Inactive Tidserv Activity 2 & Zero Access Rootkit Activity 4

Jerrynice

Posts: 11   +0
I know there has been alot of post regarding this but it seems alot of the differ in the removal process. Besides, Prelim says don't follow other advice, sooo.

I am going through the Prelims as we speak & am only @ the malware scan stage...which has been going for almost an hour now. I disconnected infected computer from internet & have Norton disabled while I run the m-ware scan......


Any advice so far?
 
update: malware found 31 items, after deleting, did not ask me to restart.
Am now running GMER...
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Ok...it stopped (GMER)...it said it found modifications, I clicked ok......but there was no "save" option after that...only an "ok" button on the scan screen...which I clicked & the program closed...no saving....I dunno what to do for that now, but I am now going to start the DDs thing now........in the meantime, this is the log from the malware :




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mom's Account :: LULU [administrator]

5/9/2012 3:25:23 PM
mbam-log-2012-05-09 (15-25-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260939
Time elapsed: 53 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 2
C:\RECYCLER\S-1-5-21-2533759762-1922183599-1547517597-1007\Dc646.exe (PUP.Adware.Radio) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)
 
OK......I'm getting entirely frustrated now.......I try to run the DDs & as soon as I hit "run", My documents opens....I close it, wait, the try again....this time the remove programs window opens...wtf?!?!

I'm losing patience....Now that I look at the file, it's listed as a screen saver.....??
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
OK.....the DDs finally worked & here are those logs : 1st dds & then Attach, Do I still proceed with what you just posted..??


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mom's Account at 20:21:35 on 2012-05-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.408 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\WinPcap\rpcapd.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XPxdm002BAus&ptb=86467103-1E3B-4C8B-9328-DF28D2DCAA2C&si=CIz18sSwo60CFUTc4Aodvz0FlQ
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinSetup.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\mom'sa~1\startm~1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe
StartupFolder: c:\docume~1\mom'sa~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - http://tbedits.televisionfanatic.co...7103-1E3B-4C8B-9328-DF28D2DCAA2C&n=2011122718
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: fiacardservices.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mom's account\application data\mozilla\firefox\profiles\bdei8gqp.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=86467103-1E3B-4C8B-9328-DF28D2DCAA2C&n=77df4da6&ind=2011123110&id=XPxdm002BAus&ptnrS=XPxdm002BAus&si=CIz18sSwo60CFUTc4Aodvz0FlQ&searchfor=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-09 19:20:55 -------- d-----w- c:\documents and settings\mom's account\application data\Malwarebytes
2012-05-09 19:18:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 19:18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-09 17:32:50 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-05-09 17:32:48 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-05-09 17:32:09 -------- d-----w- c:\documents and settings\mom's account\local settings\application data\NPE
2012-05-09 14:47:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-07 01:18:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-07 01:17:50 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-07 01:17:50 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-05 23:53:18 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys
2012-05-05 23:53:18 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-05-05 23:53:18 388216 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symtdi.sys
2012-05-05 23:53:18 345208 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symtdiv.sys
2012-05-05 23:53:18 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys
2012-05-05 23:53:18 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-05-05 23:53:18 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-05-05 23:53:18 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys
2012-05-05 23:53:17 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys
2012-05-05 23:52:42 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat
2012-05-05 23:52:41 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009
2012-05-02 15:19:23 -------- d-----w- c:\documents and settings\mom's account\application data\PCCUStubInstaller
2012-04-30 20:25:21 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-04-30 20:25:21 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-04-28 00:16:35 -------- d-----w- c:\documents and settings\mom's account\application data\RoboForm
2012-04-10 13:31:51 -------- d-----w- c:\program files\Microsoft Fix it Center
.
==================== Find3M ====================
.
2012-05-05 23:56:08 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-05 23:56:08 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-09 17:29:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 20:25:11.98 ===============



ATTACH :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2006 11:11:04 PM
System Uptime: 5/9/2012 12:41:39 PM (8 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope3
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | CPU 1 | 2799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 137.21 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.372 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FF5D24790AE6
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FF5D24790AE6
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 5/9/2012 12:50:05 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
ATI Display Driver
Belkin Router Monitor and Setup
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
Compton's Interactive Bible NIV
Cool Edit Pro 2.0
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
D4100
D4100_Help
Data Fax SoftModem with SmartCP
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DivX Setup
Doxillion Document Converter
EasyBurningSoftware
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
fflink
FullDPAppQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Product Assistant
hp psc 2170 series
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareAlert
InstantShareDevices
InstantShareDevicesMFC
InterActual Player
Java Auto Updater
Java(TM) 6 Update 26
Kodak EasyShare software
LightScribe 1.4.105.1
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Away Mode
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Microsoft Works
MotoConnect
Motorola Driver Installation 4.6.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Player Utilities 3.06
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Norton 360
Norton PC Checkup
OfotoXMI
OptionalContentQFolder
PanoStandAlone
PhotoGallery
Pradis 6: Basic Bible Library 6.0
QuickTime
RandMap
REA's TESTware for the PRAXIS Elementary Ed 0014
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RoboForm 7-7-4 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
Skype Toolbars
Skype™ 4.2
SlideShow
SlideShowMusic
SolutionCenter
Sonic_PrimoSDK
staticcr
Status
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.6195
VoiceOver Kit
VPRINTOL
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
WIRELESS
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:08:03 PM, error: Service Control Manager [7023] - The SaiNtSub service terminated with the following error: The specified module could not be found.
5/9/2012 7:52:48 PM, error: Service Control Manager [7023] - The Iaimtv1 service terminated with the following error: The specified module could not be found.
5/9/2012 7:37:44 PM, error: Service Control Manager [7023] - The G400DH service terminated with the following error: The specified module could not be found.
5/9/2012 7:31:01 AM, error: SRTSP [4] - Error loading virus definitions.
5/9/2012 7:22:53 PM, error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
5/9/2012 7:17:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
5/9/2012 5:50:52 PM, error: Service Control Manager [7023] - The Ipcsvc service terminated with the following error: Access is denied.
5/9/2012 4:25:41 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
5/9/2012 3:59:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WISTechVIDCAP service to connect.
5/9/2012 2:07:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/9/2012 12:43:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
5/9/2012 12:43:56 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the path specified.
5/9/2012 12:43:56 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
5/9/2012 12:43:56 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.
5/9/2012 12:17:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
5/9/2012 10:38:12 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The file or directory is corrupted and unreadable. .
5/9/2012 10:38:12 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Mom's Account\Local Settings\Temporary Internet Files\Content.IE5\XT6SUY44\FixZeroAccess[1].exe. Reference error message: The operation completed successfully. .
5/8/2012 7:35:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
5/7/2012 4:42:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
5/6/2012 9:15:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/5/2012 3:18:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
.
==== End Of File ===========================
 
