVEX15.SYS
21:26:30.0156 3824 NAVEX15 - ok
21:26:30.0250 3824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:26:30.0265 3824 NDIS - ok
21:26:30.0312 3824 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:26:30.0312 3824 NdisTapi - ok
21:26:30.0328 3824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:26:30.0328 3824 Ndisuio - ok
21:26:30.0343 3824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:26:30.0343 3824 NdisWan - ok
21:26:30.0390 3824 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:26:30.0390 3824 NDProxy - ok
21:26:30.0406 3824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:26:30.0421 3824 NetBIOS - ok
21:26:30.0453 3824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:26:30.0468 3824 NetBT - ok
21:26:30.0500 3824 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:26:30.0515 3824 NetDDE - ok
21:26:30.0515 3824 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:26:30.0531 3824 NetDDEdsdm - ok
21:26:30.0562 3824 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:26:30.0562 3824 Netlogon - ok
21:26:30.0593 3824 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:26:30.0593 3824 Netman - ok
21:26:30.0687 3824 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:26:30.0703 3824 NetTcpPortSharing - ok
21:26:30.0718 3824 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:26:30.0734 3824 NIC1394 - ok
21:26:30.0781 3824 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:26:30.0781 3824 Nla - ok
21:26:30.0796 3824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:26:30.0796 3824 Npfs - ok
21:26:30.0843 3824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:26:30.0859 3824 Ntfs - ok
21:26:30.0875 3824 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:26:30.0875 3824 NtLmSsp - ok
21:26:30.0906 3824 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:26:30.0906 3824 NtmsSvc - ok
21:26:30.0937 3824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:26:30.0937 3824 Null - ok
21:26:30.0984 3824 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
21:26:30.0984 3824 nvax - ok
21:26:31.0015 3824 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
21:26:31.0015 3824 NVENET - ok
21:26:31.0046 3824 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
21:26:31.0062 3824 nvnforce - ok
21:26:31.0109 3824 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
21:26:31.0109 3824 nv_agp - ok
21:26:31.0140 3824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:26:31.0140 3824 NwlnkFlt - ok
21:26:31.0171 3824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:26:31.0171 3824 NwlnkFwd - ok
21:26:31.0218 3824 NYOV - ok
21:26:31.0250 3824 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:26:31.0250 3824 ohci1394 - ok
21:26:31.0265 3824 OLA - ok
21:26:31.0296 3824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:26:31.0296 3824 Parport - ok
21:26:31.0312 3824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:26:31.0312 3824 PartMgr - ok
21:26:31.0343 3824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:26:31.0343 3824 ParVdm - ok
21:26:31.0359 3824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:26:31.0359 3824 PCI - ok
21:26:31.0375 3824 PCIDump - ok
21:26:31.0406 3824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:26:31.0406 3824 PCIIde - ok
21:26:31.0421 3824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:26:31.0437 3824 Pcmcia - ok
21:26:31.0437 3824 PDCOMP - ok
21:26:31.0453 3824 PDFRAME - ok
21:26:31.0468 3824 PDRELI - ok
21:26:31.0484 3824 PDRFRAME - ok
21:26:31.0500 3824 perc2 - ok
21:26:31.0515 3824 perc2hib - ok
21:26:31.0562 3824 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:26:31.0578 3824 PlugPlay - ok
21:26:31.0593 3824 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:26:31.0593 3824 PolicyAgent - ok
21:26:31.0609 3824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:26:31.0609 3824 PptpMiniport - ok
21:26:31.0640 3824 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:26:31.0640 3824 Processor - ok
21:26:31.0656 3824 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:26:31.0656 3824 ProtectedStorage - ok
21:26:31.0671 3824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:26:31.0671 3824 PSched - ok
21:26:31.0703 3824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:26:31.0703 3824 Ptilink - ok
21:26:31.0718 3824 ql1080 - ok
21:26:31.0734 3824 Ql10wnt - ok
21:26:31.0750 3824 ql12160 - ok
21:26:31.0750 3824 ql1240 - ok
21:26:31.0765 3824 ql1280 - ok
21:26:31.0781 3824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:26:31.0781 3824 RasAcd - ok
21:26:31.0812 3824 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:26:31.0812 3824 RasAuto - ok
21:26:31.0843 3824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:26:31.0843 3824 Rasl2tp - ok
21:26:31.0875 3824 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:26:31.0875 3824 RasMan - ok
