Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan.Happili and Rootkit.0Access


  • Please log in to reply
19 replies to this topic

#1 cvick

cvick

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 06 November 2012 - 11:09 PM

Hey Folks -- My Norton virus protection informed me that I was infected with an attack two days ago. I ran Malwarebytes Anti-Malware which "removed" Trojan.Happili and Rootkit.0Access. My computer is continuing to run slower & slower, Internet Explorer keeps freezing up or won't load at all about two-thirds of the time and the volume & music will no longer play on the computer. Several times when I've rebooted the computer the Windows XP icon screen will not even come up, forcing me to do a manual reboot. Rescanning both Norton & Malwarebytes are coming up with a clean slate, but I know the issue is far from settled. Any sugestions on what other action I can take to remove the issue? Thanks so much!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 PM

Posted 06 November 2012 - 11:29 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 05:58 PM

TdSSKILLER Log Report:

17:51:33.0421 2044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:51:35.0421 2044 ============================================================
17:51:35.0421 2044 Current date / time: 2012/11/07 17:51:35.0421
17:51:35.0421 2044 SystemInfo:
17:51:35.0421 2044
17:51:35.0421 2044 OS Version: 5.1.2600 ServicePack: 3.0
17:51:35.0421 2044 Product type: Workstation
17:51:35.0421 2044 ComputerName: CARSONVICK
17:51:35.0421 2044 UserName: Carson Vick
17:51:35.0421 2044 Windows directory: C:\WINDOWS
17:51:35.0421 2044 System windows directory: C:\WINDOWS
17:51:35.0421 2044 Processor architecture: Intel x86
17:51:35.0421 2044 Number of processors: 1
17:51:35.0421 2044 Page size: 0x1000
17:51:35.0421 2044 Boot type: Normal boot
17:51:35.0421 2044 ============================================================
17:51:55.0578 2044 BG loaded
17:52:01.0703 2044 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:01.0828 2044 ============================================================
17:52:01.0828 2044 \Device\Harddisk0\DR0:
17:52:01.0828 2044 MBR partitions:
17:52:01.0828 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8DCF228
17:52:01.0828 2044 ============================================================
17:52:02.0250 2044 C: <-> \Device\Harddisk0\DR0\Partition1
17:52:02.0500 2044 ============================================================
17:52:02.0500 2044 Initialize success
17:52:02.0500 2044 ============================================================

#4 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 06:06 PM

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 17:59:28
-----------------------------
17:59:28.390 OS Version: Windows 5.1.2600 Service Pack 3
17:59:28.390 Number of processors: 1 586 0x401
17:59:28.390 ComputerName: CARSONVICK UserName:
17:59:30.546 Initialize success
18:03:06.265 AVAST engine defs: 12110701
18:04:49.468 The log file has been saved successfully to "C:\Documents and Settings\Carson Vick\Desktop\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 PM

Posted 07 November 2012 - 07:02 PM

Both the logs are incomplete

#6 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 08:52 PM

ESET List of Found Threats...

C:\Program Files\1ClickDownload\ocmainpack.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2012_17.34.07\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2012_17.34.07\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2012_17.34.07\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2012_17.34.07\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\opqss.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

#7 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 08:54 PM

Hmm, I'll check the first two again.

#8 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 09:00 PM

Updated TdSSKILLER Log Report:


20:56:11.0843 2304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:56:13.0843 2304 ============================================================
20:56:13.0843 2304 Current date / time: 2012/11/07 20:56:13.0843
20:56:13.0843 2304 SystemInfo:
20:56:13.0843 2304
20:56:13.0843 2304 OS Version: 5.1.2600 ServicePack: 3.0
20:56:13.0843 2304 Product type: Workstation
20:56:13.0843 2304 ComputerName: CARSONVICK
20:56:13.0843 2304 UserName: Carson Vick
20:56:13.0843 2304 Windows directory: C:\WINDOWS
20:56:13.0843 2304 System windows directory: C:\WINDOWS
20:56:13.0843 2304 Processor architecture: Intel x86
20:56:13.0875 2304 Number of processors: 1
20:56:13.0875 2304 Page size: 0x1000
20:56:13.0875 2304 Boot type: Normal boot
20:56:13.0875 2304 ============================================================
20:56:16.0125 2304 BG loaded
20:56:16.0531 2304 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:56:16.0546 2304 ============================================================
20:56:16.0546 2304 \Device\Harddisk0\DR0:
20:56:16.0562 2304 MBR partitions:
20:56:16.0562 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8DCF228
20:56:16.0562 2304 ============================================================
20:56:16.0625 2304 C: <-> \Device\Harddisk0\DR0\Partition1
20:56:16.0625 2304 ============================================================
20:56:16.0625 2304 Initialize success
20:56:16.0625 2304 ============================================================
20:56:21.0875 0240 ============================================================
20:56:21.0875 0240 Scan started
20:56:21.0875 0240 Mode: Manual;
20:56:21.0875 0240 ============================================================
20:56:23.0078 0240 ================ Scan system memory ========================
20:56:23.0078 0240 System memory - ok
20:56:23.0093 0240 ================ Scan services =============================
20:56:23.0453 0240 Abiosdsk - ok
20:56:23.0515 0240 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:56:23.0515 0240 abp480n5 - ok
20:56:23.0625 0240 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:56:23.0656 0240 ACPI - ok
20:56:23.0718 0240 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:56:23.0718 0240 ACPIEC - ok
20:56:23.0875 0240 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:23.0875 0240 AdobeFlashPlayerUpdateSvc - ok
20:56:23.0937 0240 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:56:23.0937 0240 adpu160m - ok
20:56:24.0015 0240 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:56:24.0046 0240 aec - ok
20:56:24.0093 0240 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
20:56:24.0093 0240 Afc - ok
20:56:24.0187 0240 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:56:24.0203 0240 AFD - ok
20:56:24.0265 0240 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:56:24.0265 0240 agp440 - ok
20:56:24.0312 0240 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:56:24.0328 0240 agpCPQ - ok
20:56:24.0359 0240 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:56:24.0359 0240 Aha154x - ok
20:56:24.0406 0240 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:56:24.0406 0240 aic78u2 - ok
20:56:24.0437 0240 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:56:24.0453 0240 aic78xx - ok
20:56:24.0500 0240 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:56:24.0500 0240 Alerter - ok
20:56:24.0562 0240 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:56:24.0562 0240 ALG - ok
20:56:24.0609 0240 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:56:24.0609 0240 AliIde - ok
20:56:24.0640 0240 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:56:24.0640 0240 alim1541 - ok
20:56:24.0671 0240 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:56:24.0671 0240 amdagp - ok
20:56:24.0703 0240 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:56:24.0703 0240 amsint - ok
20:56:24.0718 0240 AppMgmt - ok
20:56:24.0765 0240 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:56:24.0765 0240 asc - ok
20:56:24.0781 0240 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:56:24.0781 0240 asc3350p - ok
20:56:24.0812 0240 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:56:24.0812 0240 asc3550 - ok
20:56:24.0968 0240 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:56:24.0984 0240 aspnet_state - ok
20:56:25.0046 0240 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:56:25.0046 0240 AsyncMac - ok
20:56:25.0109 0240 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:56:25.0109 0240 atapi - ok
20:56:25.0125 0240 Atdisk - ok
20:56:25.0187 0240 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:56:25.0187 0240 Atmarpc - ok
20:56:25.0265 0240 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:56:25.0281 0240 AudioSrv - ok
20:56:25.0343 0240 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:56:25.0343 0240 audstub - ok
20:56:25.0406 0240 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:56:25.0406 0240 Beep - ok
20:56:25.0984 0240 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
20:56:26.0343 0240 BHDrvx86 - ok
20:56:26.0500 0240 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:56:26.0656 0240 BITS - ok
20:56:26.0734 0240 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:56:26.0750 0240 Browser - ok
20:56:26.0765 0240 bvrp_pci - ok
20:56:26.0812 0240 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:56:26.0812 0240 cbidf - ok
20:56:26.0843 0240 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:56:26.0843 0240 cbidf2k - ok
20:56:26.0984 0240 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
20:56:26.0984 0240 CCALib8 - ok
20:56:27.0031 0240 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:56:27.0031 0240 cd20xrnt - ok
20:56:27.0093 0240 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:56:27.0109 0240 Cdaudio - ok
20:56:27.0140 0240 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:56:27.0140 0240 Cdfs - ok
20:56:27.0234 0240 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:56:27.0234 0240 Cdrom - ok
20:56:27.0250 0240 Changer - ok
20:56:27.0375 0240 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:56:27.0375 0240 CiSvc - ok
20:56:27.0421 0240 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:56:27.0437 0240 ClipSrv - ok
20:56:27.0500 0240 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:27.0531 0240 clr_optimization_v2.0.50727_32 - ok
20:56:27.0671 0240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:27.0703 0240 clr_optimization_v4.0.30319_32 - ok
20:56:27.0750 0240 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:56:27.0750 0240 CmdIde - ok
20:56:27.0765 0240 COMSysApp - ok
20:56:27.0796 0240 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:56:27.0796 0240 Cpqarray - ok
20:56:27.0843 0240 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
20:56:27.0843 0240 Creative Service for CDROM Access - ok
20:56:27.0921 0240 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:56:27.0937 0240 CryptSvc - ok
20:56:28.0031 0240 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:56:28.0031 0240 dac2w2k - ok
20:56:28.0046 0240 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:56:28.0046 0240 dac960nt - ok
20:56:28.0218 0240 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:56:28.0359 0240 DcomLaunch - ok
20:56:28.0453 0240 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:56:28.0484 0240 Dhcp - ok
20:56:28.0515 0240 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:56:28.0515 0240 Disk - ok
20:56:28.0531 0240 dmadmin - ok
20:56:28.0812 0240 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:56:29.0078 0240 dmboot - ok
20:56:29.0156 0240 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:56:29.0171 0240 dmio - ok
20:56:29.0203 0240 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:56:29.0203 0240 dmload - ok
20:56:29.0265 0240 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:56:29.0265 0240 dmserver - ok
20:56:29.0328 0240 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:56:29.0328 0240 DMusic - ok
20:56:29.0390 0240 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:56:29.0406 0240 Dnscache - ok
20:56:29.0500 0240 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:56:29.0609 0240 Dot3svc - ok
20:56:29.0718 0240 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:56:29.0718 0240 Dot4 - ok
20:56:29.0781 0240 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:56:29.0781 0240 Dot4Print - ok
20:56:29.0796 0240 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:56:29.0796 0240 dpti2o - ok
20:56:29.0843 0240 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:56:29.0843 0240 drmkaud - ok
20:56:29.0921 0240 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:56:29.0921 0240 drvmcdb - ok
20:56:29.0953 0240 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
20:56:29.0953 0240 drvnddm - ok
20:56:30.0031 0240 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
20:56:30.0062 0240 DSBrokerService - ok
20:56:30.0109 0240 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:56:30.0109 0240 DSproct - ok
20:56:30.0140 0240 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:56:30.0140 0240 dsunidrv - ok
20:56:30.0218 0240 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:56:30.0218 0240 E100B - ok
20:56:30.0265 0240 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:56:30.0281 0240 EapHost - ok
20:56:30.0625 0240 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:56:30.0781 0240 eeCtrl - ok
20:56:30.0921 0240 efipsk - ok
20:56:30.0968 0240 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:56:31.0015 0240 EraserUtilRebootDrv - ok
20:56:31.0078 0240 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:56:31.0093 0240 ERSvc - ok
20:56:31.0171 0240 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:56:31.0203 0240 Eventlog - ok
20:56:31.0312 0240 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:56:31.0406 0240 EventSystem - ok
20:56:31.0468 0240 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:56:31.0484 0240 Fastfat - ok
20:56:31.0578 0240 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:56:31.0609 0240 FastUserSwitchingCompatibility - ok
20:56:31.0640 0240 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:56:31.0640 0240 Fdc - ok
20:56:31.0687 0240 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:56:31.0703 0240 Fips - ok
20:56:31.0734 0240 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:56:31.0734 0240 Flpydisk - ok
20:56:31.0828 0240 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:56:31.0843 0240 FltMgr - ok
20:56:31.0953 0240 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:56:31.0968 0240 FontCache3.0.0.0 - ok
20:56:31.0984 0240 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:56:31.0984 0240 Fs_Rec - ok
20:56:32.0078 0240 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:56:32.0125 0240 Ftdisk - ok
