Ad network traffic, slow internet connection

jvreynol · July 3, 2012

Hello:

Recently experiencing higher CPU usage and increased internet traffic not generated by my browsing sessions. Router logs indicate access to random ad and other spam sites. I've done a MWBytes scan and a HijackThis scan. Logs below. Appreciate any advice. Thank you!

MalwareBytes Log

==============

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.07.02.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jim :: REYNOLDS [administrator]

2/25/2004 6:43:11 PM

mbam-log-2004-02-25 (18-43-11).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 362001

Time elapsed: 37 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Jim\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.

(end)

============

Hijack This Log

============

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:24:36 PM, on 2/25/2004

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\GoZone\GoZone_iSync.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll

O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll

O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll (file missing)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O3 - Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 2.8; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\SavevidPlug-in\redirect.htm

O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: www.kyw1060.com

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: www.phillies.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.co...inAxControl.CAB

O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/im...r/SysProExe.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1263953748824

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pn...veX_Control.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.126.199.53...activex/AMC.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 13341 bytes

Maniac · July 3, 2012

Hello jvreynol and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow our instructions here and post the log files from DDS in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

jvreynol · July 5, 2012

Here are the DDS results...thanks again for your assistance!

Attach.txt

========.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/15/2003 3:55:47 PM

System Uptime: 7/3/2012 12:51:03 PM (6 hours ago)

.

Motherboard: Dell Computer Corp. | | 0M2035

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 1.453 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0

Service: E100B

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

ABBYY FineReader 5.0 Sprint

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 2.0

Adobe Reader 8.3.1

Adobe Shockwave Player

America Online (Choose which version to remove)

AnswerWorks 5.0 English Runtime

AOL Coach Version 1.0(Build:20030807.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Display Driver

ATIMCEE

AXIS Media Control Embedded

Backyard Football

Banctec Service Agreement

BCM V.92 56K Modem

Bonjour

Business Contact Manager for Outlook 2003

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.10

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

Canon Utilities Movie Uploader for YouTube

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Classic PhoneTools

Compatibility Pack for the 2007 Office system

Creative MediaSource

DAO

Dell AIO Printer A940

Dell Networking Guide

Dell Picture Studio - Dell Image Expert

Dell Solution Center

Dell Support Center

DellSupport

Desktop Doctor

DS21Patch

DVDSentry

EarthLink Setup Files

ESET Online Scanner v3

exPressit S.E. 2.1

Family Tree Maker 2005

Family Tree Maker 9.0

Garmin Communicator Plugin

Garmin POI Loader

Garmin VoiceStudio v2.10

GemMaster Mystic

Glary Utilities 2.37.0.1260

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoZone iSync

Greeting Card Factory Deluxe 2.0

GTK+ 1.3.0-20030717-1 runtime environment

Help and Support Customization

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® PRO Network Connections Drivers

Intel® PROSet

iPod for Windows 2006-03-23

iTunes

Java Auto Updater

Java 7

LAME v3.98.2 for Audacity

Learn2 Player (Uninstall Only)

LiveUpdate 1.90 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.1.1000

Managed DirectX (0901)

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows Journal Viewer

MobileMe Control Panel

Modem Helper

Mozilla Firefox (3.6.25)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Norton Security Suite

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Secure Module 4.5.01

Otto

Paint Shop Pro 7

Pdf995

Picasa 3

PowerDVD

Quicken 2011

QuickTime

Reader Rabbit's Preschool

RealPlayer

RollerCoaster Tycoon 2

RollerCoaster Tycoon 2: Wacky Worlds

Samsung CLP-310 Series

SaveVid Plug-in

Savings Bond Wizard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmartMusic 2012a

Sonic MyDVD

Sonic PrimeTime

Sonic RecordNow!

Sonic UDF Reader

Sonic Update Manager

SonicStage 4.0

Sound Blaster Audigy 2

The GIMP 1.2.5-20030729-1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Upromise TurboSaver (remove only)

Viewpoint Manager (Remove Only)

VoiceOver Kit

WD Diagnostics

WebFldrs XP

Webshots Desktop

Windows Defender

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format Runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows Presentation Foundation

Windows Savevid Toolbar

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

Zoo Tycoon Expanded

.

==== Event Viewer Messages From Past Week ========

.

7/3/2012 8:27:07 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

7/3/2012 8:15:04 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199

7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

7/3/2012 8:14:37 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

7/3/2012 5:37:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.

7/3/2012 5:36:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.

.

==== End Of File ===========================

=======

DDS.txt

=======

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0

Run by Jim at 18:07:29 on 2012-07-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.832 [GMT -4:00]

.

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll

TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

TB: !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {00000000-0000-0000-0000-000000000000} - No File

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

c:\docume~1\jim\locals~1\temp\nsm1aa.tmp\temp00

StartupFolder: c:\docume~1\jim\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Save video on Savevid.com - c:\program files\savevidplug-in\redirect.htm

Trusted Zone: kyw1060.com\www

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: phillies.com\www

Trusted Zone: windowsupdate.com

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1077755673359

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1077755629062

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab

Notify: WRNotifier - WRLogonNTF.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\bl6vfl0c.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\1.2.567.20382\npCIDetect5.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn

.