21:26:31.0890 3824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:26:31.0890 3824 RasPppoe - ok
21:26:31.0921 3824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:26:31.0921 3824 Raspti - ok
21:26:31.0953 3824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:26:31.0953 3824 Rdbss - ok
21:26:31.0968 3824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:26:31.0968 3824 RDPCDD - ok
21:26:32.0031 3824 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:26:32.0031 3824 RDPWD - ok
21:26:32.0062 3824 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:26:32.0078 3824 RDSessMgr - ok
21:26:32.0093 3824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:26:32.0093 3824 redbook - ok
21:26:32.0125 3824 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:26:32.0125 3824 RemoteAccess - ok
21:26:32.0140 3824 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:26:32.0156 3824 RpcLocator - ok
21:26:32.0187 3824 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:26:32.0203 3824 RpcSs - ok
21:26:32.0234 3824 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:26:32.0234 3824 RSVP - ok
21:26:32.0250 3824 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:26:32.0250 3824 SamSs - ok
21:26:32.0281 3824 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:26:32.0281 3824 SCardSvr - ok
21:26:32.0312 3824 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:26:32.0328 3824 Schedule - ok
21:26:32.0359 3824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:26:32.0359 3824 Secdrv - ok
21:26:32.0390 3824 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:26:32.0390 3824 seclogon - ok
21:26:32.0421 3824 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:26:32.0421 3824 SENS - ok
21:26:32.0437 3824 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:26:32.0437 3824 serenum - ok
21:26:32.0453 3824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:26:32.0453 3824 Serial - ok
21:26:32.0500 3824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:26:32.0500 3824 Sfloppy - ok
21:26:32.0531 3824 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:26:32.0546 3824 SharedAccess - ok
21:26:32.0593 3824 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:26:32.0593 3824 ShellHWDetection - ok
21:26:32.0640 3824 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
21:26:32.0656 3824 SI3112r - ok
21:26:32.0687 3824 Si3114r5 (09889d435edc82435b18c7c311fe5721) C:\WINDOWS\system32\drivers\Si3114r5.sys
21:26:32.0703 3824 Si3114r5 - ok
21:26:32.0750 3824 SiFilter (46b92189fe4db53a09e3a0099aa3084c) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
21:26:32.0750 3824 SiFilter - ok
21:26:32.0765 3824 Simbad - ok
21:26:32.0781 3824 SiRemFil (b688378d258d1ecce4768cdb55d48d92) C:\WINDOWS\system32\drivers\SiRemFil.sys
21:26:32.0781 3824 SiRemFil - ok
21:26:32.0796 3824 SiWinAcc (46b92189fe4db53a09e3a0099aa3084c) C:\WINDOWS\system32\drivers\SiWinAcc.sys
21:26:32.0796 3824 SiWinAcc - ok
21:26:32.0812 3824 Sparrow - ok
21:26:32.0843 3824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:26:32.0843 3824 splitter - ok
21:26:32.0875 3824 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:26:32.0875 3824 Spooler - ok
21:26:32.0921 3824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
21:26:32.0937 3824 sr - ok
21:26:32.0968 3824 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:26:32.0968 3824 srservice - ok
21:26:33.0062 3824 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602010.005\SRTSP.SYS
21:26:33.0062 3824 SRTSP - ok
21:26:33.0093 3824 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS
21:26:33.0093 3824 SRTSPX - ok
21:26:33.0125 3824 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:26:33.0140 3824 Srv - ok
21:26:33.0171 3824 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:26:33.0171 3824 SSDPSRV - ok
21:26:33.0203 3824 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:26:33.0218 3824 stisvc - ok
21:26:33.0234 3824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:26:33.0234 3824 swenum - ok
21:26:33.0281 3824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:26:33.0281 3824 swmidi - ok
21:26:33.0281 3824 SwPrv - ok
21:26:33.0296 3824 symc810 - ok
21:26:33.0312 3824 symc8xx - ok
21:26:33.0343 3824 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS
21:26:33.0359 3824 SymDS - ok
21:26:33.0406 3824 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS
21:26:33.0437 3824 SymEFA - ok
21:26:33.0468 3824 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:26:33.0468 3824 SymEvent - ok
21:26:33.0484 3824 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
21:26:33.0484 3824 SymIM - ok
21:26:33.0500 3824 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
21:26:33.0515 3824 SymIMMP - ok
21:26:33.0546 3824 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS
21:26:33.0546 3824 SymIRON - ok