20:56:32.0171 0240 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:56:32.0171 0240 GEARAspiWDM - ok
20:56:32.0234 0240 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:56:32.0234 0240 Gpc - ok
20:56:32.0328 0240 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:56:32.0343 0240 helpsvc - ok
20:56:32.0390 0240 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:56:32.0406 0240 HidServ - ok
20:56:32.0437 0240 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:56:32.0437 0240 HidUsb - ok
20:56:32.0500 0240 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:56:32.0531 0240 hkmsvc - ok
20:56:32.0546 0240 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:56:32.0546 0240 hpn - ok
20:56:32.0593 0240 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:56:32.0593 0240 HPZid412 - ok
20:56:32.0640 0240 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:56:32.0640 0240 HPZipr12 - ok
20:56:32.0703 0240 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:56:32.0703 0240 HPZius12 - ok
20:56:32.0750 0240 [ CFF11BD4AF297A7BCF3EB41EE4AD6D14 ] HssDrv C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:56:32.0750 0240 HssDrv - ok
20:56:32.0890 0240 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:56:32.0953 0240 HTTP - ok
20:56:33.0015 0240 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:56:33.0015 0240 HTTPFilter - ok
20:56:33.0062 0240 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:56:33.0062 0240 i2omgmt - ok
20:56:33.0109 0240 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:56:33.0109 0240 i2omp - ok
20:56:33.0156 0240 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:56:33.0156 0240 i8042prt - ok
20:56:33.0625 0240 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:56:33.0640 0240 ialm - ok
20:56:33.0781 0240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:56:33.0812 0240 IDriverT - ok
20:56:34.0156 0240 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:56:34.0484 0240 idsvc - ok
20:56:34.0750 0240 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121106.001\IDSxpx86.sys
20:56:34.0984 0240 IDSxpx86 - ok
20:56:35.0046 0240 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:56:35.0046 0240 Imapi - ok
20:56:35.0125 0240 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:56:35.0187 0240 ImapiService - ok
20:56:35.0234 0240 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:56:35.0234 0240 ini910u - ok
20:56:35.0687 0240 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:56:35.0703 0240 IntelC51 - ok
20:56:35.0921 0240 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:56:35.0921 0240 IntelC52 - ok
20:56:35.0968 0240 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:56:35.0968 0240 IntelC53 - ok
20:56:36.0031 0240 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:56:36.0031 0240 IntelIde - ok
20:56:36.0093 0240 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:56:36.0093 0240 intelppm - ok
20:56:36.0140 0240 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:56:36.0140 0240 Ip6Fw - ok
20:56:36.0187 0240 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:56:36.0187 0240 IpFilterDriver - ok
20:56:36.0203 0240 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:56:36.0203 0240 IpInIp - ok
20:56:36.0281 0240 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:56:36.0312 0240 IpNat - ok
20:56:36.0375 0240 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:56:36.0375 0240 IPSec - ok
20:56:36.0406 0240 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:56:36.0406 0240 IRENUM - ok
20:56:36.0453 0240 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:56:36.0453 0240 isapnp - ok
20:56:36.0625 0240 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:56:36.0625 0240 JavaQuickStarterService - ok
20:56:36.0671 0240 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:56:36.0671 0240 Kbdclass - ok
20:56:36.0750 0240 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:56:36.0750 0240 kmixer - ok
20:56:36.0828 0240 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:56:36.0828 0240 KSecDD - ok
20:56:36.0921 0240 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:56:36.0953 0240 lanmanserver - ok
20:56:37.0046 0240 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:56:37.0078 0240 lanmanworkstation - ok
20:56:37.0078 0240 Lavasoft Kernexplorer - ok
20:56:37.0093 0240 Lbd - ok
20:56:37.0093 0240 lbrtfdc - ok
20:56:37.0171 0240 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:56:37.0187 0240 LmHosts - ok
20:56:37.0234 0240 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:56:37.0234 0240 MBAMProtector - ok
20:56:37.0437 0240 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:56:37.0453 0240 MBAMScheduler - ok
20:56:37.0718 0240 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:37.0718 0240 MBAMService - ok
20:56:37.0781 0240 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:56:37.0796 0240 Messenger - ok
20:56:37.0859 0240 [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
20:56:37.0859 0240 mfeavfk - ok
20:56:37.0968 0240 [ 1D003E3056A43D881597D6763E83B943 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
20:56:37.0968 0240 mfebopk - ok
20:56:38.0093 0240 [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:56:38.0093 0240 mfehidk - ok
20:56:38.0156 0240 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys
20:56:38.0156 0240 mferkdk - ok
20:56:38.0218 0240 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys
20:56:38.0218 0240 mfesmfk - ok
20:56:38.0265 0240 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:56:38.0265 0240 mnmdd - ok
20:56:38.0312 0240 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:56:38.0328 0240 mnmsrvc - ok
20:56:38.0390 0240 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:56:38.0390 0240 Modem - ok
20:56:38.0406 0240 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:56:38.0406 0240 MODEMCSA - ok
20:56:38.0421 0240 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:56:38.0421 0240 mohfilt - ok
20:56:38.0453 0240 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:56:38.0453 0240 Mouclass - ok
20:56:38.0515 0240 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:56:38.0515 0240 mouhid - ok
20:56:38.0578 0240 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:56:38.0578 0240 MountMgr - ok
20:56:38.0640 0240 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:56:38.0640 0240 mraid35x - ok
20:56:38.0718 0240 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:56:38.0828 0240 MRxDAV - ok
20:56:39.0015 0240 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:56:39.0171 0240 MRxSmb - ok
20:56:39.0234 0240 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:56:39.0234 0240 MSDTC - ok
20:56:39.0296 0240 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:56:39.0296 0240 Msfs - ok
20:56:39.0312 0240 MSIServer - ok
20:56:39.0359 0240 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:56:39.0359 0240 MSKSSRV - ok
20:56:39.0375 0240 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:56:39.0375 0240 MSPCLOCK - ok
20:56:39.0421 0240 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:56:39.0421 0240 MSPQM - ok
20:56:39.0484 0240 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:56:39.0484 0240 mssmbios - ok
20:56:39.0562 0240 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:56:39.0578 0240 Mup - ok
20:56:39.0734 0240 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
20:56:39.0734 0240 N360 - ok
20:56:39.0875 0240 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:56:39.0984 0240 napagent - ok
20:56:40.0140 0240 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.032\NAVENG.SYS
20:56:40.0171 0240 NAVENG - ok
20:56:40.0703 0240 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.032\NAVEX15.SYS
20:56:41.0250 0240 NAVEX15 - ok
20:56:41.0250 0240 Scan interrupted by user!
20:56:41.0250 0240 ================ Scan global ===============================
20:56:41.0250 0240 Scan interrupted by user!
20:56:41.0250 0240 ================ Scan MBR ==================================
20:56:41.0250 0240 Scan interrupted by user!
20:56:41.0250 0240 ================ Scan VBR ==================================
20:56:41.0250 0240 Scan interrupted by user!
20:56:41.0250 0240 ============================================================
20:56:41.0250 0240 Scan finished
20:56:41.0250 0240 ============================================================
20:56:41.0265 2364 Detected object count: 0
20:56:41.0265 2364 Actual detected object count: 0
20:57:00.0156 3020 ============================================================
20:57:00.0156 3020 Scan started
20:57:00.0156 3020 Mode: Manual; TDLFS;
20:57:00.0156 3020 ============================================================
20:57:00.0484 3020 ================ Scan system memory ========================
20:57:00.0484 3020 System memory - ok
20:57:00.0484 3020 ================ Scan services =============================
20:57:00.0828 3020 Abiosdsk - ok
20:57:00.0890 3020 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:57:00.0890 3020 abp480n5 - ok
20:57:00.0984 3020 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:57:01.0000 3020 ACPI - ok
20:57:01.0046 3020 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:57:01.0046 3020 ACPIEC - ok
20:57:01.0203 3020 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:57:01.0203 3020 AdobeFlashPlayerUpdateSvc - ok
20:57:01.0265 3020 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:57:01.0281 3020 adpu160m - ok
20:57:01.0343 3020 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:57:01.0343 3020 aec - ok
20:57:01.0437 3020 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
20:57:01.0453 3020 Afc - ok
20:57:01.0531 3020 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:57:01.0531 3020 AFD - ok
20:57:01.0593 3020 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:57:01.0640 3020 agp440 - ok
20:57:01.0687 3020 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:57:01.0687 3020 agpCPQ - ok
20:57:01.0718 3020 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:57:01.0718 3020 Aha154x - ok
20:57:01.0812 3020 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:57:01.0812 3020 aic78u2 - ok
20:57:01.0859 3020 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:57:01.0859 3020 aic78xx - ok
20:57:01.0906 3020 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:57:01.0921 3020 Alerter - ok
20:57:01.0968 3020 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:57:01.0968 3020 ALG - ok
20:57:02.0015 3020 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:57:02.0015 3020 AliIde - ok
20:57:02.0046 3020 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:57:02.0062 3020 alim1541 - ok
20:57:02.0093 3020 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:57:02.0093 3020 amdagp - ok
20:57:02.0109 3020 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:57:02.0109 3020 amsint - ok