You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Then...
Forget TDSSKiller for now.
Instead....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
OKAY.....

Before I saw this post....I had already ran the Kapersky.......these are the TWO log files it created, now about to delete AVG & DL the aswMBR.exe



File 1.

13:25:36.0537 1452 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:25:38.0537 1452 ============================================================
13:25:38.0537 1452 Current date / time: 2012/05/09 13:25:38.0537
13:25:38.0537 1452 SystemInfo:
13:25:38.0537 1452
13:25:38.0537 1452 OS Version: 5.1.2600 ServicePack: 3.0
13:25:38.0537 1452 Product type: Workstation
13:25:38.0537 1452 ComputerName: LULU
13:25:38.0553 1452 UserName: Mom's Account
13:25:38.0553 1452 Windows directory: C:\WINDOWS
13:25:38.0553 1452 System windows directory: C:\WINDOWS
13:25:38.0553 1452 Processor architecture: Intel x86
13:25:38.0553 1452 Number of processors: 2
13:25:38.0553 1452 Page size: 0x1000
13:25:38.0553 1452 Boot type: Normal boot
13:25:38.0553 1452 ============================================================
13:25:53.0398 1452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:25:53.0976 1452 Drive \Device\Harddisk1\DR3 - Size: 0x3D600000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:25:54.0039 1452 ============================================================
13:25:54.0039 1452 \Device\Harddisk0\DR0:
13:25:54.0148 1452 MBR partitions:
13:25:54.0148 1452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C115241
13:25:54.0148 1452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C119141, BlocksNum 0x10AB440
13:25:54.0148 1452 \Device\Harddisk1\DR3:
13:25:54.0148 1452 MBR partitions:
13:25:54.0148 1452 ============================================================
13:25:54.0414 1452 C: <-> \Device\Harddisk0\DR0\Partition0
13:25:54.0445 1452 D: <-> \Device\Harddisk0\DR0\Partition1
13:25:54.0586 1452 ============================================================
13:25:54.0586 1452 Initialize success
13:25:54.0586 1452 ============================================================
13:28:28.0914 4296 Deinitialize success