---- FIREFOX POLICIES ----

.

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyoApz4U8&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 606540c60000000000000007e9484568

FF - user.js: extensions.incredibar_i.hardId - 606540c60000000000000007e9484568

FF - user.js: extensions.incredibar_i.instlDay - 15341

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2711:23:06

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyoApz4U8

FF - user.js: extensions.incredibar_i.upn2n - 92260656017641888

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10589

FF - user.js: extensions.incredibar_i.ppd -

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-23 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-23 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-23 136312]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-4-23 130008]

R2 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120702.001\IDSXpx86.sys [2004-2-25 369632]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120703.002\NAVENG.SYS [2012-7-3 87928]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120703.002\NAVEX15.SYS [2012-7-3 1589752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104]

.

=============== Created Last 30 ================

.

2012-07-03 13:17:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d32a0764-1d7a-473a-873c-86cec3bc65a4}\offreg.dll

2012-07-03 02:31:59 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d32a0764-1d7a-473a-873c-86cec3bc65a4}\mpengine.dll

.

==================== Find3M ====================

.

2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ABDF4B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8abe693c]; MOV EAX, [0x8abe6ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8AEBDAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8AC78C38]

\Driver\atapi[0x8AE2DF38] -> IRP_MJ_CREATE -> 0x8ABDF4B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8ABDF2E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 18:31:32.84 ===============

Maniac · July 5, 2012

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

SaveVid Plug-in

Viewpoint Manager (Remove Only)

Windows Savevid Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

jvreynol · July 6, 2012

Decided to try to clean per your instructions...multiple replies due to post too long...

TDSSKiller Log

============

22:46:43.0687 4576 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

22:46:45.0687 4576 ============================================================

22:46:45.0687 4576 Current date / time: 2012/07/05 22:46:45.0687

22:46:45.0687 4576 SystemInfo:

22:46:45.0687 4576

22:46:45.0687 4576 OS Version: 5.1.2600 ServicePack: 3.0

22:46:45.0687 4576 Product type: Workstation

22:46:45.0687 4576 ComputerName: REYNOLDS

22:46:45.0687 4576 UserName: Jim

22:46:45.0687 4576 Windows directory: C:\WINDOWS

22:46:45.0687 4576 System windows directory: C:\WINDOWS

22:46:45.0687 4576 Processor architecture: Intel x86

22:46:45.0687 4576 Number of processors: 1

22:46:45.0687 4576 Page size: 0x1000

22:46:45.0687 4576 Boot type: Normal boot

22:46:45.0687 4576 ============================================================

22:46:48.0468 4576 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:46:48.0625 4576 ============================================================

22:46:48.0625 4576 \Device\Harddisk0\DR0:

22:46:48.0625 4576 MBR partitions:

22:46:48.0625 4576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9

22:46:48.0625 4576 ============================================================

22:46:48.0687 4576 C: <-> \Device\Harddisk0\DR0\Partition0

22:46:48.0687 4576 ============================================================

22:46:48.0687 4576 Initialize success

22:46:48.0687 4576 ============================================================

22:47:15.0031 5896 ============================================================

22:47:15.0031 5896 Scan started

22:47:15.0031 5896 Mode: Manual; SigCheck; TDLFS;

22:47:15.0031 5896 ============================================================

22:47:15.0453 5896 Abiosdsk - ok

22:47:15.0500 5896 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

22:47:18.0062 5896 abp480n5 - ok

22:47:18.0109 5896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:47:18.0390 5896 ACPI - ok

22:47:18.0421 5896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:47:18.0625 5896 ACPIEC - ok

22:47:18.0640 5896 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

22:47:18.0859 5896 adpu160m - ok

22:47:18.0906 5896 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

22:47:18.0984 5896 aeaudio - ok

22:47:19.0031 5896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:47:19.0203 5896 aec - ok

22:47:19.0250 5896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:47:19.0312 5896 AFD - ok

22:47:19.0375 5896 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

22:47:19.0562 5896 agp440 - ok

22:47:19.0593 5896 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

22:47:19.0781 5896 agpCPQ - ok

22:47:19.0812 5896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

22:47:19.0953 5896 Aha154x - ok

22:47:19.0984 5896 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

22:47:20.0187 5896 aic78u2 - ok

22:47:20.0203 5896 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

22:47:20.0390 5896 aic78xx - ok

22:47:20.0437 5896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

22:47:20.0625 5896 Alerter - ok

22:47:20.0656 5896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

22:47:20.0843 5896 ALG - ok

22:47:20.0875 5896 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

22:47:21.0078 5896 AliIde - ok

22:47:21.0109 5896 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

22:47:21.0296 5896 alim1541 - ok

22:47:21.0343 5896 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

22:47:21.0640 5896 amdagp - ok

22:47:21.0671 5896 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

22:47:21.0781 5896 amsint - ok

22:47:22.0015 5896 AOL ACS (73d675514f148b1e69429e1d95e22adc) C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

22:47:22.0187 5896 AOL ACS ( UnsignedFile.Multi.Generic ) - warning

22:47:22.0187 5896 AOL ACS - detected UnsignedFile.Multi.Generic (1)