20:57:02.0125 3020 AppMgmt - ok
20:57:02.0140 3020 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:57:02.0140 3020 asc - ok
20:57:02.0156 3020 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:57:02.0156 3020 asc3350p - ok
20:57:02.0171 3020 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:57:02.0171 3020 asc3550 - ok
20:57:02.0343 3020 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:57:02.0343 3020 aspnet_state - ok
20:57:02.0421 3020 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:57:02.0421 3020 AsyncMac - ok
20:57:02.0484 3020 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:57:02.0484 3020 atapi - ok
20:57:02.0484 3020 Atdisk - ok
20:57:02.0546 3020 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:57:02.0546 3020 Atmarpc - ok
20:57:02.0625 3020 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:57:02.0625 3020 AudioSrv - ok
20:57:02.0687 3020 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:57:02.0687 3020 audstub - ok
20:57:02.0765 3020 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:57:02.0765 3020 Beep - ok
20:57:03.0328 3020 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
20:57:03.0343 3020 BHDrvx86 - ok
20:57:03.0515 3020 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:57:03.0515 3020 BITS - ok
20:57:03.0593 3020 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:57:03.0593 3020 Browser - ok
20:57:03.0609 3020 bvrp_pci - ok
20:57:03.0656 3020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:57:03.0656 3020 cbidf - ok
20:57:03.0671 3020 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:57:03.0671 3020 cbidf2k - ok
20:57:03.0812 3020 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
20:57:03.0812 3020 CCALib8 - ok
20:57:03.0859 3020 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:57:03.0859 3020 cd20xrnt - ok
20:57:03.0906 3020 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:57:03.0906 3020 Cdaudio - ok
20:57:03.0937 3020 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:57:03.0937 3020 Cdfs - ok
20:57:04.0000 3020 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:57:04.0000 3020 Cdrom - ok
20:57:04.0015 3020 Changer - ok
20:57:04.0062 3020 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:57:04.0062 3020 CiSvc - ok
20:57:04.0125 3020 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:57:04.0125 3020 ClipSrv - ok
20:57:04.0171 3020 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:04.0187 3020 clr_optimization_v2.0.50727_32 - ok
20:57:04.0312 3020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:04.0312 3020 clr_optimization_v4.0.30319_32 - ok
20:57:04.0390 3020 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:57:04.0390 3020 CmdIde - ok
20:57:04.0421 3020 COMSysApp - ok
20:57:04.0453 3020 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:57:04.0453 3020 Cpqarray - ok
20:57:04.0515 3020 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
20:57:04.0515 3020 Creative Service for CDROM Access - ok
20:57:04.0578 3020 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:57:04.0593 3020 CryptSvc - ok
20:57:04.0671 3020 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:57:04.0703 3020 dac2w2k - ok
20:57:04.0718 3020 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:57:04.0718 3020 dac960nt - ok
20:57:04.0906 3020 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:57:04.0906 3020 DcomLaunch - ok
20:57:05.0000 3020 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:57:05.0000 3020 Dhcp - ok
20:57:05.0031 3020 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:57:05.0031 3020 Disk - ok
20:57:05.0031 3020 dmadmin - ok
20:57:05.0328 3020 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:57:05.0343 3020 dmboot - ok
20:57:05.0453 3020 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:57:05.0453 3020 dmio - ok
20:57:05.0484 3020 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:57:05.0484 3020 dmload - ok
20:57:05.0531 3020 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:57:05.0531 3020 dmserver - ok
20:57:05.0593 3020 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:57:05.0593 3020 DMusic - ok
20:57:05.0656 3020 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:57:05.0671 3020 Dnscache - ok
20:57:05.0750 3020 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:57:05.0750 3020 Dot3svc - ok
20:57:05.0843 3020 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:57:05.0859 3020 Dot4 - ok
20:57:05.0921 3020 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:57:05.0921 3020 Dot4Print - ok
20:57:05.0953 3020 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:57:05.0953 3020 dpti2o - ok
20:57:06.0015 3020 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:57:06.0015 3020 drmkaud - ok
20:57:06.0093 3020 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:57:06.0093 3020 drvmcdb - ok
20:57:06.0125 3020 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
20:57:06.0125 3020 drvnddm - ok
20:57:06.0218 3020 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
20:57:06.0218 3020 DSBrokerService - ok
20:57:06.0281 3020 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:57:06.0281 3020 DSproct - ok
20:57:06.0328 3020 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:57:06.0328 3020 dsunidrv - ok
20:57:06.0406 3020 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:57:06.0406 3020 E100B - ok
20:57:06.0468 3020 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:57:06.0468 3020 EapHost - ok
20:57:06.0859 3020 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:57:06.0875 3020 eeCtrl - ok
20:57:07.0046 3020 efipsk - ok
20:57:07.0312 3020 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:57:07.0406 3020 EraserUtilRebootDrv - ok
20:57:07.0562 3020 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:57:07.0562 3020 ERSvc - ok
20:57:07.0656 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:57:07.0656 3020 Eventlog - ok
20:57:07.0765 3020 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:57:07.0781 3020 EventSystem - ok
20:57:07.0843 3020 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:57:07.0843 3020 Fastfat - ok
20:57:07.0937 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:57:07.0937 3020 FastUserSwitchingCompatibility - ok
20:57:07.0968 3020 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:57:07.0968 3020 Fdc - ok
20:57:08.0031 3020 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:57:08.0031 3020 Fips - ok
20:57:08.0062 3020 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:57:08.0062 3020 Flpydisk - ok
20:57:08.0156 3020 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:57:08.0171 3020 FltMgr - ok
20:57:08.0265 3020 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:57:08.0265 3020 FontCache3.0.0.0 - ok
20:57:08.0281 3020 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:57:08.0281 3020 Fs_Rec - ok
20:57:08.0375 3020 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:57:08.0375 3020 Ftdisk - ok
20:57:08.0437 3020 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:57:08.0437 3020 GEARAspiWDM - ok
20:57:08.0484 3020 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:57:08.0484 3020 Gpc - ok
20:57:08.0609 3020 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:57:08.0609 3020 helpsvc - ok
20:57:08.0656 3020 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:57:08.0656 3020 HidServ - ok
20:57:08.0750 3020 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:57:08.0750 3020 HidUsb - ok
20:57:08.0812 3020 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:57:08.0812 3020 hkmsvc - ok
20:57:08.0843 3020 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:57:08.0843 3020 hpn - ok
20:57:08.0890 3020 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:57:08.0890 3020 HPZid412 - ok
20:57:08.0937 3020 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:57:08.0937 3020 HPZipr12 - ok
20:57:09.0000 3020 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:57:09.0000 3020 HPZius12 - ok
20:57:09.0062 3020 [ CFF11BD4AF297A7BCF3EB41EE4AD6D14 ] HssDrv C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:57:09.0062 3020 HssDrv - ok
20:57:09.0187 3020 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:57:09.0203 3020 HTTP - ok
20:57:09.0250 3020 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:57:09.0250 3020 HTTPFilter - ok
20:57:09.0296 3020 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:57:09.0296 3020 i2omgmt - ok
20:57:09.0328 3020 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:57:09.0328 3020 i2omp - ok
20:57:09.0390 3020 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:57:09.0390 3020 i8042prt - ok
20:57:09.0906 3020 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:57:09.0921 3020 ialm - ok
20:57:10.0093 3020 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:57:10.0093 3020 IDriverT - ok
20:57:10.0437 3020 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:57:10.0453 3020 idsvc - ok
20:57:10.0687 3020 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121106.001\IDSxpx86.sys
20:57:10.0687 3020 IDSxpx86 - ok
20:57:10.0750 3020 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:57:10.0750 3020 Imapi - ok
20:57:10.0843 3020 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:57:10.0843 3020 ImapiService - ok
20:57:10.0906 3020 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:57:10.0906 3020 ini910u - ok
20:57:11.0343 3020 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:57:11.0359 3020 IntelC51 - ok
20:57:11.0578 3020 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:57:11.0578 3020 IntelC52 - ok
20:57:11.0625 3020 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:57:11.0625 3020 IntelC53 - ok
20:57:11.0640 3020 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:57:11.0640 3020 IntelIde - ok
20:57:11.0703 3020 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:57:11.0703 3020 intelppm - ok
20:57:11.0750 3020 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:57:11.0750 3020 Ip6Fw - ok
20:57:11.0796 3020 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:57:11.0796 3020 IpFilterDriver - ok
20:57:11.0828 3020 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:57:11.0828 3020 IpInIp - ok
20:57:11.0921 3020 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:57:11.0968 3020 IpNat - ok
20:57:12.0046 3020 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:57:12.0046 3020 IPSec - ok
20:57:12.0078 3020 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:57:12.0078 3020 IRENUM - ok
20:57:12.0140 3020 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:57:12.0140 3020 isapnp - ok
20:57:12.0343 3020 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:57:12.0343 3020 JavaQuickStarterService - ok
20:57:12.0390 3020 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:57:12.0390 3020 Kbdclass - ok
