TechSpot

Tidserv Activity 2 & Zero Access Rootkit Activity 4

Inactive
By Jerrynice
May 9, 2012
  1. I know there has been alot of post regarding this but it seems alot of the differ in the removal process. Besides, Prelim says don't follow other advice, sooo.

    I am going through the Prelims as we speak & am only @ the malware scan stage...which has been going for almost an hour now. I disconnected infected computer from internet & have Norton disabled while I run the m-ware scan......


    Any advice so far?
     
  2. Jerrynice

    Jerrynice TS Rookie Topic Starter

    update: malware found 31 items, after deleting, did not ask me to restart.
    Am now running GMER...
     
  3. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Jerrynice

    Jerrynice TS Rookie Topic Starter

    GMER has now been scanning for close to 3 hours now....is this normal??
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    GMER may take time. Keep it going.
     
  6. Jerrynice

    Jerrynice TS Rookie Topic Starter

    Ok...it stopped (GMER)...it said it found modifications, I clicked ok......but there was no "save" option after that...only an "ok" button on the scan screen...which I clicked & the program closed...no saving....I dunno what to do for that now, but I am now going to start the DDs thing now........in the meantime, this is the log from the malware :




    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.09.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mom's Account :: LULU [administrator]

    5/9/2012 3:25:23 PM
    mbam-log-2012-05-09 (15-25-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 260939
    Time elapsed: 53 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 26
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\RECYCLER\S-1-5-21-2533759762-1922183599-1547517597-1007\Dc646.exe (PUP.Adware.Radio) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    (end)
     
  7. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Go on....
     
  8. Jerrynice

    Jerrynice TS Rookie Topic Starter

    OK......I'm getting entirely frustrated now.......I try to run the DDs & as soon as I hit "run", My documents opens....I close it, wait, the try again....this time the remove programs window opens...wtf?!?!

    I'm losing patience....Now that I look at the file, it's listed as a screen saver.....??
     
  9. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Jerrynice

    Jerrynice TS Rookie Topic Starter

    OK.....the DDs finally worked & here are those logs : 1st dds & then Attach, Do I still proceed with what you just posted..??


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Mom's Account at 20:21:35 on 2012-05-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.408 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Worm Protection *Disabled*
    FW: Norton 360 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Program Files\WinPcap\rpcapd.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = hxxp://www.yahoo.com/search/ie.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XPxdm002BAus&ptb=86467103-1E3B-4C8B-9328-DF28D2DCAA2C&si=CIz18sSwo60CFUTc4Aodvz0FlQ
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [<NO NAME>]
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinSetup.exe" startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\mom'sa~1\startm~1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe
    StartupFolder: c:\docume~1\mom'sa~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    IE: &Search - http://tbedits.televisionfanatic.co...7103-1E3B-4C8B-9328-DF28D2DCAA2C&n=2011122718
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: bankofamerica.com\www
    Trusted Zone: fiacardservices.com\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mom's account\application data\mozilla\firefox\profiles\bdei8gqp.default\
    FF - prefs.js: browser.search.defaulturl - Bing
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=86467103-1E3B-4C8B-9328-DF28D2DCAA2C&n=77df4da6&ind=2011123110&id=XPxdm002BAus&ptnrS=XPxdm002BAus&si=CIz18sSwo60CFUTc4Aodvz0FlQ&searchfor=
    FF - prefs.js: network.proxy.type - 2
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-05-09 19:20:55 -------- d-----w- c:\documents and settings\mom's account\application data\Malwarebytes
    2012-05-09 19:18:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-09 19:18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-09 17:32:50 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
    2012-05-09 17:32:48 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
    2012-05-09 17:32:09 -------- d-----w- c:\documents and settings\mom's account\local settings\application data\NPE
    2012-05-09 14:47:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-05-07 01:18:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-07 01:17:50 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-07 01:17:50 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-05-05 23:53:18 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys
    2012-05-05 23:53:18 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
    2012-05-05 23:53:18 388216 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symtdi.sys
    2012-05-05 23:53:18 345208 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys
    2012-05-05 23:53:18 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys
    2012-05-05 23:53:18 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
    2012-05-05 23:53:18 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys
    2012-05-05 23:53:18 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys
    2012-05-05 23:53:17 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys
    2012-05-05 23:52:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat
    2012-05-05 23:52:41 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009
    2012-05-02 15:19:23 -------- d-----w- c:\documents and settings\mom's account\application data\PCCUStubInstaller
    2012-04-30 20:25:21 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2012-04-30 20:25:21 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-04-28 00:16:35 -------- d-----w- c:\documents and settings\mom's account\application data\RoboForm
    2012-04-10 13:31:51 -------- d-----w- c:\program files\Microsoft Fix it Center
    .
    ==================== Find3M ====================
    .
    2012-05-05 23:56:08 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-05-05 23:56:08 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-03-09 17:29:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    .
    ============= FINISH: 20:25:11.98 ===============



    ATTACH :