22:47:22.0250 5896 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:47:22.0265 5896 Apple Mobile Device - ok

22:47:22.0421 5896 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

22:47:22.0593 5896 AppMgmt - ok

22:47:22.0671 5896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:47:22.0875 5896 Arp1394 - ok

22:47:22.0890 5896 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

22:47:23.0125 5896 asc - ok

22:47:23.0140 5896 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

22:47:23.0234 5896 asc3350p - ok

22:47:23.0265 5896 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

22:47:23.0484 5896 asc3550 - ok

22:47:23.0593 5896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:47:23.0656 5896 aspnet_state - ok

22:47:23.0687 5896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:47:23.0875 5896 AsyncMac - ok

22:47:23.0937 5896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:47:24.0109 5896 atapi - ok

22:47:24.0125 5896 Atdisk - ok

22:47:24.0187 5896 Ati HotKey Poller (0715fd85c9dbbc18346a7da07873d298) C:\WINDOWS\System32\Ati2evxx.exe

22:47:24.0265 5896 Ati HotKey Poller - ok

22:47:24.0359 5896 ati2mtag (2d30381d718228d2841cf962e9e86499) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:47:24.0468 5896 ati2mtag - ok

22:47:24.0500 5896 atinevxx (d335e45bfa1bf0bf93a8d3c15d1fc0e1) C:\WINDOWS\system32\DRIVERS\atinevxx.sys

22:47:24.0546 5896 atinevxx - ok

22:47:24.0609 5896 ATITUNEP (4e09c36d16c5c310e9e8065385e743c2) C:\WINDOWS\system32\DRIVERS\atineuxx.sys

22:47:24.0640 5896 ATITUNEP - ok

22:47:24.0671 5896 ativraxx (866332d193898755dc955a4ad111ac89) C:\WINDOWS\system32\DRIVERS\atinraxx.sys

22:47:24.0718 5896 ativraxx - ok

22:47:24.0734 5896 ATIXSAudio (2bf5f72ad56964451b2e7b22aae389d1) C:\WINDOWS\system32\DRIVERS\atinesxx.sys

22:47:24.0781 5896 ATIXSAudio - ok

22:47:24.0812 5896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:47:25.0015 5896 Atmarpc - ok

22:47:25.0046 5896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

22:47:25.0250 5896 AudioSrv - ok

22:47:25.0281 5896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:47:25.0484 5896 audstub - ok

22:47:25.0593 5896 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys

22:47:25.0781 5896 BCMModem - ok

22:47:25.0843 5896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:47:26.0078 5896 Beep - ok

22:47:26.0359 5896 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys

22:47:26.0484 5896 BHDrvx86 - ok

22:47:26.0546 5896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

22:47:26.0843 5896 BITS - ok

22:47:26.0953 5896 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

22:47:26.0984 5896 Bonjour Service - ok

22:47:27.0031 5896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

22:47:27.0250 5896 Browser - ok

22:47:27.0296 5896 bvrp_pci - ok

22:47:27.0359 5896 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

22:47:27.0671 5896 cbidf - ok

22:47:27.0687 5896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:47:27.0906 5896 cbidf2k - ok

22:47:27.0937 5896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:47:28.0140 5896 CCDECODE - ok

22:47:28.0171 5896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

22:47:28.0250 5896 cd20xrnt - ok

22:47:28.0296 5896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:47:28.0500 5896 Cdaudio - ok

22:47:28.0531 5896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:47:28.0718 5896 Cdfs - ok

22:47:28.0750 5896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:47:28.0937 5896 Cdrom - ok

22:47:28.0953 5896 Changer - ok

22:47:29.0000 5896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

22:47:29.0187 5896 CiSvc - ok

22:47:29.0234 5896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

22:47:29.0406 5896 ClipSrv - ok

22:47:29.0515 5896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:47:29.0578 5896 clr_optimization_v2.0.50727_32 - ok

22:47:29.0609 5896 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

22:47:29.0828 5896 CmdIde - ok

22:47:29.0859 5896 COMSysApp - ok

22:47:29.0906 5896 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

22:47:30.0125 5896 Cpqarray - ok

22:47:30.0171 5896 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe

22:47:30.0187 5896 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

22:47:30.0187 5896 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

22:47:30.0234 5896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

22:47:30.0406 5896 CryptSvc - ok

22:47:30.0453 5896 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys

22:47:30.0500 5896 ctac32k - ok

22:47:30.0562 5896 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys

22:47:30.0625 5896 ctaud2k - ok

22:47:30.0687 5896 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys

22:47:30.0765 5896 ctdvda2k - ok

22:47:30.0812 5896 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys

22:47:30.0828 5896 ctprxy2k - ok

22:47:30.0875 5896 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys

22:47:30.0906 5896 ctsfm2k - ok

22:47:30.0937 5896 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

22:47:31.0156 5896 dac2w2k - ok

22:47:31.0187 5896 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

22:47:31.0406 5896 dac960nt - ok

22:47:31.0484 5896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

22:47:31.0578 5896 DcomLaunch - ok

22:47:31.0593 5896 DgiVecp - ok

22:47:31.0671 5896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

22:47:31.0859 5896 Dhcp - ok

22:47:31.0921 5896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:47:32.0093 5896 Disk - ok