 
FILE 2


20:47:17.0754 5944 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:47:19.0801 5944 ============================================================
20:47:19.0801 5944 Current date / time: 2012/05/09 20:47:19.0801
20:47:19.0801 5944 SystemInfo:
20:47:19.0801 5944
20:47:19.0801 5944 OS Version: 5.1.2600 ServicePack: 3.0
20:47:19.0801 5944 Product type: Workstation
20:47:19.0801 5944 ComputerName: LULU
20:47:20.0676 5944 UserName: Mom's Account
20:47:20.0676 5944 Windows directory: C:\WINDOWS
20:47:20.0676 5944 System windows directory: C:\WINDOWS
20:47:20.0676 5944 Processor architecture: Intel x86
20:47:20.0676 5944 Number of processors: 2
20:47:20.0676 5944 Page size: 0x1000
20:47:20.0676 5944 Boot type: Normal boot
20:47:20.0676 5944 ============================================================
20:47:50.0145 5944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:47:52.0113 5944 Drive \Device\Harddisk1\DR19 - Size: 0x77D00000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:47:52.0238 5944 ============================================================
20:47:52.0238 5944 \Device\Harddisk0\DR0:
20:47:55.0863 5944 MBR partitions:
20:47:55.0863 5944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C115241
20:47:55.0863 5944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C119141, BlocksNum 0x10AB440
20:47:55.0863 5944 \Device\Harddisk1\DR19:
20:47:55.0863 5944 MBR partitions:
20:47:55.0863 5944 \Device\Harddisk1\DR19\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3BE7E0
20:47:55.0863 5944 ============================================================
20:47:57.0363 5944 C: <-> \Device\Harddisk0\DR0\Partition0
20:47:57.0442 5944 D: <-> \Device\Harddisk0\DR0\Partition1
20:47:57.0488 5944 ============================================================
20:47:57.0488 5944 Initialize success
20:47:57.0488 5944 ============================================================
20:48:18.0488 3848 ============================================================
20:48:18.0488 3848 Scan started
20:48:18.0488 3848 Mode: Manual;
20:48:18.0488 3848 ============================================================
20:52:16.0988 3848 Abiosdsk - ok
20:52:17.0004 3848 abp480n5 - ok
20:52:20.0176 3848 ACDaemon - ok
20:52:21.0567 3848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:52:21.0660 3848 ACPI - ok
20:52:21.0801 3848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:52:21.0801 3848 ACPIEC - ok
20:52:21.0817 3848 adpu160m - ok
20:52:24.0535 3848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:52:24.0629 3848 aec - ok
20:52:25.0004 3848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:52:25.0176 3848 AFD - ok
20:52:46.0317 3848 AffinegyService (95b99265e83988cc81970a856ea2159a) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
20:52:46.0395 3848 AffinegyService - ok
20:52:46.0504 3848 AFGMp50 - ok
20:52:46.0582 3848 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
20:52:46.0582 3848 AFGSp50 - ok
20:52:47.0676 3848 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
20:52:47.0692 3848 AFS2K - ok
20:52:47.0692 3848 Aha154x - ok
20:52:47.0785 3848 aic78u2 - ok
20:52:47.0817 3848 aic78xx - ok
20:52:48.0113 3848 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:52:48.0160 3848 Alerter - ok
20:52:48.0270 3848 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:52:48.0270 3848 ALG - ok
20:52:48.0270 3848 AliIde - ok
20:52:48.0285 3848 amsint - ok
20:52:48.0598 3848 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:52:48.0629 3848 AppMgmt - ok
20:52:48.0785 3848 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
20:52:48.0817 3848 aracpi - ok
20:52:48.0957 3848 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
20:52:48.0973 3848 arhidfltr - ok
20:52:49.0035 3848 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
20:52:49.0035 3848 arkbcfltr - ok
20:52:49.0082 3848 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
20:52:49.0082 3848 armoucfltr - ok
20:52:49.0301 3848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:52:49.0317 3848 Arp1394 - ok
20:52:49.0348 3848 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
20:52:49.0363 3848 ARPolicy - ok
20:52:49.0535 3848 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
20:53:00.0098 3848 ARSVC - ok
20:53:00.0113 3848 asc - ok
20:53:00.0129 3848 asc3350p - ok
20:53:00.0160 3848 asc3550 - ok
20:53:00.0817 3848 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:53:01.0473 3848 aspnet_state - ok
20:53:01.0598 3848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:53:01.0613 3848 AsyncMac - ok
20:53:02.0145 3848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:53:02.0145 3848 atapi - ok
20:53:02.0176 3848 Atdisk - ok
20:53:03.0238 3848 Ati HotKey Poller (5784a06fdc2ac7954225a1a79e1a8f00) C:\WINDOWS\system32\Ati2evxx.exe
20:53:03.0473 3848 Ati HotKey Poller - ok
20:53:33.0895 3848 ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:53:34.0535 3848 ati2mtag - ok
20:53:42.0379 3848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:53:42.0395 3848 Atmarpc - ok
20:53:42.0582 3848 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:53:42.0598 3848 AudioSrv - ok
20:53:42.0676 3848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:53:42.0770 3848 audstub - ok
20:53:42.0942 3848 avg8emc - ok
20:53:42.0957 3848 avg8wd - ok
20:53:48.0301 3848 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
20:53:48.0613 3848 AvgLdx86 - ok
20:53:48.0879 3848 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
20:53:48.0895 3848 AvgMfx86 - ok
20:53:52.0926 3848 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
20:53:53.0004 3848 AvgTdiX - ok
20:53:53.0145 3848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:53:53.0160 3848 Beep - ok
20:53:54.0410 3848 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
20:53:54.0707 3848 BHDrvx86 - ok
20:53:54.0942 3848 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:53:55.0301 3848 BITS - ok
20:53:55.0645 3848 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:53:55.0676 3848 Bridge - ok
20:53:55.0738 3848 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:53:55.0738 3848 BridgeMP - ok
20:53:55.0926 3848 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:53:55.0957 3848 Browser - ok