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/30/2006 11:11:04 PM
    System Uptime: 5/9/2012 12:41:39 PM (8 hours ago)
    .
    Motherboard: Hewleet-Packard | | Asterope3
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | CPU 1 | 2799/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 225 GiB total, 137.21 GiB free.
    D: is FIXED (FAT32) - 8 GiB total, 0.372 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\FF5D24790AE6
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\FF5D24790AE6
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP1: 5/9/2012 12:50:05 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    ASPCA Reminder by We-Care.com v5.0.5.1
    ATI Display Driver
    Belkin Router Monitor and Setup
    BufferChm
    CA Yahoo! Anti-Spy (remove only)
    CCScore
    Compaq Connections (remove only)
    Compatibility Pack for the 2007 Office system
    Compton's Interactive Bible NIV
    Cool Edit Pro 2.0
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    D4100
    D4100_Help
    Data Fax SoftModem with SmartCP
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DivX Setup
    Doxillion Document Converter
    EasyBurningSoftware
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    eSupportQFolder
    fflink
    FullDPAppQFolder
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    HP Photosmart and Deskjet 7.0 Software
    HP Photosmart Essential
    HP Photosmart Premier Software 6.5
    HP Product Assistant
    hp psc 2170 series
    HP Solution Center 7.0
    HP Support Overview
    HP Update
    HP Web Helper
    hph_ProductContext
    hph_readme
    hph_software
    hph_software_req
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareAlert
    InstantShareDevices
    InstantShareDevicesMFC
    InterActual Player
    Java Auto Updater
    Java(TM) 6 Update 26
    Kodak EasyShare software
    LightScribe 1.4.105.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Away Mode
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Standard Edition 2003 60 days trial
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2000
    Microsoft Works
    MotoConnect
    Motorola Driver Installation 4.6.0
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Player Utilities 3.06
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    Norton 360
    Norton PC Checkup
    OfotoXMI
    OptionalContentQFolder
    PanoStandAlone
    PhotoGallery
    Pradis 6: Basic Bible Library 6.0
    QuickTime
    RandMap
    REA's TESTware for the PRAXIS Elementary Ed 0014
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody
    Rhapsody Player Engine
    RoboForm 7-7-4 (All Users)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    skin0001
    SkinsHP1
    SKINXSDK
    Skype Toolbars
    Skype™ 4.2
    SlideShow
    SlideShowMusic
    SolutionCenter
    Sonic_PrimoSDK
    staticcr
    Status
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.6195
    VoiceOver Kit
    VPRINTOL
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR 4.11 (32-bit)
    WIRELESS
    Yahoo! Install Manager
    Yahoo! Search Protection
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2012 8:08:03 PM, error: Service Control Manager [7023] - The SaiNtSub service terminated with the following error: The specified module could not be found.
    5/9/2012 7:52:48 PM, error: Service Control Manager [7023] - The Iaimtv1 service terminated with the following error: The specified module could not be found.
    5/9/2012 7:37:44 PM, error: Service Control Manager [7023] - The G400DH service terminated with the following error: The specified module could not be found.
    5/9/2012 7:31:01 AM, error: SRTSP [4] - Error loading virus definitions.
    5/9/2012 7:22:53 PM, error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
    5/9/2012 7:17:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
    5/9/2012 5:50:52 PM, error: Service Control Manager [7023] - The Ipcsvc service terminated with the following error: Access is denied.
    5/9/2012 4:25:41 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    5/9/2012 3:59:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WISTechVIDCAP service to connect.
    5/9/2012 2:07:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    5/9/2012 12:43:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
    5/9/2012 12:43:56 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the path specified.
    5/9/2012 12:43:56 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    5/9/2012 12:43:56 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.
    5/9/2012 12:17:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
    5/9/2012 10:38:12 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The file or directory is corrupted and unreadable. .
    5/9/2012 10:38:12 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Mom's Account\Local Settings\Temporary Internet Files\Content.IE5\XT6SUY44\FixZeroAccess[1].exe. Reference error message: The operation completed successfully. .
    5/8/2012 7:35:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
    5/7/2012 4:42:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    5/6/2012 9:15:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    5/5/2012 3:18:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
    If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Then...
    Forget TDSSKiller for now.
    Instead....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
     
  12. Jerrynice

    Jerrynice TS Rookie Topic Starter

    OKAY.....

    Before I saw this post....I had already ran the Kapersky.......these are the TWO log files it created, now about to delete AVG & DL the aswMBR.exe



    File 1.

    13:25:36.0537 1452 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    13:25:38.0537 1452 ============================================================
    13:25:38.0537 1452 Current date / time: 2012/05/09 13:25:38.0537
    13:25:38.0537 1452 SystemInfo:
    13:25:38.0537 1452
    13:25:38.0537 1452 OS Version: 5.1.2600 ServicePack: 3.0
    13:25:38.0537 1452 Product type: Workstation
    13:25:38.0537 1452 ComputerName: LULU
    13:25:38.0553 1452 UserName: Mom's Account
    13:25:38.0553 1452 Windows directory: C:\WINDOWS
    13:25:38.0553 1452 System windows directory: C:\WINDOWS
    13:25:38.0553 1452 Processor architecture: Intel x86
    13:25:38.0553 1452 Number of processors: 2
    13:25:38.0553 1452 Page size: 0x1000
    13:25:38.0553 1452 Boot type: Normal boot
    13:25:38.0553 1452 ============================================================
    13:25:53.0398 1452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    13:25:53.0976 1452 Drive \Device\Harddisk1\DR3 - Size: 0x3D600000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:25:54.0039 1452 ============================================================
    13:25:54.0039 1452 \Device\Harddisk0\DR0:
    13:25:54.0148 1452 MBR partitions:
    13:25:54.0148 1452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C115241
    13:25:54.0148 1452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C119141, BlocksNum 0x10AB440
    13:25:54.0148 1452 \Device\Harddisk1\DR3:
    13:25:54.0148 1452 MBR partitions:
    13:25:54.0148 1452 ============================================================
    13:25:54.0414 1452 C: <-> \Device\Harddisk0\DR0\Partition0
    13:25:54.0445 1452 D: <-> \Device\Harddisk0\DR0\Partition1
    13:25:54.0586 1452 ============================================================
    13:25:54.0586 1452 Initialize success
    13:25:54.0586 1452 ============================================================
    13:28:28.0914 4296 Deinitialize success