21:26:33.0593 3824 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602010.005\SYMTDI.SYS
21:26:33.0593 3824 SYMTDI - ok
21:26:33.0609 3824 sym_hi - ok
21:26:33.0625 3824 sym_u3 - ok
21:26:33.0640 3824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:26:33.0640 3824 sysaudio - ok
21:26:33.0671 3824 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:26:33.0671 3824 SysmonLog - ok
21:26:33.0703 3824 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:26:33.0703 3824 TapiSrv - ok
21:26:33.0750 3824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:26:33.0765 3824 Tcpip - ok
21:26:33.0781 3824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:26:33.0781 3824 TDPIPE - ok
21:26:33.0796 3824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:26:33.0796 3824 TDTCP - ok
21:26:33.0828 3824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:26:33.0828 3824 TermDD - ok
21:26:33.0859 3824 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:26:33.0859 3824 TermService - ok
21:26:33.0906 3824 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:26:33.0906 3824 Themes - ok
21:26:33.0921 3824 TosIde - ok
21:26:33.0937 3824 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:26:33.0953 3824 TrkWks - ok
21:26:33.0968 3824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:26:33.0968 3824 Udfs - ok
21:26:33.0984 3824 ultra - ok
21:26:34.0015 3824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:26:34.0031 3824 Update - ok
21:26:34.0062 3824 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:26:34.0078 3824 upnphost - ok
21:26:34.0109 3824 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:26:34.0109 3824 UPS - ok
21:26:34.0140 3824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:26:34.0140 3824 usbccgp - ok
21:26:34.0171 3824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:26:34.0171 3824 usbehci - ok
21:26:34.0187 3824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:26:34.0187 3824 usbhub - ok
21:26:34.0203 3824 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:26:34.0203 3824 usbohci - ok
21:26:34.0265 3824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:26:34.0265 3824 usbprint - ok
21:26:34.0281 3824 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:26:34.0281 3824 usbscan - ok
21:26:34.0312 3824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:26:34.0312 3824 USBSTOR - ok
21:26:34.0343 3824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:26:34.0343 3824 VgaSave - ok
21:26:34.0359 3824 ViaIde - ok
21:26:34.0406 3824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:26:34.0406 3824 VolSnap - ok
21:26:34.0437 3824 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:26:34.0453 3824 VSS - ok
21:26:34.0484 3824 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:26:34.0500 3824 W32Time - ok
21:26:34.0515 3824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:26:34.0515 3824 Wanarp - ok
21:26:34.0531 3824 WDC_SAM - ok
21:26:34.0546 3824 WDICA - ok
21:26:34.0593 3824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:26:34.0609 3824 wdmaud - ok
21:26:34.0625 3824 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:26:34.0625 3824 WebClient - ok
21:26:34.0687 3824 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:26:34.0703 3824 winmgmt - ok
21:26:34.0750 3824 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:26:34.0750 3824 WmdmPmSN - ok
21:26:34.0796 3824 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:26:34.0796 3824 WmiApSrv - ok
21:26:34.0859 3824 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:26:34.0890 3824 WMPNetworkSvc - ok
21:26:34.0984 3824 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:26:35.0000 3824 WPFFontCache_v0400 - ok
21:26:35.0062 3824 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:26:35.0078 3824 wscsvc - ok
21:26:35.0125 3824 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:26:35.0140 3824 wuauserv - ok
21:26:35.0171 3824 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:26:35.0171 3824 WudfPf - ok
21:26:35.0187 3824 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:26:35.0203 3824 WudfSvc - ok
21:26:35.0250 3824 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:26:35.0265 3824 WZCSVC - ok
21:26:35.0312 3824 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:26:35.0312 3824 xmlprov - ok
21:26:35.0343 3824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:26:35.0734 3824 \Device\Harddisk0\DR0 - ok
21:26:35.0765 3824 Boot (0x1200) (d3ff5edca0ab49e680090ee20002c8da) \Device\Harddisk0\DR0\Partition0
21:26:35.0765 3824 \Device\Harddisk0\DR0\Partition0 - ok
21:26:35.0765 3824 ============================================================
21:26:35.0765 3824 Scan finished
21:26:35.0765 3824 ============================================================
21:26:35.0781 0188 Detected object count: 0
21:26:35.0781 0188 Actual detected object count: 0
21:26:46.0937 1012 Deinitialize success