20:57:12.0484 3020 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:57:12.0484 3020 kmixer - ok
20:57:12.0562 3020 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:57:12.0562 3020 KSecDD - ok
20:57:12.0656 3020 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:57:12.0656 3020 lanmanserver - ok
20:57:12.0750 3020 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:57:12.0750 3020 lanmanworkstation - ok
20:57:12.0765 3020 Lavasoft Kernexplorer - ok
20:57:12.0781 3020 Lbd - ok
20:57:12.0781 3020 lbrtfdc - ok
20:57:12.0843 3020 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:57:12.0843 3020 LmHosts - ok
20:57:12.0906 3020 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:57:12.0906 3020 MBAMProtector - ok
20:57:13.0093 3020 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:57:13.0093 3020 MBAMScheduler - ok
20:57:13.0359 3020 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:57:13.0375 3020 MBAMService - ok
20:57:13.0421 3020 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:57:13.0421 3020 Messenger - ok
20:57:13.0500 3020 [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
20:57:13.0500 3020 mfeavfk - ok
20:57:13.0562 3020 [ 1D003E3056A43D881597D6763E83B943 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
20:57:13.0562 3020 mfebopk - ok
20:57:13.0812 3020 [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:57:13.0812 3020 mfehidk - ok
20:57:13.0921 3020 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys
20:57:13.0921 3020 mferkdk - ok
20:57:13.0984 3020 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys
20:57:13.0984 3020 mfesmfk - ok
20:57:14.0031 3020 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:57:14.0031 3020 mnmdd - ok
20:57:14.0078 3020 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:57:14.0078 3020 mnmsrvc - ok
20:57:14.0140 3020 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:57:14.0140 3020 Modem - ok
20:57:14.0171 3020 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:57:14.0171 3020 MODEMCSA - ok
20:57:14.0187 3020 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:57:14.0203 3020 mohfilt - ok
20:57:14.0218 3020 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:57:14.0218 3020 Mouclass - ok
20:57:14.0281 3020 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:57:14.0296 3020 mouhid - ok
20:57:14.0328 3020 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:57:14.0328 3020 MountMgr - ok
20:57:14.0375 3020 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:57:14.0375 3020 mraid35x - ok
20:57:14.0453 3020 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:57:14.0468 3020 MRxDAV - ok
20:57:14.0765 3020 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:57:14.0765 3020 MRxSmb - ok
20:57:14.0843 3020 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:57:14.0843 3020 MSDTC - ok
20:57:14.0906 3020 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:57:14.0906 3020 Msfs - ok
20:57:14.0921 3020 MSIServer - ok
20:57:14.0953 3020 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:57:14.0953 3020 MSKSSRV - ok
20:57:14.0984 3020 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:57:14.0984 3020 MSPCLOCK - ok
20:57:15.0078 3020 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:57:15.0078 3020 MSPQM - ok
20:57:15.0156 3020 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:57:15.0156 3020 mssmbios - ok
20:57:15.0250 3020 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:57:15.0250 3020 Mup - ok
20:57:15.0468 3020 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
20:57:15.0468 3020 N360 - ok
20:57:15.0687 3020 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:57:15.0687 3020 napagent - ok
20:57:16.0125 3020 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.032\NAVENG.SYS
20:57:16.0125 3020 NAVENG - ok
20:57:16.0687 3020 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121106.032\NAVEX15.SYS
20:57:16.0718 3020 NAVEX15 - ok
20:57:16.0968 3020 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:57:17.0000 3020 NDIS - ok
20:57:17.0062 3020 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:57:17.0062 3020 NdisTapi - ok
20:57:17.0140 3020 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:57:17.0140 3020 Ndisuio - ok
20:57:17.0187 3020 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:57:17.0187 3020 NdisWan - ok
20:57:17.0250 3020 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:57:17.0265 3020 NDProxy - ok
20:57:17.0281 3020 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:57:17.0296 3020 NetBIOS - ok
20:57:17.0437 3020 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:57:17.0468 3020 NetBT - ok
20:57:17.0546 3020 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:57:17.0609 3020 NetDDE - ok
20:57:17.0687 3020 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:57:17.0687 3020 NetDDEdsdm - ok
20:57:17.0781 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:57:17.0890 3020 Netlogon - ok
20:57:18.0031 3020 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:57:18.0093 3020 Netman - ok
20:57:18.0328 3020 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
20:57:18.0515 3020 NetSvc - ok
20:57:18.0671 3020 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:57:18.0859 3020 NetTcpPortSharing - ok
20:57:19.0015 3020 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:57:19.0187 3020 Nla - ok
20:57:19.0218 3020 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:57:19.0234 3020 Npfs - ok
20:57:19.0453 3020 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:57:19.0609 3020 Ntfs - ok
20:57:19.0640 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:57:19.0640 3020 NtLmSsp - ok
20:57:19.0812 3020 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:57:20.0109 3020 NtmsSvc - ok
20:57:20.0140 3020 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:57:20.0140 3020 Null - ok
20:57:21.0171 3020 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:57:21.0781 3020 nv - ok
20:57:21.0812 3020 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:57:21.0812 3020 NwlnkFlt - ok
20:57:21.0843 3020 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:57:21.0843 3020 NwlnkFwd - ok
20:57:21.0921 3020 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:57:21.0921 3020 Parport - ok
20:57:22.0078 3020 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:57:22.0078 3020 PartMgr - ok
20:57:22.0109 3020 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:57:22.0109 3020 ParVdm - ok
20:57:22.0171 3020 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:57:22.0171 3020 PCI - ok
20:57:22.0187 3020 PCIDump - ok
20:57:22.0218 3020 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:57:22.0218 3020 PCIIde - ok
20:57:22.0296 3020 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:57:22.0312 3020 Pcmcia - ok
20:57:22.0328 3020 PDCOMP - ok
20:57:22.0343 3020 PDFRAME - ok
20:57:22.0343 3020 PDRELI - ok
20:57:22.0359 3020 PDRFRAME - ok
20:57:22.0421 3020 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:57:22.0421 3020 perc2 - ok
20:57:22.0437 3020 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:57:22.0437 3020 perc2hib - ok
20:57:22.0500 3020 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
20:57:22.0500 3020 pfc - ok
20:57:22.0546 3020 [ 2F5532F9B0F903B26847DA674B4F55B2 ] PfModNT C:\WINDOWS\system32\PfModNT.sys
20:57:22.0546 3020 PfModNT - ok
20:57:22.0609 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:57:22.0609 3020 PlugPlay - ok
20:57:22.0671 3020 [ DCDF0421A1C14F2923E298A30FD7636D ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
20:57:22.0671 3020 Point32 - ok
20:57:22.0687 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:57:22.0703 3020 PolicyAgent - ok
20:57:22.0765 3020 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:22.0765 3020 PptpMiniport - ok
20:57:22.0781 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:57:22.0781 3020 ProtectedStorage - ok
20:57:22.0812 3020 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:22.0812 3020 PSched - ok
20:57:22.0859 3020 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:22.0859 3020 Ptilink - ok
20:57:22.0921 3020 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:57:22.0921 3020 PxHelp20 - ok
20:57:22.0984 3020 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:57:22.0984 3020 ql1080 - ok
20:57:23.0015 3020 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:57:23.0015 3020 Ql10wnt - ok
20:57:23.0046 3020 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:57:23.0046 3020 ql12160 - ok
20:57:23.0203 3020 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:57:23.0218 3020 ql1240 - ok
20:57:23.0265 3020 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:57:23.0265 3020 ql1280 - ok
20:57:23.0328 3020 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:23.0328 3020 RasAcd - ok
20:57:23.0406 3020 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:57:23.0437 3020 RasAuto - ok
20:57:23.0484 3020 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:23.0484 3020 Rasl2tp - ok
20:57:23.0593 3020 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:57:23.0656 3020 RasMan - ok
20:57:23.0703 3020 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:23.0703 3020 RasPppoe - ok
20:57:23.0718 3020 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:23.0718 3020 Raspti - ok
20:57:23.0828 3020 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:23.0859 3020 Rdbss - ok
20:57:23.0953 3020 [ F91DADB2654E29363ADB16717D323441 ] RdnaoFlSvc C:\Program Files\rnamfler\naofsvc.exe
20:57:23.0953 3020 RdnaoFlSvc - ok
20:57:23.0984 3020 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:24.0000 3020 RDPCDD - ok
20:57:24.0093 3020 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:24.0140 3020 rdpdr - ok
20:57:24.0359 3020 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:24.0375 3020 RDPWD - ok
20:57:24.0468 3020 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:57:24.0515 3020 RDSessMgr - ok
20:57:24.0578 3020 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:24.0578 3020 redbook - ok
20:57:24.0640 3020 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:57:24.0656 3020 RemoteAccess - ok
20:57:24.0703 3020 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:57:24.0734 3020 RpcLocator - ok
20:57:24.0890 3020 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:57:24.0906 3020 RpcSs - ok
20:57:25.0000 3020 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:57:25.0046 3020 RSVP - ok
20:57:25.0078 3020 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:57:25.0078 3020 SamSs - ok
20:57:25.0281 3020 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:57:25.0328 3020 SCardSvr - ok
20:57:25.0437 3020 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:57:25.0484 3020 Schedule - ok
20:57:25.0546 3020 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:25.0546 3020 Secdrv - ok