     
  13. Jerrynice

    Jerrynice TS Rookie Topic Starter

    FILE 2


    20:47:17.0754 5944 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    20:47:19.0801 5944 ============================================================
    20:47:19.0801 5944 Current date / time: 2012/05/09 20:47:19.0801
    20:47:19.0801 5944 SystemInfo:
    20:47:19.0801 5944
    20:47:19.0801 5944 OS Version: 5.1.2600 ServicePack: 3.0
    20:47:19.0801 5944 Product type: Workstation
    20:47:19.0801 5944 ComputerName: LULU
    20:47:20.0676 5944 UserName: Mom's Account
    20:47:20.0676 5944 Windows directory: C:\WINDOWS
    20:47:20.0676 5944 System windows directory: C:\WINDOWS
    20:47:20.0676 5944 Processor architecture: Intel x86
    20:47:20.0676 5944 Number of processors: 2
    20:47:20.0676 5944 Page size: 0x1000
    20:47:20.0676 5944 Boot type: Normal boot
    20:47:20.0676 5944 ============================================================
    20:47:50.0145 5944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:47:52.0113 5944 Drive \Device\Harddisk1\DR19 - Size: 0x77D00000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:47:52.0238 5944 ============================================================
    20:47:52.0238 5944 \Device\Harddisk0\DR0:
    20:47:55.0863 5944 MBR partitions:
    20:47:55.0863 5944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C115241
    20:47:55.0863 5944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C119141, BlocksNum 0x10AB440
    20:47:55.0863 5944 \Device\Harddisk1\DR19:
    20:47:55.0863 5944 MBR partitions:
    20:47:55.0863 5944 \Device\Harddisk1\DR19\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3BE7E0
    20:47:55.0863 5944 ============================================================
    20:47:57.0363 5944 C: <-> \Device\Harddisk0\DR0\Partition0
    20:47:57.0442 5944 D: <-> \Device\Harddisk0\DR0\Partition1
    20:47:57.0488 5944 ============================================================
    20:47:57.0488 5944 Initialize success
    20:47:57.0488 5944 ============================================================
    20:48:18.0488 3848 ============================================================
    20:48:18.0488 3848 Scan started
    20:48:18.0488 3848 Mode: Manual;
    20:48:18.0488 3848 ============================================================
    20:52:16.0988 3848 Abiosdsk - ok
    20:52:17.0004 3848 abp480n5 - ok
    20:52:20.0176 3848 ACDaemon - ok
    20:52:21.0567 3848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:52:21.0660 3848 ACPI - ok
    20:52:21.0801 3848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:52:21.0801 3848 ACPIEC - ok
    20:52:21.0817 3848 adpu160m - ok
    20:52:24.0535 3848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:52:24.0629 3848 aec - ok
    20:52:25.0004 3848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:52:25.0176 3848 AFD - ok
    20:52:46.0317 3848 AffinegyService (95b99265e83988cc81970a856ea2159a) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    20:52:46.0395 3848 AffinegyService - ok
    20:52:46.0504 3848 AFGMp50 - ok
    20:52:46.0582 3848 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    20:52:46.0582 3848 AFGSp50 - ok
    20:52:47.0676 3848 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    20:52:47.0692 3848 AFS2K - ok
    20:52:47.0692 3848 Aha154x - ok
    20:52:47.0785 3848 aic78u2 - ok
    20:52:47.0817 3848 aic78xx - ok
    20:52:48.0113 3848 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    20:52:48.0160 3848 Alerter - ok
    20:52:48.0270 3848 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    20:52:48.0270 3848 ALG - ok
    20:52:48.0270 3848 AliIde - ok
    20:52:48.0285 3848 amsint - ok
    20:52:48.0598 3848 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    20:52:48.0629 3848 AppMgmt - ok
    20:52:48.0785 3848 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
    20:52:48.0817 3848 aracpi - ok
    20:52:48.0957 3848 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
    20:52:48.0973 3848 arhidfltr - ok
    20:52:49.0035 3848 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
    20:52:49.0035 3848 arkbcfltr - ok
    20:52:49.0082 3848 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
    20:52:49.0082 3848 armoucfltr - ok
    20:52:49.0301 3848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:52:49.0317 3848 Arp1394 - ok
    20:52:49.0348 3848 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
    20:52:49.0363 3848 ARPolicy - ok
    20:52:49.0535 3848 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
    20:53:00.0098 3848 ARSVC - ok
    20:53:00.0113 3848 asc - ok
    20:53:00.0129 3848 asc3350p - ok
    20:53:00.0160 3848 asc3550 - ok
    20:53:00.0817 3848 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:53:01.0473 3848 aspnet_state - ok
    20:53:01.0598 3848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:53:01.0613 3848 AsyncMac - ok
    20:53:02.0145 3848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:53:02.0145 3848 atapi - ok
    20:53:02.0176 3848 Atdisk - ok
    20:53:03.0238 3848 Ati HotKey Poller (5784a06fdc2ac7954225a1a79e1a8f00) C:\WINDOWS\system32\Ati2evxx.exe
    20:53:03.0473 3848 Ati HotKey Poller - ok
    20:53:33.0895 3848 ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    20:53:34.0535 3848 ati2mtag - ok
    20:53:42.0379 3848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:53:42.0395 3848 Atmarpc - ok
    20:53:42.0582 3848 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    20:53:42.0598 3848 AudioSrv - ok
    20:53:42.0676 3848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:53:42.0770 3848 audstub - ok
    20:53:42.0942 3848 avg8emc - ok
    20:53:42.0957 3848 avg8wd - ok
    20:53:48.0301 3848 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    20:53:48.0613 3848 AvgLdx86 - ok
    20:53:48.0879 3848 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    20:53:48.0895 3848 AvgMfx86 - ok
    20:53:52.0926 3848 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    20:53:53.0004 3848 AvgTdiX - ok
    20:53:53.0145 3848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:53:53.0160 3848 Beep - ok
    20:53:54.0410 3848 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
    20:53:54.0707 3848 BHDrvx86 - ok
    20:53:54.0942 3848 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    20:53:55.0301 3848 BITS - ok
    20:53:55.0645 3848 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    20:53:55.0676 3848 Bridge - ok
    20:53:55.0738 3848 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    20:53:55.0738 3848 BridgeMP - ok