22:47:32.0109 5896 dmadmin - ok

22:47:32.0203 5896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

22:47:32.0406 5896 dmboot - ok

22:47:32.0453 5896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

22:47:32.0640 5896 dmio - ok

22:47:32.0656 5896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:47:32.0875 5896 dmload - ok

22:47:32.0937 5896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

22:47:33.0093 5896 dmserver - ok

22:47:33.0140 5896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:47:33.0312 5896 DMusic - ok

22:47:33.0359 5896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

22:47:33.0453 5896 Dnscache - ok

22:47:33.0500 5896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

22:47:33.0687 5896 Dot3svc - ok

22:47:33.0718 5896 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

22:47:33.0937 5896 dpti2o - ok

22:47:34.0000 5896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:47:34.0187 5896 drmkaud - ok

22:47:34.0234 5896 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys

22:47:34.0265 5896 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

22:47:34.0265 5896 drvmcdb - detected UnsignedFile.Multi.Generic (1)

22:47:34.0296 5896 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys

22:47:34.0296 5896 drvnddm ( UnsignedFile.Multi.Generic ) - warning

22:47:34.0296 5896 drvnddm - detected UnsignedFile.Multi.Generic (1)

22:47:34.0406 5896 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe

22:47:34.0421 5896 DSBrokerService - ok

22:47:34.0484 5896 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

22:47:34.0500 5896 DSproct ( UnsignedFile.Multi.Generic ) - warning

22:47:34.0500 5896 DSproct - detected UnsignedFile.Multi.Generic (1)

22:47:34.0531 5896 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

22:47:34.0578 5896 dsunidrv - ok

22:47:34.0640 5896 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:47:34.0765 5896 E100B - ok

22:47:34.0812 5896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

22:47:35.0015 5896 EapHost - ok

22:47:35.0156 5896 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:47:35.0265 5896 eeCtrl - ok

22:47:35.0343 5896 ehSched (f6d494d609d52a0e9596756c5540a978) C:\WINDOWS\ehome\ehSched.exe

22:47:35.0515 5896 ehSched - ok

22:47:35.0562 5896 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

22:47:35.0796 5896 EL90XBC - ok

22:47:35.0859 5896 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys

22:47:35.0906 5896 emupia - ok

22:47:35.0953 5896 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:47:35.0968 5896 EraserUtilRebootDrv - ok

22:47:36.0015 5896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

22:47:36.0218 5896 ERSvc - ok

22:47:36.0265 5896 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS

22:47:36.0296 5896 EUSBMSD - ok

22:47:36.0359 5896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

22:47:36.0406 5896 Eventlog - ok

22:47:36.0453 5896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

22:47:36.0531 5896 EventSystem - ok

22:47:36.0562 5896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:47:36.0765 5896 Fastfat - ok

22:47:36.0812 5896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:47:36.0921 5896 FastUserSwitchingCompatibility - ok

22:47:36.0984 5896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:47:37.0156 5896 Fdc - ok

22:47:37.0187 5896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

22:47:37.0421 5896 Fips - ok

22:47:37.0468 5896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:47:37.0640 5896 Flpydisk - ok

22:47:37.0703 5896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:47:37.0875 5896 FltMgr - ok

22:47:38.0000 5896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:47:38.0015 5896 FontCache3.0.0.0 - ok

22:47:38.0062 5896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:47:38.0265 5896 Fs_Rec - ok

22:47:38.0328 5896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:47:38.0531 5896 Ftdisk - ok

22:47:38.0578 5896 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

22:47:38.0609 5896 GEARAspiWDM - ok

22:47:38.0687 5896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:47:38.0859 5896 Gpc - ok

22:47:38.0968 5896 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

22:47:38.0984 5896 gupdate - ok

22:47:39.0000 5896 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

22:47:39.0031 5896 gupdatem - ok

22:47:39.0109 5896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

22:47:39.0125 5896 gusvc - ok

22:47:39.0234 5896 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys

22:47:39.0312 5896 ha10kx2k - ok

22:47:39.0328 5896 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys

22:47:39.0359 5896 hap16v2k - ok

22:47:39.0453 5896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:47:39.0625 5896 helpsvc - ok

22:47:39.0687 5896 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

22:47:39.0859 5896 HidIr - ok

22:47:39.0906 5896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

22:47:40.0078 5896 HidServ - ok

22:47:40.0125 5896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:47:40.0281 5896 HidUsb - ok

22:47:40.0343 5896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

22:47:40.0515 5896 hkmsvc - ok

22:47:40.0546 5896 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

22:47:40.0750 5896 hpn - ok

22:47:40.0812 5896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:47:40.0859 5896 HTTP - ok

22:47:40.0890 5896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

22:47:41.0078 5896 HTTPFilter - ok

22:47:41.0109 5896 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

22:47:41.0281 5896 i2omgmt - ok

22:47:41.0312 5896 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

22:47:41.0703 5896 i2omp - ok

22:47:41.0750 5896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:47:41.0921 5896 i8042prt - ok

22:47:42.0078 5896 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

22:47:42.0109 5896 IDriverT ( UnsignedFile.Multi.Generic ) - warning

22:47:42.0109 5896 IDriverT - detected UnsignedFile.Multi.Generic (1)