20:57:25.0593 3020 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:57:25.0609 3020 seclogon - ok
20:57:25.0906 3020 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
20:57:25.0906 3020 senfilt - ok
20:57:25.0968 3020 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:57:25.0968 3020 SENS - ok
20:57:26.0015 3020 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:57:26.0015 3020 serenum - ok
20:57:26.0093 3020 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:57:26.0093 3020 Serial - ok
20:57:26.0140 3020 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:57:26.0140 3020 Sfloppy - ok
20:57:26.0406 3020 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:57:26.0515 3020 SharedAccess - ok
20:57:26.0593 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:57:26.0593 3020 ShellHWDetection - ok
20:57:26.0609 3020 Simbad - ok
20:57:26.0671 3020 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:57:26.0687 3020 sisagp - ok
20:57:26.0828 3020 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:57:26.0828 3020 smwdm - ok
20:57:26.0875 3020 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:57:26.0875 3020 Sparrow - ok
20:57:26.0906 3020 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:57:26.0906 3020 splitter - ok
20:57:26.0984 3020 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:57:27.0000 3020 Spooler - ok
20:57:27.0078 3020 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:27.0078 3020 sr - ok
20:57:27.0187 3020 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:57:27.0250 3020 srservice - ok
20:57:27.0656 3020 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
20:57:27.0656 3020 SRTSP - ok
20:57:27.0718 3020 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
20:57:27.0734 3020 SRTSPX - ok
20:57:27.0890 3020 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:27.0984 3020 Srv - ok
20:57:28.0015 3020 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:57:28.0015 3020 sscdbhk5 - ok
20:57:28.0093 3020 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:57:28.0125 3020 SSDPSRV - ok
20:57:28.0140 3020 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
20:57:28.0140 3020 ssrtln - ok
20:57:28.0281 3020 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:57:28.0390 3020 stisvc - ok
20:57:28.0421 3020 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:28.0421 3020 swenum - ok
20:57:28.0484 3020 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:57:28.0484 3020 swmidi - ok
20:57:28.0625 3020 SwPrv - ok
20:57:28.0656 3020 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:57:28.0671 3020 symc810 - ok
20:57:28.0703 3020 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:57:28.0703 3020 symc8xx - ok
20:57:28.0859 3020 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
20:57:28.0859 3020 SymDS - ok
20:57:29.0140 3020 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
20:57:29.0156 3020 SymEFA - ok
20:57:29.0234 3020 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:57:29.0250 3020 SymEvent - ok
20:57:29.0343 3020 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
20:57:29.0343 3020 SymIRON - ok
20:57:29.0500 3020 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
20:57:29.0515 3020 SYMTDI - ok
20:57:29.0562 3020 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:57:29.0578 3020 sym_hi - ok
20:57:29.0718 3020 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:57:29.0718 3020 sym_u3 - ok
20:57:29.0781 3020 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:29.0781 3020 sysaudio - ok
20:57:29.0875 3020 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:57:29.0906 3020 SysmonLog - ok
20:57:29.0968 3020 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
20:57:29.0968 3020 taphss - ok
20:57:30.0093 3020 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:57:30.0171 3020 TapiSrv - ok
20:57:30.0328 3020 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:57:30.0421 3020 Tcpip - ok
20:57:30.0484 3020 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:30.0484 3020 TDPIPE - ok
20:57:30.0515 3020 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:30.0515 3020 TDTCP - ok
20:57:30.0578 3020 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:30.0578 3020 TermDD - ok
20:57:30.0843 3020 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:57:30.0953 3020 TermService - ok
20:57:31.0046 3020 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
20:57:31.0062 3020 tfsnboio - ok
20:57:31.0078 3020 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
20:57:31.0109 3020 tfsncofs - ok
20:57:31.0125 3020 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
20:57:31.0125 3020 tfsndrct - ok
20:57:31.0140 3020 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
20:57:31.0140 3020 tfsndres - ok
20:57:31.0203 3020 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
20:57:31.0234 3020 tfsnifs - ok
20:57:31.0265 3020 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
20:57:31.0265 3020 tfsnopio - ok
20:57:31.0281 3020 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
20:57:31.0281 3020 tfsnpool - ok
20:57:31.0328 3020 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
20:57:31.0375 3020 tfsnudf - ok
20:57:31.0437 3020 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
20:57:31.0484 3020 tfsnudfa - ok
20:57:31.0562 3020 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:57:31.0562 3020 Themes - ok
20:57:31.0609 3020 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:57:31.0609 3020 TosIde - ok
20:57:31.0796 3020 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:57:31.0843 3020 TrkWks - ok
20:57:31.0921 3020 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:57:31.0921 3020 Udfs - ok
20:57:31.0953 3020 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:57:31.0953 3020 ultra - ok
20:57:32.0015 3020 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:57:32.0015 3020 UMWdf - ok
20:57:32.0187 3020 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:57:32.0296 3020 Update - ok
20:57:32.0406 3020 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:57:32.0468 3020 upnphost - ok
20:57:32.0531 3020 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:57:32.0546 3020 UPS - ok
20:57:32.0609 3020 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:57:32.0609 3020 usbccgp - ok
20:57:32.0656 3020 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:57:32.0656 3020 usbehci - ok
20:57:32.0718 3020 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:57:32.0718 3020 usbhub - ok
20:57:32.0781 3020 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:57:32.0781 3020 usbprint - ok
20:57:32.0828 3020 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:57:32.0828 3020 usbscan - ok
20:57:32.0921 3020 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:57:32.0921 3020 USBSTOR - ok
20:57:32.0968 3020 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:57:32.0968 3020 usbuhci - ok
20:57:33.0015 3020 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:57:33.0015 3020 VgaSave - ok
20:57:33.0093 3020 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:57:33.0093 3020 viaagp - ok
20:57:33.0125 3020 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:57:33.0125 3020 ViaIde - ok
20:57:33.0203 3020 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:57:33.0203 3020 VolSnap - ok
20:57:33.0328 3020 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:57:33.0437 3020 VSS - ok
20:57:33.0531 3020 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:57:33.0593 3020 w32time - ok
20:57:33.0734 3020 [ 7455B3C11A1D6A844B53FEBDB58646E9 ] W8335XP C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
20:57:33.0734 3020 W8335XP - ok
20:57:33.0781 3020 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:57:33.0781 3020 Wanarp - ok
20:57:33.0812 3020 wanatw - ok
20:57:33.0828 3020 WDICA - ok
20:57:33.0875 3020 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:57:33.0875 3020 wdmaud - ok
20:57:33.0953 3020 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:57:33.0984 3020 WebClient - ok
20:57:34.0156 3020 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:57:34.0171 3020 winmgmt - ok
20:57:34.0281 3020 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:57:34.0281 3020 WmdmPmSN - ok
20:57:34.0390 3020 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:57:34.0406 3020 WmiApSrv - ok
20:57:34.0453 3020 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:57:34.0453 3020 WpdUsb - ok
20:57:34.0859 3020 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:57:35.0109 3020 WPFFontCache_v0400 - ok
20:57:35.0187 3020 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:57:35.0203 3020 wscsvc - ok
20:57:35.0250 3020 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:57:35.0250 3020 wuauserv - ok
20:57:35.0328 3020 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:57:35.0328 3020 WudfPf - ok
20:57:35.0406 3020 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:57:35.0406 3020 WudfRd - ok
20:57:35.0468 3020 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:57:35.0484 3020 WudfSvc - ok
20:57:35.0734 3020 [ 326C012C7FE573829871FE9C9E41CF9B ] WUSB54GCv3 C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
20:57:35.0734 3020 WUSB54GCv3 - ok
20:57:35.0937 3020 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:57:36.0093 3020 WZCSVC - ok
20:57:36.0171 3020 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:57:36.0218 3020 xmlprov - ok
20:57:36.0234 3020 ================ Scan global ===============================
20:57:36.0296 3020 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:57:36.0453 3020 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:57:36.0671 3020 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:57:36.0718 3020 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:57:36.0718 3020 [Global] - ok
20:57:36.0734 3020 ================ Scan MBR ==================================
20:57:36.0781 3020 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
20:57:37.0234 3020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:57:37.0234 3020 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:57:37.0234 3020 ================ Scan VBR ==================================
20:57:37.0281 3020 [ 81FC518272921DCC49F4DCEE06341E30 ] \Device\Harddisk0\DR0\Partition1
20:57:37.0281 3020 \Device\Harddisk0\DR0\Partition1 - ok
20:57:37.0281 3020 ============================================================
20:57:37.0281 3020 Scan finished
20:57:37.0281 3020 ============================================================
20:57:37.0296 2760 Detected object count: 1
20:57:37.0296 2760 Actual detected object count: 1
20:57:57.0828 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:57:57.0828 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#9 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 November 2012 - 09:27 PM