20:53:56.0035 3848 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
20:53:56.0051 3848 BTCFilterService - ok
20:53:56.0238 3848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:53:56.0238 3848 cbidf2k - ok
20:53:57.0004 3848 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602000.009\ccSetx86.sys
20:53:57.0067 3848 ccSet_N360 - ok
20:53:57.0113 3848 cd20xrnt - ok
20:53:57.0426 3848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:53:57.0426 3848 Cdaudio - ok
20:53:57.0567 3848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:53:57.0582 3848 Cdfs - ok
20:53:57.0817 3848 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:53:57.0817 3848 Cdrom - ok
20:53:57.0832 3848 Changer - ok
20:53:57.0926 3848 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:53:57.0926 3848 cisvc - ok
20:53:58.0051 3848 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:53:58.0051 3848 ClipSrv - ok
20:53:58.0285 3848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:53:58.0426 3848 clr_optimization_v2.0.50727_32 - ok
20:53:58.0692 3848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:53:58.0738 3848 clr_optimization_v4.0.30319_32 - ok
20:53:58.0738 3848 CmdIde - ok
20:53:58.0754 3848 COMSysApp - ok
20:53:58.0770 3848 Cpqarray - ok
20:53:59.0035 3848 cpuz132 - ok
20:53:59.0395 3848 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:53:59.0410 3848 CryptSvc - ok
20:53:59.0473 3848 dac2w2k - ok
20:53:59.0488 3848 dac960nt - ok
20:53:59.0551 3848 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:53:59.0598 3848 DcomLaunch - ok
20:53:59.0676 3848 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:53:59.0676 3848 Dhcp - ok
20:53:59.0754 3848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:53:59.0770 3848 Disk - ok
20:53:59.0770 3848 dmadmin - ok
20:53:59.0863 3848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:53:59.0910 3848 dmboot - ok
20:53:59.0957 3848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:53:59.0973 3848 dmio - ok
20:53:59.0988 3848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:53:59.0988 3848 dmload - ok
20:54:00.0020 3848 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:54:00.0035 3848 dmserver - ok
20:54:00.0238 3848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:54:00.0254 3848 DMusic - ok
20:54:00.0363 3848 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:54:00.0363 3848 Dnscache - ok
20:54:00.0707 3848 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:54:00.0738 3848 Dot3svc - ok
20:54:00.0785 3848 dpti2o - ok
20:54:00.0895 3848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:54:00.0926 3848 drmkaud - ok
20:54:01.0004 3848 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:54:01.0004 3848 EapHost - ok
20:54:01.0192 3848 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:54:01.0207 3848 eeCtrl - ok
20:54:01.0410 3848 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
20:54:01.0410 3848 ehRecvr - ok
20:54:01.0488 3848 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
20:54:01.0488 3848 ehSched - ok
20:54:01.0660 3848 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:54:01.0660 3848 EraserUtilRebootDrv - ok
20:54:01.0754 3848 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:54:01.0754 3848 ERSvc - ok
20:54:01.0817 3848 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:54:01.0832 3848 Eventlog - ok
20:54:01.0879 3848 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:54:01.0879 3848 EventSystem - ok
20:54:02.0160 3848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:54:02.0160 3848 Fastfat - ok
20:54:02.0223 3848 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:54:02.0254 3848 FastUserSwitchingCompatibility - ok
20:54:04.0504 3848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:54:04.0567 3848 Fdc - ok
20:54:04.0598 3848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:54:04.0598 3848 Fips - ok
20:54:04.0645 3848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:54:04.0645 3848 Flpydisk - ok
20:54:04.0863 3848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:54:04.0863 3848 FltMgr - ok
20:54:05.0082 3848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:54:05.0082 3848 FontCache3.0.0.0 - ok
20:54:05.0113 3848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:54:05.0113 3848 Fs_Rec - ok
20:54:05.0176 3848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:54:05.0176 3848 Ftdisk - ok
20:54:05.0192 3848 ftsata2 - ok
20:54:05.0254 3848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:54:05.0254 3848 Gpc - ok
20:54:05.0520 3848 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:05.0520 3848 gupdate - ok
20:54:05.0535 3848 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:05.0551 3848 gupdatem - ok
20:54:05.0660 3848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:54:05.0676 3848 gusvc - ok
20:54:05.0832 3848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:54:05.0832 3848 HDAudBus - ok
20:54:06.0004 3848 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:54:06.0004 3848 helpsvc - ok
20:54:06.0160 3848 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:54:06.0160 3848 HidServ - ok
20:54:06.0285 3848 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:54:06.0285 3848 HidUsb - ok
20:54:06.0410 3848 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:54:06.0410 3848 hkmsvc - ok
20:54:06.0426 3848 hpn - ok
20:54:06.0473 3848 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:54:06.0473 3848 HPZid412 - ok
20:54:06.0504 3848 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:54:06.0504 3848 HPZipr12 - ok
20:54:06.0582 3848 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:54:06.0598 3848 HPZius12 - ok
20:54:06.0707 3848 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
20:54:06.0723 3848 HSXHWBS2 - ok
20:54:07.0192 3848 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
20:54:07.0223 3848 HSX_DP - ok
20:54:07.0301 3848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:54:07.0410 3848 HTTP - ok
20:54:07.0457 3848 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:54:07.0535 3848 HTTPFilter - ok
20:54:07.0551 3848 i2omgmt - ok
20:54:07.0582 3848 i2omp - ok