MiniToolBox by Farbar Version: 23-07-2012
Ran by Len (administrator) on 29-07-2012 at 21:28:14
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



::1 localhost
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce MCP Networking Adapter = Local Area Connection (Connected)
3Com 3C920B-EMB Integrated Fast Ethernet Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : len-uw5uvyxacqq

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : 3Com 3C920B-EMB Integrated Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-26-54-13-33-BC



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : phub.net.cable.rogers.com

Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Adapter

Physical Address. . . . . . . . . : 00-0C-6E-CE-E7-13

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 99.249.252.167

Subnet Mask . . . . . . . . . . . : 255.255.254.0

Default Gateway . . . . . . . . . : 99.249.252.1

DHCP Server . . . . . . . . . . . : 99.248.188.1

DNS Servers . . . . . . . . . . . : 64.71.255.198

Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 9:12:46 PM

Lease Expires . . . . . . . . . . : Sunday, August 05, 2012 9:12:46 PM

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: google.com
Addresses: 74.125.226.41, 74.125.226.38, 74.125.226.40, 74.125.226.39
74.125.226.33, 74.125.226.32, 74.125.226.34, 74.125.226.35, 74.125.226.46
74.125.226.36, 74.125.226.37



Pinging google.com [74.125.226.65] with 32 bytes of data:



Reply from 74.125.226.65: bytes=32 time=33ms TTL=57

Reply from 74.125.226.65: bytes=32 time=38ms TTL=57



Ping statistics for 74.125.226.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 38ms, Average = 35ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=106ms TTL=54

Reply from 98.139.183.24: bytes=32 time=118ms TTL=54



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 118ms, Average = 112ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 54 13 33 bc ...... 3Com 3C920B-EMB Integrated Fast Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 0c 6e ce e7 13 ...... NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 99.249.252.1 99.249.252.167 20
99.249.252.0 255.255.254.0 99.249.252.167 99.249.252.167 20
99.249.252.167 255.255.255.255 127.0.0.1 127.0.0.1 20
99.255.255.255 255.255.255.255 99.249.252.167 99.249.252.167 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 99.249.252.167 99.249.252.167 20
224.0.0.0 240.0.0.0 99.249.252.167 99.249.252.167 20
255.255.255.255 255.255.255.255 99.249.252.167 99.249.252.167 1
255.255.255.255 255.255.255.255 99.249.252.167 2 1
Default Gateway: 99.249.252.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 00:27:51 PM) (Source: Application Error) (User: )
Description: Fault bucket -1209889631.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/26/2012 00:27:25 PM) (Source: Application Error) (User: )
Description: Faulting application NYOV.exe, version 1.71.0.0, faulting module NYOV.exe, version 1.71.0.0, fault address 0x00052490.
Processing media-specific event for [NYOV.exe!ws!]

Error: (07/25/2012 07:39:30 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/25/2012 02:51:03 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/25/2012 02:51:03 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 02:23:53 PM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 3.3.9556.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/13/2012 05:45:38 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (07/29/2012 09:12:44 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.100.11 for the Network Card with network address 000C6ECEE713 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/27/2012 04:40:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.100.11 for the Network Card with network address 000C6ECEE713 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/27/2012 04:37:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/27/2012 03:58:44 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/27/2012 03:58:35 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/27/2012 03:58:35 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/27/2012 03:52:54 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service McComponentHostService with arguments ""
in order to run the server:
{CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

Error: (07/27/2012 03:52:49 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service McComponentHostService with arguments ""
in order to run the server:
{CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

Error: (07/27/2012 03:52:49 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service McComponentHostService with arguments ""
in order to run the server:
{CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

Error: (07/27/2012 03:52:44 PM) (Source: DCOM) (User: LEN-UW5UVYXACQQ)
Description: DCOM got error "%%1084" attempting to start the service McComponentHostService with arguments ""
in order to run the server:
{CC6F4D12-8575-4CFF-9455-CF5774AEB13B}


Microsoft Office Sessions:
=========================
Error: (07/26/2012 00:27:51 PM) (Source: Application Error)(User: )
Description: -1209889631

Error: (07/26/2012 00:27:25 PM) (Source: Application Error)(User: )
Description: NYOV.exe1.71.0.0NYOV.exe1.71.0.000052490

Error: (07/25/2012 07:39:30 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/25/2012 07:39:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (07/25/2012 02:51:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/25/2012 02:51:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 02:23:53 PM) (Source: Application Hang)(User: )
Description: soffice.bin3.3.9556.500hungapp0.0.0.000000000