Updated aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 21:05:33
-----------------------------
21:05:33.656 OS Version: Windows 5.1.2600 Service Pack 3
21:05:33.656 Number of processors: 1 586 0x401
21:05:33.656 ComputerName: CARSONVICK UserName:
21:05:34.656 Initialize success
21:06:03.875 AVAST engine defs: 12110701
21:07:26.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:07:26.312 Disk 0 Vendor: SAMSUNG_SP0802N TK100-28 Size: 76293MB BusType: 3
21:07:26.343 Disk 0 MBR read successfully
21:07:26.343 Disk 0 MBR scan
21:07:26.421 Disk 0 unknown MBR code
21:07:26.421 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:07:26.437 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72606 MB offset 80325
21:07:26.468 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3639 MB offset 148777965
21:07:26.515 Disk 0 scanning sectors +156232125
21:07:26.625 Disk 0 scanning C:\WINDOWS\system32\drivers
21:08:02.515 Service scanning
21:09:16.812 Modules scanning
21:09:56.531 Disk 0 trace - called modules:
21:09:56.578 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
21:09:56.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b6ab8]
21:09:56.593 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5d9b00]
21:09:57.875 AVAST engine scan C:\WINDOWS
21:10:22.437 AVAST engine scan C:\WINDOWS\system32
21:19:59.515 AVAST engine scan C:\WINDOWS\system32\drivers
21:20:40.140 AVAST engine scan C:\Documents and Settings\Carson Vick
21:26:03.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carson Vick\Desktop\MBR.dat"
21:26:03.718 The log file has been saved successfully to "C:\Documents and Settings\Carson Vick\Desktop\save me.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:31 PM