    20:53:55.0926 3848 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    20:53:55.0957 3848 Browser - ok
    20:53:56.0035 3848 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
    20:53:56.0051 3848 BTCFilterService - ok
    20:53:56.0238 3848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:53:56.0238 3848 cbidf2k - ok
    20:53:57.0004 3848 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602000.009\ccSetx86.sys
    20:53:57.0067 3848 ccSet_N360 - ok
    20:53:57.0113 3848 cd20xrnt - ok
    20:53:57.0426 3848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:53:57.0426 3848 Cdaudio - ok
    20:53:57.0567 3848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:53:57.0582 3848 Cdfs - ok
    20:53:57.0817 3848 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:53:57.0817 3848 Cdrom - ok
    20:53:57.0832 3848 Changer - ok
    20:53:57.0926 3848 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    20:53:57.0926 3848 cisvc - ok
    20:53:58.0051 3848 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    20:53:58.0051 3848 ClipSrv - ok
    20:53:58.0285 3848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:53:58.0426 3848 clr_optimization_v2.0.50727_32 - ok
    20:53:58.0692 3848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:53:58.0738 3848 clr_optimization_v4.0.30319_32 - ok
    20:53:58.0738 3848 CmdIde - ok
    20:53:58.0754 3848 COMSysApp - ok
    20:53:58.0770 3848 Cpqarray - ok
    20:53:59.0035 3848 cpuz132 - ok
    20:53:59.0395 3848 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    20:53:59.0410 3848 CryptSvc - ok
    20:53:59.0473 3848 dac2w2k - ok
    20:53:59.0488 3848 dac960nt - ok
    20:53:59.0551 3848 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:53:59.0598 3848 DcomLaunch - ok
    20:53:59.0676 3848 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    20:53:59.0676 3848 Dhcp - ok
    20:53:59.0754 3848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:53:59.0770 3848 Disk - ok
    20:53:59.0770 3848 dmadmin - ok
    20:53:59.0863 3848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:53:59.0910 3848 dmboot - ok
    20:53:59.0957 3848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:53:59.0973 3848 dmio - ok
    20:53:59.0988 3848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:53:59.0988 3848 dmload - ok
    20:54:00.0020 3848 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    20:54:00.0035 3848 dmserver - ok
    20:54:00.0238 3848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:54:00.0254 3848 DMusic - ok
    20:54:00.0363 3848 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    20:54:00.0363 3848 Dnscache - ok
    20:54:00.0707 3848 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    20:54:00.0738 3848 Dot3svc - ok
    20:54:00.0785 3848 dpti2o - ok
    20:54:00.0895 3848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:54:00.0926 3848 drmkaud - ok
    20:54:01.0004 3848 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    20:54:01.0004 3848 EapHost - ok
    20:54:01.0192 3848 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    20:54:01.0207 3848 eeCtrl - ok
    20:54:01.0410 3848 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
    20:54:01.0410 3848 ehRecvr - ok
    20:54:01.0488 3848 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    20:54:01.0488 3848 ehSched - ok
    20:54:01.0660 3848 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    20:54:01.0660 3848 EraserUtilRebootDrv - ok
    20:54:01.0754 3848 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    20:54:01.0754 3848 ERSvc - ok
    20:54:01.0817 3848 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:54:01.0832 3848 Eventlog - ok
    20:54:01.0879 3848 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    20:54:01.0879 3848 EventSystem - ok
    20:54:02.0160 3848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:54:02.0160 3848 Fastfat - ok
    20:54:02.0223 3848 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:54:02.0254 3848 FastUserSwitchingCompatibility - ok
    20:54:04.0504 3848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:54:04.0567 3848 Fdc - ok
    20:54:04.0598 3848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:54:04.0598 3848 Fips - ok
    20:54:04.0645 3848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:54:04.0645 3848 Flpydisk - ok
    20:54:04.0863 3848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:54:04.0863 3848 FltMgr - ok
    20:54:05.0082 3848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:54:05.0082 3848 FontCache3.0.0.0 - ok
    20:54:05.0113 3848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:54:05.0113 3848 Fs_Rec - ok
    20:54:05.0176 3848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:54:05.0176 3848 Ftdisk - ok
    20:54:05.0192 3848 ftsata2 - ok
    20:54:05.0254 3848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:54:05.0254 3848 Gpc - ok
    20:54:05.0520 3848 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:54:05.0520 3848 gupdate - ok
    20:54:05.0535 3848 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:54:05.0551 3848 gupdatem - ok
    20:54:05.0660 3848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:54:05.0676 3848 gusvc - ok
    20:54:05.0832 3848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:54:05.0832 3848 HDAudBus - ok
    20:54:06.0004 3848 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    20:54:06.0004 3848 helpsvc - ok
    20:54:06.0160 3848 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    20:54:06.0160 3848 HidServ - ok
    20:54:06.0285 3848 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:54:06.0285 3848 HidUsb - ok
    20:54:06.0410 3848 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    20:54:06.0410 3848 hkmsvc - ok
    20:54:06.0426 3848 hpn - ok
    20:54:06.0473 3848 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    20:54:06.0473 3848 HPZid412 - ok
    20:54:06.0504 3848 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    20:54:06.0504 3848 HPZipr12 - ok
    20:54:06.0582 3848 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:54:06.0598 3848 HPZius12 - ok
    20:54:06.0707 3848 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
    20:54:06.0723 3848 HSXHWBS2 - ok
    20:54:07.0192 3848 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
    20:54:07.0223 3848 HSX_DP - ok
    20:54:07.0301 3848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:54:07.0410 3848 HTTP - ok
    20:54:07.0457 3848 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    20:54:07.0535 3848 HTTPFilter - ok
    20:54:07.0551 3848 i2omgmt - ok
    20:54:07.0582 3848 i2omp - ok