20:54:07.0629 3848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:54:07.0645 3848 i8042prt - ok
20:54:07.0770 3848 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:54:07.0785 3848 IDriverT - ok
20:54:07.0973 3848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:54:08.0004 3848 idsvc - ok
20:54:08.0348 3848 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120508.002\IDSxpx86.sys
20:54:08.0363 3848 IDSxpx86 - ok
20:54:08.0613 3848 ilicensesvc - ok
20:54:08.0738 3848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:54:08.0738 3848 Imapi - ok
20:54:08.0817 3848 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:54:08.0863 3848 ImapiService - ok
20:54:08.0879 3848 ini910u - ok
20:54:09.0379 3848 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:54:09.0567 3848 IntcAzAudAddService - ok
20:54:09.0942 3848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:54:09.0942 3848 IntelIde - ok
20:54:10.0020 3848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:54:10.0020 3848 intelppm - ok
20:54:10.0051 3848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:54:10.0051 3848 Ip6Fw - ok
20:54:10.0113 3848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:54:10.0113 3848 IpFilterDriver - ok
20:54:10.0145 3848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:54:10.0145 3848 IpInIp - ok
20:54:10.0192 3848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:54:10.0192 3848 IpNat - ok
20:54:10.0270 3848 IPSec (b27854ea84eea08ecc61d376e85a8f50) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:54:10.0301 3848 IPSec - ok
20:54:10.0317 3848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:54:10.0332 3848 IRENUM - ok
20:54:10.0348 3848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:54:10.0348 3848 isapnp - ok
20:54:10.0629 3848 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:54:10.0660 3848 JavaQuickStarterService - ok
20:54:10.0692 3848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:54:10.0692 3848 Kbdclass - ok
20:54:10.0754 3848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:54:10.0754 3848 kbdhid - ok
20:54:10.0863 3848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:54:10.0863 3848 kmixer - ok
20:54:10.0942 3848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:54:10.0957 3848 KSecDD - ok
20:54:11.0020 3848 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:54:11.0035 3848 lanmanserver - ok
20:54:11.0113 3848 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:54:11.0160 3848 lanmanworkstation - ok
20:54:11.0176 3848 lbrtfdc - ok
20:54:11.0223 3848 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:54:11.0238 3848 LightScribeService - ok
20:54:11.0301 3848 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:54:11.0301 3848 LmHosts - ok
20:54:11.0535 3848 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
20:54:11.0551 3848 McrdSvc - ok
20:54:11.0567 3848 MCSTRM - ok
20:54:11.0645 3848 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:54:11.0645 3848 mdmxsdk - ok
20:54:11.0692 3848 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:54:11.0692 3848 Messenger - ok
20:54:11.0723 3848 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
20:54:11.0738 3848 MHN - ok
20:54:11.0754 3848 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:54:11.0754 3848 MHNDRV - ok
20:54:11.0801 3848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:54:11.0801 3848 mnmdd - ok
20:54:11.0848 3848 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:54:11.0863 3848 mnmsrvc - ok
20:54:11.0895 3848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:54:11.0895 3848 Modem - ok
20:54:11.0957 3848 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:54:11.0957 3848 motccgp - ok
20:54:11.0988 3848 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:54:11.0988 3848 motccgpfl - ok
20:54:12.0067 3848 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:54:12.0067 3848 motmodem - ok
20:54:12.0160 3848 MotoConnect Service (be72f68c3e898c6c7dd61afdf28769dd) C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
20:54:12.0207 3848 MotoConnect Service - ok
20:54:12.0254 3848 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
20:54:12.0254 3848 MotoSwitchService - ok
20:54:12.0332 3848 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
20:54:12.0332 3848 Motousbnet - ok
20:54:12.0395 3848 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
20:54:12.0395 3848 motusbdevice - ok
20:54:12.0426 3848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:54:12.0426 3848 Mouclass - ok
20:54:12.0504 3848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:54:12.0504 3848 mouhid - ok
20:54:12.0551 3848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:54:12.0567 3848 MountMgr - ok
20:54:12.0660 3848 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:54:12.0692 3848 MozillaMaintenance - ok
20:54:12.0692 3848 mraid35x - ok
20:54:12.0723 3848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:54:12.0738 3848 MRxDAV - ok
20:54:12.0801 3848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:54:12.0817 3848 MRxSmb - ok
20:54:12.0895 3848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:54:12.0895 3848 Msfs - ok
20:54:12.0895 3848 MSIServer - ok
20:54:12.0957 3848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:54:12.0957 3848 MSKSSRV - ok
20:54:13.0035 3848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:54:13.0051 3848 MSPCLOCK - ok
20:54:13.0098 3848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:54:13.0098 3848 MSPQM - ok
20:54:13.0145 3848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:54:13.0145 3848 mssmbios - ok
20:54:13.0207 3848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:54:13.0223 3848 Mup - ok
20:54:13.0395 3848 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
20:54:13.0410 3848 N360 - ok
20:54:13.0520 3848 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:54:13.0567 3848 napagent - ok
20:54:13.0848 3848 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120509.002\NAVENG.SYS
20:54:13.0863 3848 NAVENG - ok
20:54:14.0098 3848 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120509.002\NAVEX15.SYS
20:54:14.0176 3848 NAVEX15 - ok