Posted 07 November 2012 - 09:36 PM

Launch TDSSkiller again and select DELETE

20:57:57.0828 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#11 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 06:48 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carson Vick :: CARSONVICK [administrator]

11/7/2012 10:20:23 PM
mbam-log-2012-11-07 (22-20-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290850
Time elapsed: 3 hour(s), 54 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\07.11.2012_21.50.33\tdlfs0000\tsk0003.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)

Edited by cvick, 08 November 2012 - 06:49 AM.


#12 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:06 PM

Mini toolbox Results:

MiniToolBox by Farbar Version: 08-11-2012
Ran by Carson Vick (administrator) on 08-11-2012 at 18:57:54
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com

There are 15217 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

NETGEAR WG311v3 802.11g Wireless PCI Adapter = Wireless Network Connection 3 (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : CarsonVick

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.va.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.va.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-7E-C3-1F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 98.249.36.146

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 98.249.36.1

DHCP Server . . . . . . . . . . . : 69.252.67.5

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Thursday, November 08, 2012 6:36:31 PM

Lease Expires . . . . . . . . . . : Monday, November 12, 2012 6:36:31 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.140.100, 74.125.140.138, 74.125.140.101, 74.125.140.113
74.125.140.102, 74.125.140.139



Pinging google.com [74.125.137.138] with 32 bytes of data:



Reply from 74.125.137.138: bytes=32 time=30ms TTL=48

Reply from 74.125.137.138: bytes=32 time=34ms TTL=48



Ping statistics for 74.125.137.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 34ms, Average = 32ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=72ms TTL=52

Reply from 98.139.183.24: bytes=32 time=61ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 72ms, Average = 66ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 7e c3 1f ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.249.36.1 98.249.36.146 20
98.249.36.0 255.255.255.0 98.249.36.146 98.249.36.146 20
98.249.36.146 255.255.255.255 127.0.0.1 127.0.0.1 20
98.255.255.255 255.255.255.255 98.249.36.146 98.249.36.146 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 98.249.36.146 98.249.36.146 20
255.255.255.255 255.255.255.255 98.249.36.146 98.249.36.146 1
Default Gateway: 98.249.36.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2012 06:37:16 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/07/2012 10:08:54 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/07/2012 04:54:03 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/06/2012 05:23:51 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/06/2012 02:39:48 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/05/2012 07:35:51 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (11/05/2012 07:07:59 AM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (10/31/2012 01:44:22 PM) (Source: ESENT) (User: )
Description: wuauclt (3700) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00785.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 2 (0x00000002): "The system cannot find the file specified. ". The move file operation will fail with error -1811 (0xfffff8ed).

Error: (10/31/2012 01:43:29 PM) (Source: ESENT) (User: )
Description: wuauclt (3700) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00764.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 2 (0x00000002): "The system cannot find the file specified. ". The move file operation will fail with error -1811 (0xfffff8ed).

Error: (10/31/2012 01:33:38 PM) (Source: ESENT) (User: )
Description: wuauclt (3700) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00716.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 2 (0x00000002): "The system cannot find the file specified. ". The move file operation will fail with error -1811 (0xfffff8ed).


System errors:
=============
Error: (11/08/2012 06:39:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/08/2012 06:54:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde
Lbd

Error: (11/07/2012 10:10:58 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

Error: (11/07/2012 10:10:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/07/2012 10:10:17 PM) (Source: Service Control Manager) (User: )
Description: The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error:
%%1053

Error: (11/07/2012 10:10:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service failed to start due to the following error:
%%1053

Error: (11/07/2012 10:10:17 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.

Error: (11/07/2012 05:50:56 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

Error: (11/07/2012 05:50:24 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

Error: (11/07/2012 05:49:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.


Microsoft Office Sessions:
=========================
Error: (11/08/2012 06:37:16 PM) (Source: PerfNet)(User: )
Description:

Error: (11/07/2012 10:08:54 PM) (Source: PerfNet)(User: )
Description:

Error: (11/07/2012 04:54:03 PM) (Source: PerfNet)(User: )
Description:

Error: (11/06/2012 05:23:51 PM) (Source: PerfNet)(User: )
Description:

Error: (11/06/2012 02:39:48 PM) (Source: PerfNet)(User: )
Description:

Error: (11/05/2012 07:35:51 PM) (Source: PerfNet)(User: )
Description:

Error: (11/05/2012 07:07:59 AM) (Source: PerfNet)(User: )
Description:

Error: (10/31/2012 01:44:22 PM) (Source: ESENT)(User: )
Description: wuauclt3700C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00785.logC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1811 (0xfffff8ed)2 (0x00000002)The system cannot find the file specified.

Error: (10/31/2012 01:43:29 PM) (Source: ESENT)(User: )
Description: wuauclt3700C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00764.logC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1811 (0xfffff8ed)2 (0x00000002)The system cannot find the file specified.

Error: (10/31/2012 01:33:38 PM) (Source: ESENT)(User: )
Description: wuauclt3700C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00716.logC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1811 (0xfffff8ed)2 (0x00000002)The system cannot find the file specified.


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoImpression 6
ArcSoft PhotoStudio 5.5
Aspell English Dictionary-0.50-2
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.5)
Canon Camera WIA Driver (Version: 5.6)
Canon Camera WIA Driver (Version: 5.7)
Canon Camera WIA Driver (Version: 5.8)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.1.0.7)
Canon CanoScan Toolbox 4.9
Canon EOS-1D Mark II N WIA Driver (Version: 5.8)
Canon EOS-1Ds Mark II WIA Driver (Version: 5.5)
Canon EOS 5D WIA Driver (Version: 5.7)
Canon EOS Kiss_N REBEL_XT 350D WIA Driver (Version: 5.6)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.3.0.11)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities Digital Photo Professional 2.1 (Version: 2.1.1.4)
Canon Utilities EOS Utility (Version: 1.0.3.17)
Canon Utilities PhotoStitch (Version: 3.1.17.41)
Canon Utilities ZoomBrowser EX (Version: 5.6.0.27)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.00)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
DMX Update
ESET Online Scanner v3
FrostWire 5.4.0 (Version: 5.4.0.0)
GNU Aspell 0.50-3
GTK+ Runtime 2.6.9 rev a (remove only)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Internet Explorer Default Page (Version: 1.00.03)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 6.1 (Version: 6.10.156.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NETGEAR WG311v3 PCI Adapter (Version: 1.00)
Norton Security Suite (Version: 5.2.2.3)
PowerDVD 5.5
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
Sonic DLA (Version: 4.98)
Sonic Update Manager (Version: 3.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2045.98 MB
Available physical RAM: 1137.24 MB
Total Pagefile: 2663.63 MB
Available Pagefile: 1985.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.9 GB) (Free:32.46 GB) NTFS

========================= Users: ========================================

User accounts for \\CARSONVICK

Administrator Carson Vick Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****

#13 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:10 PM

Farbar Service Scanner RESULTS:

Farbar Service Scanner Version: 07-11-2012
Ran by Carson Vick (administrator) on 08-11-2012 at 19:07:32
Running from "C:\Documents and Settings\Carson Vick\Local Settings\Temporary Internet Files\Content.IE5\TS06KH95"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr service is OK.


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) HssDrv(13) IPSec(4) NetBT(5) PSched(7) SYMTDI(12) Tcpip(3)
0x0D000000040000000100000002000000030000000C0000000B0000000A00000009000000080000000500000006000000070000000D000000
IpSec Tag value is correct.

**** End of log ****

#14 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:25 PM

Adware Cleaner RESULTS:

# AdwCleaner v2.007 - Logfile created 11/08/2012 at 19:12:47
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Carson Vick - CARSONVICK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Carson Vick\Local Settings\Temporary Internet Files\Content.IE5\TS06KH95\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Carson Vick\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Carson Vick\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Carson Vick\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Carson Vick\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Carson Vick\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [5602 octets] - [08/11/2012 19:12:47]

########## EOF - C:\AdwCleaner[S1].txt - [5662 octets] ##########

#15 cvick

cvick
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 08 November 2012 - 07:44 PM

Junkware removal tool RESULTS: (did not really come up with actual data)

Press any key to continue . . .

Creating a registry backup
Checking Processes
Checking Services
Checking Registry - Quick Scan
Checking Files
Checking Folders
Checking Startup
Checking Registry - Deep Scan

The operation completed successfully




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users