    20:54:07.0629 3848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:54:07.0645 3848 i8042prt - ok
    20:54:07.0770 3848 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    20:54:07.0785 3848 IDriverT - ok
    20:54:07.0973 3848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:54:08.0004 3848 idsvc - ok
    20:54:08.0348 3848 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120508.002\IDSxpx86.sys
    20:54:08.0363 3848 IDSxpx86 - ok
    20:54:08.0613 3848 ilicensesvc - ok
    20:54:08.0738 3848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:54:08.0738 3848 Imapi - ok
    20:54:08.0817 3848 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    20:54:08.0863 3848 ImapiService - ok
    20:54:08.0879 3848 ini910u - ok
    20:54:09.0379 3848 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    20:54:09.0567 3848 IntcAzAudAddService - ok
    20:54:09.0942 3848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:54:09.0942 3848 IntelIde - ok
    20:54:10.0020 3848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:54:10.0020 3848 intelppm - ok
    20:54:10.0051 3848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:54:10.0051 3848 Ip6Fw - ok
    20:54:10.0113 3848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:54:10.0113 3848 IpFilterDriver - ok
    20:54:10.0145 3848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:54:10.0145 3848 IpInIp - ok
    20:54:10.0192 3848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:54:10.0192 3848 IpNat - ok
    20:54:10.0270 3848 IPSec (b27854ea84eea08ecc61d376e85a8f50) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:54:10.0301 3848 IPSec - ok
    20:54:10.0317 3848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:54:10.0332 3848 IRENUM - ok
    20:54:10.0348 3848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:54:10.0348 3848 isapnp - ok
    20:54:10.0629 3848 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
    20:54:10.0660 3848 JavaQuickStarterService - ok
    20:54:10.0692 3848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:54:10.0692 3848 Kbdclass - ok
    20:54:10.0754 3848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:54:10.0754 3848 kbdhid - ok
    20:54:10.0863 3848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:54:10.0863 3848 kmixer - ok
    20:54:10.0942 3848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:54:10.0957 3848 KSecDD - ok
    20:54:11.0020 3848 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    20:54:11.0035 3848 lanmanserver - ok
    20:54:11.0113 3848 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    20:54:11.0160 3848 lanmanworkstation - ok
    20:54:11.0176 3848 lbrtfdc - ok
    20:54:11.0223 3848 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    20:54:11.0238 3848 LightScribeService - ok
    20:54:11.0301 3848 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    20:54:11.0301 3848 LmHosts - ok
    20:54:11.0535 3848 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    20:54:11.0551 3848 McrdSvc - ok
    20:54:11.0567 3848 MCSTRM - ok
    20:54:11.0645 3848 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    20:54:11.0645 3848 mdmxsdk - ok
    20:54:11.0692 3848 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    20:54:11.0692 3848 Messenger - ok
    20:54:11.0723 3848 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    20:54:11.0738 3848 MHN - ok
    20:54:11.0754 3848 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    20:54:11.0754 3848 MHNDRV - ok
    20:54:11.0801 3848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:54:11.0801 3848 mnmdd - ok
    20:54:11.0848 3848 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    20:54:11.0863 3848 mnmsrvc - ok
    20:54:11.0895 3848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:54:11.0895 3848 Modem - ok
    20:54:11.0957 3848 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
    20:54:11.0957 3848 motccgp - ok
    20:54:11.0988 3848 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    20:54:11.0988 3848 motccgpfl - ok
    20:54:12.0067 3848 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    20:54:12.0067 3848 motmodem - ok
    20:54:12.0160 3848 MotoConnect Service (be72f68c3e898c6c7dd61afdf28769dd) C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    20:54:12.0207 3848 MotoConnect Service - ok
    20:54:12.0254 3848 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
    20:54:12.0254 3848 MotoSwitchService - ok
    20:54:12.0332 3848 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
    20:54:12.0332 3848 Motousbnet - ok
    20:54:12.0395 3848 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
    20:54:12.0395 3848 motusbdevice - ok
    20:54:12.0426 3848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:54:12.0426 3848 Mouclass - ok
    20:54:12.0504 3848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:54:12.0504 3848 mouhid - ok
    20:54:12.0551 3848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:54:12.0567 3848 MountMgr - ok
    20:54:12.0660 3848 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    20:54:12.0692 3848 MozillaMaintenance - ok
    20:54:12.0692 3848 mraid35x - ok
    20:54:12.0723 3848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:54:12.0738 3848 MRxDAV - ok
    20:54:12.0801 3848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:54:12.0817 3848 MRxSmb - ok
    20:54:12.0895 3848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:54:12.0895 3848 Msfs - ok
    20:54:12.0895 3848 MSIServer - ok
    20:54:12.0957 3848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:54:12.0957 3848 MSKSSRV - ok
    20:54:13.0035 3848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:54:13.0051 3848 MSPCLOCK - ok
    20:54:13.0098 3848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:54:13.0098 3848 MSPQM - ok
    20:54:13.0145 3848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:54:13.0145 3848 mssmbios - ok
    20:54:13.0207 3848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:54:13.0223 3848 Mup - ok
    20:54:13.0395 3848 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
    20:54:13.0410 3848 N360 - ok
    20:54:13.0520 3848 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    20:54:13.0567 3848 napagent - ok
    20:54:13.0848 3848 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120509.002\NAVENG.SYS
    20:54:13.0863 3848 NAVENG - ok
    20:54:14.0098 3848 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120509.002\NAVEX15.SYS
    20:54:14.0176 3848 NAVEX15 - ok
    20:54:15.0551 3848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:54:15.0598 3848 NDIS - ok