20:54:15.0551 3848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:54:15.0598 3848 NDIS - ok
20:54:15.0645 3848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:54:15.0660 3848 NdisTapi - ok
20:54:15.0707 3848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:54:15.0707 3848 Ndisuio - ok
20:54:15.0785 3848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:54:15.0785 3848 NdisWan - ok
20:54:15.0863 3848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:54:15.0863 3848 NDProxy - ok
20:54:15.0879 3848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:54:15.0879 3848 NetBIOS - ok
20:54:15.0988 3848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:54:16.0051 3848 NetBT - ok
20:54:16.0223 3848 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:54:16.0238 3848 NetDDE - ok
20:54:16.0254 3848 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:54:16.0254 3848 NetDDEdsdm - ok
20:54:16.0363 3848 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:54:16.0363 3848 Netlogon - ok
20:54:16.0442 3848 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:54:16.0473 3848 Netman - ok
20:54:16.0629 3848 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:54:16.0629 3848 NetTcpPortSharing - ok
20:54:16.0676 3848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:54:16.0692 3848 NIC1394 - ok
20:54:16.0738 3848 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:54:16.0817 3848 Nla - ok
20:54:16.0988 3848 Norton PC Checkup Application Launcher - ok
20:54:17.0082 3848 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
20:54:17.0082 3848 NPF - ok
20:54:17.0129 3848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:54:17.0129 3848 Npfs - ok
20:54:17.0176 3848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:54:17.0238 3848 Ntfs - ok
20:54:17.0254 3848 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:54:17.0254 3848 NtLmSsp - ok
20:54:17.0332 3848 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:54:17.0348 3848 NtmsSvc - ok
20:54:17.0442 3848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:54:17.0457 3848 Null - ok
20:54:17.0551 3848 NVNET - ok
20:54:17.0598 3848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:54:17.0598 3848 NwlnkFlt - ok
20:54:17.0629 3848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:54:17.0629 3848 NwlnkFwd - ok
20:54:17.0645 3848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:54:17.0645 3848 ohci1394 - ok
20:54:17.0879 3848 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:54:17.0910 3848 ose - ok
20:54:18.0442 3848 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:54:18.0613 3848 osppsvc - ok
20:54:18.0942 3848 outpostfirewall (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\om518p.dll
20:54:18.0942 3848 outpostfirewall ( Backdoor.Multi.ZAccess.gen ) - infected
20:54:18.0942 3848 outpostfirewall - detected Backdoor.Multi.ZAccess.gen (0)
20:54:19.0051 3848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:54:19.0051 3848 Parport - ok
20:54:19.0082 3848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:54:19.0082 3848 PartMgr - ok
20:54:19.0129 3848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:54:19.0145 3848 ParVdm - ok
20:54:19.0317 3848 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
20:54:19.0379 3848 PCCUJobMgr - ok
20:54:19.0395 3848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:54:19.0395 3848 PCI - ok
20:54:19.0426 3848 PCIDump - ok
20:54:19.0442 3848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:54:19.0442 3848 PCIIde - ok
20:54:19.0504 3848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:54:19.0551 3848 Pcmcia - ok
20:54:19.0567 3848 PDCOMP - ok
20:54:19.0582 3848 PDFRAME - ok
20:54:19.0660 3848 pdlnemsg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s3twistr.dll
20:54:19.0660 3848 pdlnemsg ( Backdoor.Multi.ZAccess.gen ) - infected
20:54:19.0660 3848 pdlnemsg - detected Backdoor.Multi.ZAccess.gen (0)
20:54:19.0676 3848 PDRELI - ok
20:54:19.0692 3848 PDRFRAME - ok
20:54:19.0707 3848 perc2 - ok
20:54:19.0738 3848 perc2hib - ok
20:54:19.0832 3848 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:54:19.0848 3848 PlugPlay - ok
20:54:19.0879 3848 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
20:54:19.0895 3848 Pml Driver HPZ12 - ok
20:54:19.0910 3848 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:54:19.0910 3848 PolicyAgent - ok
20:54:19.0957 3848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:54:19.0957 3848 PptpMiniport - ok
20:54:19.0973 3848 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:54:19.0973 3848 ProtectedStorage - ok
20:54:19.0988 3848 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
20:54:19.0988 3848 Ps2 - ok
20:54:20.0020 3848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:54:20.0020 3848 PSched - ok
20:54:20.0035 3848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:54:20.0035 3848 Ptilink - ok
20:54:20.0113 3848 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:54:20.0113 3848 PxHelp20 - ok
20:54:20.0129 3848 ql1080 - ok
20:54:20.0145 3848 Ql10wnt - ok
20:54:20.0160 3848 ql12160 - ok
20:54:20.0192 3848 ql1240 - ok
20:54:20.0207 3848 ql1280 - ok
20:54:20.0317 3848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:54:20.0317 3848 RasAcd - ok
20:54:20.0348 3848 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:54:20.0363 3848 RasAuto - ok
20:54:20.0410 3848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:54:20.0410 3848 Rasl2tp - ok
20:54:20.0488 3848 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:54:20.0520 3848 RasMan - ok
20:54:20.0535 3848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:54:20.0535 3848 RasPppoe - ok
20:54:20.0551 3848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:54:20.0551 3848 Raspti - ok
20:54:20.0598 3848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:54:20.0645 3848 Rdbss - ok
20:54:20.0707 3848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:54:20.0707 3848 RDPCDD - ok
20:54:20.0754 3848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:54:20.0754 3848 rdpdr - ok
20:54:20.0817 3848 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:54:20.0863 3848 RDPWD - ok
20:54:20.0926 3848 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:54:20.0942 3848 RDSessMgr - ok