22:47:42.0296 5896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:47:42.0390 5896 idsvc - ok

22:47:42.0593 5896 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120704.001\IDSxpx86.sys

22:47:42.0625 5896 IDSxpx86 - ok

22:47:42.0750 5896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:47:42.0953 5896 Imapi - ok

22:47:43.0015 5896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

22:47:43.0187 5896 ImapiService - ok

22:47:43.0234 5896 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

22:47:43.0468 5896 ini910u - ok

22:47:43.0500 5896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

22:47:43.0671 5896 IntelIde - ok

22:47:43.0734 5896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:47:43.0921 5896 intelppm - ok

22:47:43.0968 5896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:47:44.0156 5896 Ip6Fw - ok

22:47:44.0171 5896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:47:44.0375 5896 IpFilterDriver - ok

22:47:44.0437 5896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:47:44.0593 5896 IpInIp - ok

22:47:44.0625 5896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:47:44.0812 5896 IpNat - ok

22:47:44.0953 5896 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

22:47:45.0015 5896 iPod Service - ok

22:47:45.0046 5896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:47:45.0234 5896 IPSec - ok

22:47:45.0281 5896 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

22:47:45.0453 5896 IrBus - ok

22:47:45.0500 5896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:47:45.0671 5896 IRENUM - ok

22:47:45.0765 5896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:47:45.0953 5896 isapnp - ok

22:47:46.0109 5896 JavaQuickStarterService (a1509ba3a5fdc5366146e92b3d130eb5) C:\Program Files\Java\jre7\bin\jqs.exe

22:47:46.0125 5896 JavaQuickStarterService - ok

22:47:46.0171 5896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:47:46.0343 5896 Kbdclass - ok

22:47:46.0375 5896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:47:46.0546 5896 kbdhid - ok

22:47:46.0625 5896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:47:46.0796 5896 kmixer - ok

22:47:46.0859 5896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:47:46.0953 5896 KSecDD - ok

22:47:46.0984 5896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

22:47:47.0078 5896 lanmanserver - ok

22:47:47.0140 5896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

22:47:47.0203 5896 lanmanworkstation - ok

22:47:47.0218 5896 lbrtfdc - ok

22:47:47.0281 5896 LexBceS (5e3498f3d0146c0e275272b94369e3d2) C:\WINDOWS\system32\LEXBCES.EXE

22:47:47.0359 5896 LexBceS - ok

22:47:47.0421 5896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

22:47:47.0593 5896 LmHosts - ok

22:47:47.0687 5896 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

22:47:47.0734 5896 MDM - ok

22:47:47.0781 5896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

22:47:47.0984 5896 Messenger - ok

22:47:48.0031 5896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:47:48.0250 5896 mnmdd - ok

22:47:48.0328 5896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

22:47:48.0531 5896 mnmsrvc - ok

22:47:48.0546 5896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

22:47:48.0796 5896 Modem - ok

22:47:48.0843 5896 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

22:47:49.0093 5896 MODEMCSA - ok

22:47:49.0125 5896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:47:49.0312 5896 Mouclass - ok

22:47:49.0359 5896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:47:49.0546 5896 mouhid - ok

22:47:49.0593 5896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:47:49.0765 5896 MountMgr - ok

22:47:49.0796 5896 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

22:47:50.0000 5896 mraid35x - ok

22:47:50.0062 5896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:47:50.0265 5896 MRxDAV - ok

22:47:50.0359 5896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:47:50.0531 5896 MRxSmb - ok

22:47:50.0703 5896 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

22:47:50.0734 5896 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning

22:47:50.0734 5896 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)

22:47:50.0781 5896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

22:47:51.0000 5896 MSDTC - ok

22:47:51.0046 5896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:47:51.0218 5896 Msfs - ok

22:47:51.0234 5896 MSIServer - ok

22:47:51.0265 5896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:47:51.0453 5896 MSKSSRV - ok

22:47:51.0484 5896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:47:51.0671 5896 MSPCLOCK - ok

22:47:51.0703 5896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:47:51.0875 5896 MSPQM - ok

22:47:51.0921 5896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:47:52.0078 5896 mssmbios - ok

22:47:52.0125 5896 MSSQL$MICROSOFTBCM - ok

22:47:52.0203 5896 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

22:47:52.0234 5896 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning

22:47:52.0234 5896 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)

22:47:52.0265 5896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:47:52.0421 5896 MSTEE - ok

22:47:52.0484 5896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:47:52.0531 5896 Mup - ok

22:47:52.0562 5896 MVDCODEC (04dd08f6c43d331c238197e7deaf0d5e) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys

22:47:52.0609 5896 MVDCODEC - ok

22:47:52.0718 5896 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

22:47:52.0750 5896 N360 - ok

22:47:52.0796 5896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:47:52.0984 5896 NABTSFEC - ok

22:47:53.0031 5896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

22:47:53.0218 5896 napagent - ok

22:47:53.0406 5896 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120704.017\NAVENG.SYS

22:47:53.0421 5896 NAVENG - ok

22:47:53.0578 5896 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120704.017\NAVEX15.SYS