    20:54:15.0645 3848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:54:15.0660 3848 NdisTapi - ok
    20:54:15.0707 3848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:54:15.0707 3848 Ndisuio - ok
    20:54:15.0785 3848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:54:15.0785 3848 NdisWan - ok
    20:54:15.0863 3848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:54:15.0863 3848 NDProxy - ok
    20:54:15.0879 3848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:54:15.0879 3848 NetBIOS - ok
    20:54:15.0988 3848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:54:16.0051 3848 NetBT - ok
    20:54:16.0223 3848 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:54:16.0238 3848 NetDDE - ok
    20:54:16.0254 3848 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:54:16.0254 3848 NetDDEdsdm - ok
    20:54:16.0363 3848 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:54:16.0363 3848 Netlogon - ok
    20:54:16.0442 3848 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    20:54:16.0473 3848 Netman - ok
    20:54:16.0629 3848 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:54:16.0629 3848 NetTcpPortSharing - ok
    20:54:16.0676 3848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:54:16.0692 3848 NIC1394 - ok
    20:54:16.0738 3848 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    20:54:16.0817 3848 Nla - ok
    20:54:16.0988 3848 Norton PC Checkup Application Launcher - ok
    20:54:17.0082 3848 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
    20:54:17.0082 3848 NPF - ok
    20:54:17.0129 3848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:54:17.0129 3848 Npfs - ok
    20:54:17.0176 3848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:54:17.0238 3848 Ntfs - ok
    20:54:17.0254 3848 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:54:17.0254 3848 NtLmSsp - ok
    20:54:17.0332 3848 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    20:54:17.0348 3848 NtmsSvc - ok
    20:54:17.0442 3848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:54:17.0457 3848 Null - ok
    20:54:17.0551 3848 NVNET - ok
    20:54:17.0598 3848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:54:17.0598 3848 NwlnkFlt - ok
    20:54:17.0629 3848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:54:17.0629 3848 NwlnkFwd - ok
    20:54:17.0645 3848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:54:17.0645 3848 ohci1394 - ok
    20:54:17.0879 3848 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:54:17.0910 3848 ose - ok
    20:54:18.0442 3848 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    20:54:18.0613 3848 osppsvc - ok
    20:54:18.0942 3848 outpostfirewall (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\om518p.dll
    20:54:18.0942 3848 outpostfirewall ( Backdoor.Multi.ZAccess.gen ) - infected
    20:54:18.0942 3848 outpostfirewall - detected Backdoor.Multi.ZAccess.gen (0)
    20:54:19.0051 3848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:54:19.0051 3848 Parport - ok
    20:54:19.0082 3848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:54:19.0082 3848 PartMgr - ok
    20:54:19.0129 3848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:54:19.0145 3848 ParVdm - ok
    20:54:19.0317 3848 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    20:54:19.0379 3848 PCCUJobMgr - ok
    20:54:19.0395 3848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:54:19.0395 3848 PCI - ok
    20:54:19.0426 3848 PCIDump - ok
    20:54:19.0442 3848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:54:19.0442 3848 PCIIde - ok
    20:54:19.0504 3848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:54:19.0551 3848 Pcmcia - ok
    20:54:19.0567 3848 PDCOMP - ok
    20:54:19.0582 3848 PDFRAME - ok
    20:54:19.0660 3848 pdlnemsg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s3twistr.dll
    20:54:19.0660 3848 pdlnemsg ( Backdoor.Multi.ZAccess.gen ) - infected
    20:54:19.0660 3848 pdlnemsg - detected Backdoor.Multi.ZAccess.gen (0)
    20:54:19.0676 3848 PDRELI - ok
    20:54:19.0692 3848 PDRFRAME - ok
    20:54:19.0707 3848 perc2 - ok
    20:54:19.0738 3848 perc2hib - ok
    20:54:19.0832 3848 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:54:19.0848 3848 PlugPlay - ok
    20:54:19.0879 3848 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
    20:54:19.0895 3848 Pml Driver HPZ12 - ok
    20:54:19.0910 3848 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:54:19.0910 3848 PolicyAgent - ok
    20:54:19.0957 3848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:54:19.0957 3848 PptpMiniport - ok
    20:54:19.0973 3848 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:54:19.0973 3848 ProtectedStorage - ok
    20:54:19.0988 3848 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
    20:54:19.0988 3848 Ps2 - ok
    20:54:20.0020 3848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:54:20.0020 3848 PSched - ok
    20:54:20.0035 3848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:54:20.0035 3848 Ptilink - ok
    20:54:20.0113 3848 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:54:20.0113 3848 PxHelp20 - ok
    20:54:20.0129 3848 ql1080 - ok
    20:54:20.0145 3848 Ql10wnt - ok
    20:54:20.0160 3848 ql12160 - ok
    20:54:20.0192 3848 ql1240 - ok
    20:54:20.0207 3848 ql1280 - ok
    20:54:20.0317 3848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:54:20.0317 3848 RasAcd - ok
    20:54:20.0348 3848 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    20:54:20.0363 3848 RasAuto - ok
    20:54:20.0410 3848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:54:20.0410 3848 Rasl2tp - ok
    20:54:20.0488 3848 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    20:54:20.0520 3848 RasMan - ok
    20:54:20.0535 3848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:54:20.0535 3848 RasPppoe - ok
    20:54:20.0551 3848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:54:20.0551 3848 Raspti - ok
    20:54:20.0598 3848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:54:20.0645 3848 Rdbss - ok
    20:54:20.0707 3848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:54:20.0707 3848 RDPCDD - ok
    20:54:20.0754 3848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:54:20.0754 3848 rdpdr - ok
    20:54:20.0817 3848 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:54:20.0863 3848 RDPWD - ok
    20:54:20.0926 3848 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    20:54:20.0942 3848 RDSessMgr - ok
    20:54:20.0988 3848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:54:20.0988 3848 redbook - ok
    20:54:21.0035 3848 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    20:54:21.0035 3848 RemoteAccess - ok