Error: (06/13/2012 05:45:38 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Download Assistant (Version: 1.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.010.0210.2338)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
ccc-core-preinstall (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ESET Online Scanner v3
ImgBurn (Version: 2.5.7.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarkBook 2011 (Version: 10.6.3)
McAfee Security Scan Plus (Version: 3.0.271.4)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton 360 (Version: 6.2.1.5)
Norton Bootable Recovery Tool Wizard (Version: 5.0.0.90)
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
OpenOffice.org 3.3 (Version: 3.3.9567)
PDF Settings CS5 (Version: 10.0)
QuickTime (Version: 7.71.80.42)
Skins (Version: 2010.0210.2339.42455)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Vuze (Version: 4.7)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Xvid Video Codec (Version: 1.3.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2047.48 MB
Available physical RAM: 1366.44 MB
Total Pagefile: 5986.56 MB
Available Pagefile: 5252.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:869.17 GB) NTFS
3 Drive d: (NBRT) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LEN-UW5UVYXACQQ

Administrator ASPNET Guest
HelpAssistant Len SUPPORT_388945a0
Work Account


**** End of log ****

#4 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:10:56 PM

Posted 30 July 2012 - 06:59 AM

Hello TripleInstance,

Thanks for the tips,

No problem, happy to help!

Error: (07/26/2012 00:27:25 PM) (Source: Application Error) (User: )
Description: Faulting application NYOV.exe, version 1.71.0.0, faulting module NYOV.exe, version 1.71.0.0, fault address 0x00052490.
Processing media-specific event for [NYOV.exe!ws!]

I'm a little concerned about this file. Bare with me as I ask about this and possibly get some backup to help you out.

Do you or have you had any software made by Norman installed on your computer?

regards,

swagger

Edited by swagger, 30 July 2012 - 07:21 AM.


#5 TripleInstance

TripleInstance
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 July 2012 - 10:09 AM

My computer only has a few programs on it - and none by Norman as far as I know.

At 10:25 am this morning I had about 30 attempts to change the password for all the accounts set up on my computer Administrator, ASPNET, Guest, HelpAssistant, Len, SUPPORT_388945a0, Work Account. The password for the work account received a success audit and the password was changed. I haven't logged off my admin account since I logged on around 9am today.

Can I delete all of these accounts except my administrator and my Len account? I don't know what the others are for, nor do I use them!

#6 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:10:56 PM

Posted 30 July 2012 - 10:37 AM

Hello TripleInstance,

Standby, I am still trying to find someone to assist us. Hopefully it won't be too much longer.

regards,

swagger

#7 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:10:56 PM

Posted 30 July 2012 - 11:23 AM

Hello TripleInstance,

I have consulted with a malware removal expert and we need to perform the following steps:

::SystemLook::

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • A blank window shall open with the title "SystemLook by jpshortstuff".
  • Please copy and paste everything in the code box below into SystemLook and click the Look button.
    :filefind
    nyov.exe
    
  • A log file (SystemLook.txt) will eventually open with the results of the scan.
  • Please copy/paste the contents of the log in your next reply.
Also, please run a virus scan on nyov.exe using the VirusTotal website once the path is shown in SystemLook.txt. Instructions are below:

::VirusTotal::

Please navigate to the VirusTotal website.

  • Click the Choose File button and navigate to the location where nyov.exe is located.
  • Select nyov.exe and click the Open button.
  • Click the Scan It! button and the file will be uploaded.
  • When the file is done being uploaded, you should be take to a results page. After the scan is done, you should see a window at the top that contains results (e.g. Detection Ratio: 0/41). Please copy/paste these results along with the File name and Analysis date info.

regards,

swagger

#8 TripleInstance

TripleInstance
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 July 2012 - 12:36 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 13:14 on 30/07/2012 by Len
Administrator - Elevation successful

========== filefind ==========

Searching for "nyov.exe"
No files found.

-= EOF =-

There weren't any files named nyov.exeon my drive during this scan, but I remember my norton 360 alerting me that this file was using a good portion of the processing power. Norton submitted it but no action was taken.

I checked Norton and it was in CSIDL_PROFILE\local settings\temp\nyove.exe - but is no longer there.

Norton submitted some other files that were 'exonerated?

- WS.Trojan.H - not too sure if this file is a virus?
- Cloud.7.F

#9 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:10:56 PM

Posted 30 July 2012 - 05:31 PM

Hello TripleInstance,

I think we've reached a point where you need a deeper look from one of our malware removal experts.

Please go here....Preparation Guide and follow steps 6-9.

Create a DDS log and post it in a new topic explained in step 9 here: Virus, Trojan, Spyware, and Malware Removal Logs and NOT in this topic. Thanks!

If GMER won't run, skip it and move on.

Let me know if that went well and please post the link to your new topic here. Good luck to you! :thumbup2:

regards,

swagger




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users