22:47:53.0703 5896 NAVEX15 - ok

22:47:53.0937 5896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:47:54.0125 5896 NDIS - ok

22:47:54.0187 5896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:47:54.0953 5896 NdisIP - ok

22:47:55.0000 5896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:47:55.0062 5896 NdisTapi - ok

22:47:55.0109 5896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:47:55.0281 5896 Ndisuio - ok

22:47:55.0328 5896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:47:55.0484 5896 NdisWan - ok

22:47:55.0531 5896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:47:55.0578 5896 NDProxy - ok

22:47:55.0609 5896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:47:55.0781 5896 NetBIOS - ok

22:47:55.0843 5896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:47:56.0015 5896 NetBT - ok

22:47:56.0078 5896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

22:47:56.0234 5896 NetDDE - ok

22:47:56.0265 5896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

22:47:56.0421 5896 NetDDEdsdm - ok

22:47:56.0468 5896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:47:56.0640 5896 Netlogon - ok

22:47:56.0718 5896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

22:47:56.0906 5896 Netman - ok

22:47:57.0062 5896 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe

22:47:57.0109 5896 NetSvc ( UnsignedFile.Multi.Generic ) - warning

22:47:57.0109 5896 NetSvc - detected UnsignedFile.Multi.Generic (1)

22:47:57.0250 5896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:47:57.0296 5896 NetTcpPortSharing - ok

22:47:57.0343 5896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:47:57.0515 5896 NIC1394 - ok

22:47:57.0562 5896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

22:47:57.0593 5896 Nla - ok

22:47:57.0671 5896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:47:57.0859 5896 Npfs - ok

22:47:57.0921 5896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:47:58.0125 5896 Ntfs - ok

22:47:58.0171 5896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

22:47:58.0312 5896 NtLmSsp - ok

22:47:58.0406 5896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

22:47:58.0593 5896 NtmsSvc - ok

22:47:58.0625 5896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:47:58.0828 5896 Null - ok

22:47:59.0015 5896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:47:59.0343 5896 nv - ok

22:47:59.0453 5896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:47:59.0656 5896 NwlnkFlt - ok

22:47:59.0687 5896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:47:59.0859 5896 NwlnkFwd - ok

22:47:59.0890 5896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:48:00.0062 5896 ohci1394 - ok

22:48:00.0125 5896 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

22:48:00.0140 5896 omci ( UnsignedFile.Multi.Generic ) - warning

22:48:00.0140 5896 omci - detected UnsignedFile.Multi.Generic (1)

22:48:00.0281 5896 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:48:00.0312 5896 ose - ok

22:48:00.0359 5896 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys

22:48:00.0375 5896 ossrv - ok

22:48:00.0453 5896 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

22:48:00.0625 5896 P3 - ok

22:48:00.0718 5896 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

22:48:00.0765 5896 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning

22:48:00.0765 5896 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)

22:48:00.0937 5896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

22:48:01.0218 5896 Parport - ok

22:48:01.0234 5896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:48:01.0421 5896 PartMgr - ok

22:48:01.0453 5896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:48:01.0656 5896 ParVdm - ok

22:48:01.0687 5896 PCDCODEC (1a3e460843151029f98f87274fbb40ca) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys

22:48:01.0734 5896 PCDCODEC - ok

22:48:01.0765 5896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

22:48:01.0921 5896 PCI - ok

22:48:01.0953 5896 PCIDump - ok

22:48:01.0968 5896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:48:02.0171 5896 PCIIde - ok

22:48:02.0234 5896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:48:02.0421 5896 Pcmcia - ok

22:48:02.0453 5896 PDCOMP - ok

22:48:02.0500 5896 PDFRAME - ok

22:48:02.0515 5896 PDRELI - ok

22:48:02.0531 5896 PDRFRAME - ok

22:48:02.0625 5896 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

22:48:02.0875 5896 perc2 - ok

22:48:02.0921 5896 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

22:48:03.0171 5896 perc2hib - ok

22:48:03.0234 5896 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys

22:48:03.0281 5896 PfModNT - ok

22:48:03.0328 5896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

22:48:03.0359 5896 PlugPlay - ok

22:48:03.0390 5896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:48:03.0656 5896 PolicyAgent - ok

22:48:03.0703 5896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:48:03.0906 5896 PptpMiniport - ok

22:48:03.0937 5896 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

22:48:04.0125 5896 Processor - ok

22:48:04.0125 5896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:48:04.0296 5896 ProtectedStorage - ok

22:48:04.0343 5896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:48:04.0515 5896 PSched - ok

22:48:04.0546 5896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:48:04.0734 5896 Ptilink - ok

22:48:04.0796 5896 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

22:48:04.0828 5896 PxHelp20 - ok

22:48:04.0859 5896 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

22:48:05.0046 5896 ql1080 - ok

22:48:05.0078 5896 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

22:48:05.0281 5896 Ql10wnt - ok

22:48:05.0312 5896 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

22:48:05.0468 5896 ql12160 - ok

22:48:05.0515 5896 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

22:48:05.0718 5896 ql1240 - ok

22:48:05.0750 5896 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

22:48:06.0000 5896 ql1280 - ok

22:48:06.0031 5896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:48:06.0218 5896 RasAcd - ok