20:54:20.0988 3848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:54:20.0988 3848 redbook - ok
20:54:21.0035 3848 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:54:21.0035 3848 RemoteAccess - ok
20:54:21.0082 3848 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:54:21.0098 3848 RemoteRegistry - ok
20:54:21.0207 3848 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
20:54:21.0223 3848 rpcapd - ok
20:54:21.0254 3848 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:54:21.0254 3848 RpcLocator - ok
20:54:21.0395 3848 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:54:21.0598 3848 RpcSs - ok
20:54:21.0785 3848 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:54:21.0832 3848 RSVP - ok
20:54:21.0973 3848 RTL8023xp (eacd871fdbe85393d112782896c2d7dd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:54:22.0020 3848 RTL8023xp - ok
20:54:22.0067 3848 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:54:22.0067 3848 rtl8139 - ok
20:54:22.0082 3848 rxmssync - ok
20:54:22.0145 3848 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:54:22.0145 3848 SamSs - ok
20:54:22.0192 3848 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:54:22.0223 3848 SCardSvr - ok
20:54:22.0270 3848 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:54:22.0285 3848 Schedule - ok
20:54:22.0379 3848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:54:22.0379 3848 Secdrv - ok
20:54:22.0395 3848 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:54:22.0410 3848 seclogon - ok
20:54:22.0426 3848 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:54:22.0426 3848 SENS - ok
20:54:22.0504 3848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:54:22.0504 3848 Serial - ok
20:54:22.0567 3848 SerialKeys (d7edd711dabd96b1261f7a02a56db379) C:\WINDOWS\system32\skeys.exe
20:54:22.0567 3848 SerialKeys - ok
20:54:22.0707 3848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:54:22.0707 3848 Sfloppy - ok
20:54:22.0770 3848 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:54:23.0020 3848 SharedAccess - ok
20:54:23.0082 3848 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:54:23.0082 3848 ShellHWDetection - ok
20:54:23.0098 3848 Simbad - ok
20:54:23.0129 3848 SMR250 (ecc0db3be1589dbb7e0fa7c1e0dda0e4) C:\WINDOWS\system32\drivers\SMR250.SYS
20:54:23.0160 3848 SMR250 - ok
20:54:23.0192 3848 Sparrow - ok
20:54:23.0254 3848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:54:23.0254 3848 splitter - ok
20:54:23.0285 3848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:54:23.0301 3848 Spooler - ok
20:54:23.0332 3848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:54:23.0348 3848 sr - ok
20:54:23.0426 3848 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:54:23.0457 3848 srservice - ok
20:54:23.0613 3848 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602000.009\SRTSP.SYS
20:54:23.0645 3848 SRTSP - ok
20:54:23.0707 3848 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602000.009\SRTSPX.SYS
20:54:23.0707 3848 SRTSPX - ok
20:54:23.0801 3848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:54:23.0832 3848 Srv - ok
20:54:23.0863 3848 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:54:23.0863 3848 SSDPSRV - ok
20:54:23.0942 3848 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:54:23.0988 3848 stisvc - ok
20:54:24.0051 3848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:54:24.0051 3848 swenum - ok
20:54:24.0067 3848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:54:24.0082 3848 swmidi - ok
20:54:24.0082 3848 SwPrv - ok
20:54:24.0113 3848 symc810 - ok
20:54:24.0129 3848 symc8xx - ok
20:54:24.0238 3848 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602000.009\SYMDS.SYS
20:54:24.0285 3848 SymDS - ok
20:54:24.0395 3848 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602000.009\SYMEFA.SYS
20:54:24.0504 3848 SymEFA - ok
20:54:24.0582 3848 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:54:24.0598 3848 SymEvent - ok
20:54:24.0738 3848 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602000.009\Ironx86.SYS
20:54:24.0785 3848 SymIRON - ok
20:54:24.0895 3848 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602000.009\SYMTDI.SYS
20:54:24.0957 3848 SYMTDI - ok
20:54:24.0988 3848 sym_hi - ok
20:54:25.0004 3848 sym_u3 - ok
20:54:25.0082 3848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:54:25.0082 3848 sysaudio - ok
20:54:25.0145 3848 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:54:25.0160 3848 SysmonLog - ok
20:54:25.0207 3848 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:54:25.0223 3848 TapiSrv - ok
20:54:25.0301 3848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:54:25.0317 3848 Tcpip - ok
20:54:25.0363 3848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:54:25.0363 3848 TDPIPE - ok
20:54:25.0395 3848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:54:25.0395 3848 TDTCP - ok
20:54:25.0426 3848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:54:25.0442 3848 TermDD - ok
20:54:25.0488 3848 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:54:25.0535 3848 TermService - ok
20:54:25.0567 3848 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:54:25.0613 3848 Themes - ok
20:54:25.0660 3848 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:54:25.0660 3848 TlntSvr - ok
20:54:25.0676 3848 TosIde - ok
20:54:25.0723 3848 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:54:25.0738 3848 TrkWks - ok
20:54:25.0801 3848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:54:25.0801 3848 Udfs - ok
20:54:25.0817 3848 ultra - ok
20:54:25.0910 3848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:54:25.0926 3848 Update - ok
20:54:25.0988 3848 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:54:26.0004 3848 upnphost - ok
20:54:26.0020 3848 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:54:26.0020 3848 UPS - ok
20:54:26.0051 3848 USBAAPL - ok
20:54:26.0192 3848 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:54:26.0192 3848 usbaudio - ok
20:54:26.0223 3848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:54:26.0223 3848 usbccgp - ok
20:54:26.0285 3848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:54:26.0285 3848 usbehci - ok