    20:54:21.0082 3848 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    20:54:21.0098 3848 RemoteRegistry - ok
    20:54:21.0207 3848 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
    20:54:21.0223 3848 rpcapd - ok
    20:54:21.0254 3848 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    20:54:21.0254 3848 RpcLocator - ok
    20:54:21.0395 3848 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:54:21.0598 3848 RpcSs - ok
    20:54:21.0785 3848 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    20:54:21.0832 3848 RSVP - ok
    20:54:21.0973 3848 RTL8023xp (eacd871fdbe85393d112782896c2d7dd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    20:54:22.0020 3848 RTL8023xp - ok
    20:54:22.0067 3848 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    20:54:22.0067 3848 rtl8139 - ok
    20:54:22.0082 3848 rxmssync - ok
    20:54:22.0145 3848 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:54:22.0145 3848 SamSs - ok
    20:54:22.0192 3848 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    20:54:22.0223 3848 SCardSvr - ok
    20:54:22.0270 3848 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    20:54:22.0285 3848 Schedule - ok
    20:54:22.0379 3848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:54:22.0379 3848 Secdrv - ok
    20:54:22.0395 3848 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    20:54:22.0410 3848 seclogon - ok
    20:54:22.0426 3848 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    20:54:22.0426 3848 SENS - ok
    20:54:22.0504 3848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    20:54:22.0504 3848 Serial - ok
    20:54:22.0567 3848 SerialKeys (d7edd711dabd96b1261f7a02a56db379) C:\WINDOWS\system32\skeys.exe
    20:54:22.0567 3848 SerialKeys - ok
    20:54:22.0707 3848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:54:22.0707 3848 Sfloppy - ok
    20:54:22.0770 3848 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    20:54:23.0020 3848 SharedAccess - ok
    20:54:23.0082 3848 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:54:23.0082 3848 ShellHWDetection - ok
    20:54:23.0098 3848 Simbad - ok
    20:54:23.0129 3848 SMR250 (ecc0db3be1589dbb7e0fa7c1e0dda0e4) C:\WINDOWS\system32\drivers\SMR250.SYS
    20:54:23.0160 3848 SMR250 - ok
    20:54:23.0192 3848 Sparrow - ok
    20:54:23.0254 3848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:54:23.0254 3848 splitter - ok
    20:54:23.0285 3848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    20:54:23.0301 3848 Spooler - ok
    20:54:23.0332 3848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:54:23.0348 3848 sr - ok
    20:54:23.0426 3848 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    20:54:23.0457 3848 srservice - ok
    20:54:23.0613 3848 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602000.009\SRTSP.SYS
    20:54:23.0645 3848 SRTSP - ok
    20:54:23.0707 3848 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602000.009\SRTSPX.SYS
    20:54:23.0707 3848 SRTSPX - ok
    20:54:23.0801 3848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:54:23.0832 3848 Srv - ok
    20:54:23.0863 3848 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    20:54:23.0863 3848 SSDPSRV - ok
    20:54:23.0942 3848 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    20:54:23.0988 3848 stisvc - ok
    20:54:24.0051 3848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:54:24.0051 3848 swenum - ok
    20:54:24.0067 3848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:54:24.0082 3848 swmidi - ok
    20:54:24.0082 3848 SwPrv - ok
    20:54:24.0113 3848 symc810 - ok
    20:54:24.0129 3848 symc8xx - ok
    20:54:24.0238 3848 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602000.009\SYMDS.SYS
    20:54:24.0285 3848 SymDS - ok
    20:54:24.0395 3848 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602000.009\SYMEFA.SYS
    20:54:24.0504 3848 SymEFA - ok
    20:54:24.0582 3848 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    20:54:24.0598 3848 SymEvent - ok
    20:54:24.0738 3848 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602000.009\Ironx86.SYS
    20:54:24.0785 3848 SymIRON - ok
    20:54:24.0895 3848 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602000.009\SYMTDI.SYS
    20:54:24.0957 3848 SYMTDI - ok
    20:54:24.0988 3848 sym_hi - ok
    20:54:25.0004 3848 sym_u3 - ok
    20:54:25.0082 3848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:54:25.0082 3848 sysaudio - ok
    20:54:25.0145 3848 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    20:54:25.0160 3848 SysmonLog - ok
    20:54:25.0207 3848 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    20:54:25.0223 3848 TapiSrv - ok
    20:54:25.0301 3848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:54:25.0317 3848 Tcpip - ok
    20:54:25.0363 3848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:54:25.0363 3848 TDPIPE - ok
    20:54:25.0395 3848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:54:25.0395 3848 TDTCP - ok
    20:54:25.0426 3848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:54:25.0442 3848 TermDD - ok
    20:54:25.0488 3848 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    20:54:25.0535 3848 TermService - ok
    20:54:25.0567 3848 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:54:25.0613 3848 Themes - ok
    20:54:25.0660 3848 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    20:54:25.0660 3848 TlntSvr - ok
    20:54:25.0676 3848 TosIde - ok
    20:54:25.0723 3848 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    20:54:25.0738 3848 TrkWks - ok
    20:54:25.0801 3848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:54:25.0801 3848 Udfs - ok
    20:54:25.0817 3848 ultra - ok
    20:54:25.0910 3848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:54:25.0926 3848 Update - ok
    20:54:25.0988 3848 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    20:54:26.0004 3848 upnphost - ok
    20:54:26.0020 3848 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    20:54:26.0020 3848 UPS - ok
    20:54:26.0051 3848 USBAAPL - ok
    20:54:26.0192 3848 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:54:26.0192 3848 usbaudio - ok
    20:54:26.0223 3848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:54:26.0223 3848 usbccgp - ok
    20:54:26.0285 3848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:54:26.0285 3848 usbehci - ok
    20:54:26.0301 3848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:54:26.0301 3848 usbhub - ok
    20:54:26.0317 3848 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    20:54:26.0317 3848 usbohci - ok