22:48:06.0296 5896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

22:48:06.0546 5896 RasAuto - ok

22:48:06.0562 5896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:48:06.0734 5896 Rasl2tp - ok

22:48:06.0781 5896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

22:48:06.0953 5896 RasMan - ok

22:48:06.0984 5896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:48:07.0156 5896 RasPppoe - ok

22:48:07.0187 5896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:48:07.0359 5896 Raspti - ok

22:48:07.0406 5896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:48:07.0578 5896 Rdbss - ok

22:48:07.0625 5896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:48:07.0828 5896 RDPCDD - ok

22:48:07.0890 5896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:48:08.0109 5896 rdpdr - ok

22:48:08.0156 5896 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

22:48:08.0218 5896 RDPWD - ok

22:48:08.0265 5896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

22:48:08.0453 5896 RDSessMgr - ok

22:48:08.0500 5896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:48:08.0671 5896 redbook - ok

22:48:08.0734 5896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

22:48:08.0921 5896 RemoteAccess - ok

22:48:08.0984 5896 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

22:48:09.0156 5896 RemoteRegistry - ok

22:48:09.0218 5896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

22:48:10.0015 5896 RpcLocator - ok

22:48:10.0062 5896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

22:48:10.0093 5896 RpcSs - ok

22:48:10.0140 5896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

22:48:10.0359 5896 RSVP - ok

22:48:10.0406 5896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:48:10.0562 5896 SamSs - ok

22:48:10.0609 5896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

22:48:10.0765 5896 SCardSvr - ok

22:48:10.0812 5896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

22:48:11.0000 5896 Schedule - ok

22:48:11.0046 5896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:48:11.0234 5896 Secdrv - ok

22:48:11.0265 5896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

22:48:11.0437 5896 seclogon - ok

22:48:11.0484 5896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

22:48:11.0656 5896 SENS - ok

22:48:11.0703 5896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:48:12.0000 5896 serenum - ok

22:48:12.0046 5896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

22:48:12.0234 5896 Serial - ok

22:48:12.0343 5896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:48:12.0531 5896 Sfloppy - ok

22:48:12.0640 5896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

22:48:12.0875 5896 SharedAccess - ok

22:48:12.0921 5896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:48:12.0953 5896 ShellHWDetection - ok

22:48:12.0968 5896 Simbad - ok

22:48:13.0000 5896 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

22:48:13.0156 5896 sisagp - ok

22:48:13.0187 5896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:48:13.0375 5896 SLIP - ok

22:48:13.0468 5896 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys

22:48:13.0609 5896 smwdm - ok

22:48:13.0640 5896 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

22:48:13.0750 5896 Sparrow - ok

22:48:13.0796 5896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:48:13.0953 5896 splitter - ok

22:48:14.0015 5896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

22:48:14.0093 5896 Spooler - ok

22:48:14.0171 5896 sprtsvc_dellsupportcenter - ok

22:48:14.0359 5896 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

22:48:14.0390 5896 SPTISRV ( UnsignedFile.Multi.Generic ) - warning

22:48:14.0390 5896 SPTISRV - detected UnsignedFile.Multi.Generic (1)

22:48:14.0421 5896 SQLAgent$MICROSOFTBCM - ok

22:48:14.0484 5896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

22:48:14.0656 5896 sr - ok

22:48:14.0703 5896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

22:48:14.0890 5896 srservice - ok

22:48:15.0031 5896 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS

22:48:15.0093 5896 SRTSP - ok

22:48:15.0140 5896 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS

22:48:15.0156 5896 SRTSPX - ok

22:48:15.0234 5896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:48:15.0343 5896 Srv - ok

22:48:15.0390 5896 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

22:48:15.0406 5896 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

22:48:15.0406 5896 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

22:48:15.0453 5896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

22:48:15.0640 5896 SSDPSRV - ok

22:48:15.0671 5896 SSPORT - ok

22:48:15.0687 5896 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

22:48:15.0703 5896 ssrtln ( UnsignedFile.Multi.Generic ) - warning

22:48:15.0703 5896 ssrtln - detected UnsignedFile.Multi.Generic (1)

22:48:15.0875 5896 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

22:48:15.0906 5896 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning

22:48:15.0906 5896 SSScsiSV - detected UnsignedFile.Multi.Generic (1)

22:48:15.0984 5896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

22:48:16.0218 5896 stisvc - ok

22:48:16.0265 5896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:48:16.0437 5896 streamip - ok

22:48:16.0484 5896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:48:16.0656 5896 swenum - ok

22:48:16.0687 5896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:48:16.0859 5896 swmidi - ok

22:48:16.0875 5896 SwPrv - ok

22:48:16.0921 5896 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

22:48:17.0125 5896 symc810 - ok

22:48:17.0156 5896 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

22:48:17.0359 5896 symc8xx - ok

22:48:17.0437 5896 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS

22:48:17.0500 5896 SymDS - ok

22:48:17.0578 5896 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS

22:48:17.0640 5896 SymEFA - ok

22:48:17.0703 5896 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

22:48:17.0750 5896 SymEvent - ok

22:48:17.0765 5896 SYMFW - ok

22:48:17.0781 5896 SYMIDS - ok

22:48:17.0843 5896 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS

22:48:17.0859 5896 SymIRON - ok

22:48:17.0875 5896 SYMNDIS - ok

22:48:17.0921 5896 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS

22:48:18.0109 5896 SYMTDI - ok

22:48:18.0156 5896 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

22:48:18.0390 5896 sym_hi - ok

22:48:18.0421 5896 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

22:48:18.0625 5896 sym_u3 - ok

22:48:18.0671 5896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:48:18.0859 5896 sysaudio - ok