20:54:26.0301 3848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:54:26.0301 3848 usbhub - ok
20:54:26.0317 3848 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:54:26.0317 3848 usbohci - ok
20:54:26.0426 3848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:54:26.0426 3848 usbprint - ok
20:54:26.0442 3848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:54:26.0442 3848 usbscan - ok
20:54:26.0473 3848 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:54:26.0473 3848 usbstor - ok
20:54:26.0520 3848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:54:26.0520 3848 usbuhci - ok
20:54:26.0598 3848 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
20:54:26.0598 3848 USB_RNDIS - ok
20:54:26.0660 3848 VCAM - ok
20:54:26.0707 3848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:54:26.0707 3848 VgaSave - ok
20:54:26.0770 3848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:54:26.0770 3848 ViaIde - ok
20:54:26.0848 3848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:54:26.0863 3848 VolSnap - ok
20:54:26.0926 3848 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:54:26.0973 3848 VSS - ok
20:54:27.0020 3848 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:54:27.0067 3848 W32Time - ok
20:54:27.0113 3848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:54:27.0129 3848 Wanarp - ok
20:54:27.0223 3848 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:54:27.0238 3848 Wdf01000 - ok
20:54:27.0254 3848 WDICA - ok
20:54:27.0301 3848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:54:27.0317 3848 wdmaud - ok
20:54:27.0379 3848 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:54:27.0395 3848 WebClient - ok
20:54:27.0488 3848 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
20:54:27.0535 3848 winachsx - ok
20:54:27.0645 3848 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:54:27.0660 3848 winmgmt - ok
20:54:27.0785 3848 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
20:54:27.0863 3848 WinRM - ok
20:54:28.0113 3848 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:54:28.0176 3848 wlidsvc - ok
20:54:28.0520 3848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:54:28.0520 3848 WmdmPmSN - ok
20:54:28.0613 3848 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:54:28.0629 3848 Wmi - ok
20:54:28.0738 3848 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:54:28.0785 3848 WmiApSrv - ok
20:54:28.0942 3848 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:54:28.0973 3848 WMPNetworkSvc - ok
20:54:29.0113 3848 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:54:29.0113 3848 WpdUsb - ok
20:54:29.0332 3848 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:54:29.0379 3848 WPFFontCache_v0400 - ok
20:54:29.0442 3848 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:54:29.0504 3848 wuauserv - ok
20:54:29.0567 3848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:54:29.0567 3848 WudfPf - ok
20:54:29.0613 3848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:54:29.0629 3848 WudfRd - ok
20:54:29.0676 3848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:54:29.0676 3848 WudfSvc - ok
20:54:29.0770 3848 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:54:29.0817 3848 WZCSVC - ok
20:54:29.0863 3848 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:54:29.0895 3848 xmlprov - ok
20:54:30.0004 3848 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
20:54:30.0051 3848 \Device\Harddisk0\DR0 - ok
20:54:30.0067 3848 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk1\DR19
20:54:30.0692 3848 \Device\Harddisk1\DR19 - ok
20:54:30.0692 3848 Boot (0x1200) (38cfbffba29631ae8454d1dad28af3c6) \Device\Harddisk0\DR0\Partition0
20:54:30.0707 3848 \Device\Harddisk0\DR0\Partition0 - ok
20:54:30.0707 3848 Boot (0x1200) (dcde018ff50a4e7678e1d155e2527491) \Device\Harddisk0\DR0\Partition1
20:54:30.0723 3848 \Device\Harddisk0\DR0\Partition1 - ok
20:54:30.0738 3848 Boot (0x1200) (e77ed631e52d8ab1bd1419ad1b97cfb7) \Device\Harddisk1\DR19\Partition0
20:54:30.0738 3848 \Device\Harddisk1\DR19\Partition0 - ok
20:54:30.0738 3848 ============================================================
20:54:30.0738 3848 Scan finished
20:54:30.0738 3848 ============================================================
20:54:30.0801 5632 Detected object count: 2
20:54:30.0801 5632 Actual detected object count: 2
20:55:16.0051 5632 C:\WINDOWS\system32\om518p.dll - copied to quarantine
20:55:16.0051 5632 HKLM\SYSTEM\ControlSet001\services\outpostfirewall - will be deleted on reboot
20:55:16.0348 5632 HKLM\SYSTEM\ControlSet002\services\outpostfirewall - will be deleted on reboot
20:55:17.0254 5632 C:\WINDOWS\system32\om518p.dll - will be deleted on reboot
20:55:17.0254 5632 outpostfirewall ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:55:17.0910 5632 C:\WINDOWS\system32\s3twistr.dll - copied to quarantine
20:55:17.0910 5632 HKLM\SYSTEM\ControlSet001\services\pdlnemsg - will be deleted on reboot
20:55:17.0910 5632 C:\WINDOWS\system32\s3twistr.dll - will be deleted on reboot
20:55:17.0910 5632 pdlnemsg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:56:21.0535 5404 Deinitialize success
 
Okay....as I was downloading those items, my computer froze, I re-booted..& then could not access anything. The windows start button did nothing, no apps would do anything..I mean, I couldn't even CLICK them...this resulted in a severe headache plus my wife is tripping about it so, I going to leave it until tomorrow..I never did finish downloading the files, so....Thanks thus far.
 
alright, it's official......I have no access to anything but the desktop, but can't do anything with the shortcuts on it.
I can open 'My Documents' but not not open any file in there. The toolbar, where the windows symbol is, is disabled. When I put the mouse over there, it turns to a hash-mark & won't let me click any button over there, nor do the apps near the clock show up anymore. I can still get online apparently, but that's about it.
 
Please close this thread as I have totally messed everything up & accidentally used to manufacturer's recovery tool @ boot-up & it put the computer baack to factory status & I lost everything that was on the previous disk....smh
 
Back