    20:54:26.0426 3848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:54:26.0426 3848 usbprint - ok
    20:54:26.0442 3848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:54:26.0442 3848 usbscan - ok
    20:54:26.0473 3848 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:54:26.0473 3848 usbstor - ok
    20:54:26.0520 3848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:54:26.0520 3848 usbuhci - ok
    20:54:26.0598 3848 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    20:54:26.0598 3848 USB_RNDIS - ok
    20:54:26.0660 3848 VCAM - ok
    20:54:26.0707 3848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:54:26.0707 3848 VgaSave - ok
    20:54:26.0770 3848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:54:26.0770 3848 ViaIde - ok
    20:54:26.0848 3848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:54:26.0863 3848 VolSnap - ok
    20:54:26.0926 3848 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    20:54:26.0973 3848 VSS - ok
    20:54:27.0020 3848 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    20:54:27.0067 3848 W32Time - ok
    20:54:27.0113 3848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:54:27.0129 3848 Wanarp - ok
    20:54:27.0223 3848 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    20:54:27.0238 3848 Wdf01000 - ok
    20:54:27.0254 3848 WDICA - ok
    20:54:27.0301 3848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:54:27.0317 3848 wdmaud - ok
    20:54:27.0379 3848 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    20:54:27.0395 3848 WebClient - ok
    20:54:27.0488 3848 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    20:54:27.0535 3848 winachsx - ok
    20:54:27.0645 3848 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    20:54:27.0660 3848 winmgmt - ok
    20:54:27.0785 3848 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
    20:54:27.0863 3848 WinRM - ok
    20:54:28.0113 3848 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:54:28.0176 3848 wlidsvc - ok
    20:54:28.0520 3848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    20:54:28.0520 3848 WmdmPmSN - ok
    20:54:28.0613 3848 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    20:54:28.0629 3848 Wmi - ok
    20:54:28.0738 3848 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    20:54:28.0785 3848 WmiApSrv - ok
    20:54:28.0942 3848 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:54:28.0973 3848 WMPNetworkSvc - ok
    20:54:29.0113 3848 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
    20:54:29.0113 3848 WpdUsb - ok
    20:54:29.0332 3848 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:54:29.0379 3848 WPFFontCache_v0400 - ok
    20:54:29.0442 3848 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    20:54:29.0504 3848 wuauserv - ok
    20:54:29.0567 3848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:54:29.0567 3848 WudfPf - ok
    20:54:29.0613 3848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:54:29.0629 3848 WudfRd - ok
    20:54:29.0676 3848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    20:54:29.0676 3848 WudfSvc - ok
    20:54:29.0770 3848 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    20:54:29.0817 3848 WZCSVC - ok
    20:54:29.0863 3848 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    20:54:29.0895 3848 xmlprov - ok
    20:54:30.0004 3848 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
    20:54:30.0051 3848 \Device\Harddisk0\DR0 - ok
    20:54:30.0067 3848 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk1\DR19
    20:54:30.0692 3848 \Device\Harddisk1\DR19 - ok
    20:54:30.0692 3848 Boot (0x1200) (38cfbffba29631ae8454d1dad28af3c6) \Device\Harddisk0\DR0\Partition0
    20:54:30.0707 3848 \Device\Harddisk0\DR0\Partition0 - ok
    20:54:30.0707 3848 Boot (0x1200) (dcde018ff50a4e7678e1d155e2527491) \Device\Harddisk0\DR0\Partition1
    20:54:30.0723 3848 \Device\Harddisk0\DR0\Partition1 - ok
    20:54:30.0738 3848 Boot (0x1200) (e77ed631e52d8ab1bd1419ad1b97cfb7) \Device\Harddisk1\DR19\Partition0
    20:54:30.0738 3848 \Device\Harddisk1\DR19\Partition0 - ok
    20:54:30.0738 3848 ============================================================
    20:54:30.0738 3848 Scan finished
    20:54:30.0738 3848 ============================================================
    20:54:30.0801 5632 Detected object count: 2
    20:54:30.0801 5632 Actual detected object count: 2
    20:55:16.0051 5632 C:\WINDOWS\system32\om518p.dll - copied to quarantine
    20:55:16.0051 5632 HKLM\SYSTEM\ControlSet001\services\outpostfirewall - will be deleted on reboot
    20:55:16.0348 5632 HKLM\SYSTEM\ControlSet002\services\outpostfirewall - will be deleted on reboot
    20:55:17.0254 5632 C:\WINDOWS\system32\om518p.dll - will be deleted on reboot
    20:55:17.0254 5632 outpostfirewall ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    20:55:17.0910 5632 C:\WINDOWS\system32\s3twistr.dll - copied to quarantine
    20:55:17.0910 5632 HKLM\SYSTEM\ControlSet001\services\pdlnemsg - will be deleted on reboot
    20:55:17.0910 5632 C:\WINDOWS\system32\s3twistr.dll - will be deleted on reboot
    20:55:17.0910 5632 pdlnemsg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    20:56:21.0535 5404 Deinitialize success
     
  14. Jerrynice

    Jerrynice TS Rookie Topic Starter

    Okay....as I was downloading those items, my computer froze, I re-booted..& then could not access anything. The windows start button did nothing, no apps would do anything..I mean, I couldn't even CLICK them...this resulted in a severe headache plus my wife is tripping about it so, I going to leave it until tomorrow..I never did finish downloading the files, so....Thanks thus far.
     
  15. Jerrynice

    Jerrynice TS Rookie Topic Starter

    alright, it's official......I have no access to anything but the desktop, but can't do anything with the shortcuts on it.
    I can open 'My Documents' but not not open any file in there. The toolbar, where the windows symbol is, is disabled. When I put the mouse over there, it turns to a hash-mark & won't let me click any button over there, nor do the apps near the clock show up anymore. I can still get online apparently, but that's about it.
     
  16. Jerrynice

    Jerrynice TS Rookie Topic Starter

    Please close this thread as I have totally messed everything up & accidentally used to manufacturer's recovery tool @ boot-up & it put the computer baack to factory status & I lost everything that was on the previous disk....smh
     
  17. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    No problem.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.