22:48:18.0906 5896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

22:48:19.0078 5896 SysmonLog - ok

22:48:19.0156 5896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

22:48:19.0343 5896 TapiSrv - ok

22:48:19.0406 5896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:48:19.0437 5896 Tcpip - ok

22:48:19.0500 5896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:48:19.0671 5896 TDPIPE - ok

22:48:19.0703 5896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:48:19.0890 5896 TDTCP - ok

22:48:19.0921 5896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:48:20.0109 5896 TermDD - ok

22:48:20.0187 5896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

22:48:20.0390 5896 TermService - ok

22:48:20.0453 5896 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys

22:48:20.0468 5896 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0468 5896 tfsnboio - detected UnsignedFile.Multi.Generic (1)

22:48:20.0546 5896 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys

22:48:20.0562 5896 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0562 5896 tfsncofs - detected UnsignedFile.Multi.Generic (1)

22:48:20.0609 5896 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys

22:48:20.0625 5896 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0625 5896 tfsndrct - detected UnsignedFile.Multi.Generic (1)

22:48:20.0671 5896 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys

22:48:20.0687 5896 tfsndres ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0687 5896 tfsndres - detected UnsignedFile.Multi.Generic (1)

22:48:20.0734 5896 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys

22:48:20.0781 5896 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0781 5896 tfsnifs - detected UnsignedFile.Multi.Generic (1)

22:48:20.0828 5896 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys

22:48:20.0843 5896 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0843 5896 tfsnopio - detected UnsignedFile.Multi.Generic (1)

22:48:20.0890 5896 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys

22:48:20.0906 5896 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0906 5896 tfsnpool - detected UnsignedFile.Multi.Generic (1)

22:48:20.0937 5896 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys

22:48:20.0937 5896 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

22:48:20.0937 5896 tfsnudf - detected UnsignedFile.Multi.Generic (1)

22:48:20.0968 5896 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys

22:48:21.0000 5896 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

22:48:21.0000 5896 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

22:48:21.0046 5896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:48:21.0062 5896 Themes - ok

22:48:21.0109 5896 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

22:48:21.0281 5896 TlntSvr - ok

22:48:21.0328 5896 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

22:48:21.0781 5896 TosIde - ok

22:48:21.0828 5896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

22:48:22.0015 5896 TrkWks - ok

22:48:22.0078 5896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:48:22.0250 5896 Udfs - ok

22:48:22.0281 5896 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

22:48:22.0359 5896 ultra - ok

22:48:22.0406 5896 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe

22:48:22.0484 5896 UMWdf - ok

22:48:22.0531 5896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:48:22.0750 5896 Update - ok

22:48:22.0828 5896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

22:48:23.0015 5896 upnphost - ok

22:48:23.0062 5896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

22:48:23.0250 5896 UPS - ok

22:48:23.0296 5896 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

22:48:23.0375 5896 USBAAPL - ok

22:48:23.0421 5896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:48:23.0593 5896 usbccgp - ok

22:48:23.0640 5896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:48:23.0812 5896 usbehci - ok

22:48:23.0843 5896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:48:24.0046 5896 usbhub - ok

22:48:24.0062 5896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:48:24.0218 5896 usbprint - ok

22:48:24.0250 5896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:48:24.0437 5896 usbscan - ok

22:48:24.0453 5896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:48:24.0640 5896 USBSTOR - ok

22:48:24.0734 5896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:48:24.0953 5896 usbuhci - ok

22:48:24.0984 5896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:48:25.0156 5896 VgaSave - ok

22:48:25.0218 5896 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

22:48:25.0406 5896 viaagp - ok

22:48:25.0437 5896 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

22:48:25.0640 5896 ViaIde - ok

22:48:25.0656 5896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

22:48:25.0828 5896 VolSnap - ok

22:48:25.0890 5896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

22:48:26.0078 5896 VSS - ok

22:48:26.0125 5896 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

22:48:26.0296 5896 w32time - ok

22:48:26.0343 5896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:48:26.0515 5896 Wanarp - ok

22:48:26.0578 5896 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

22:48:26.0609 5896 wanatw - ok

22:48:26.0656 5896 WANMiniportService (909f2dc0da7f57d229a05ee90647b2c3) C:\WINDOWS\wanmpsvc.exe

22:48:28.0062 5896 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning

22:48:28.0062 5896 WANMiniportService - detected UnsignedFile.Multi.Generic (1)

22:48:28.0093 5896 WDICA - ok

22:48:28.0171 5896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:48:28.0437 5896 wdmaud - ok

22:48:28.0500 5896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

22:48:28.0703 5896 WebClient - ok

22:48:28.0828 5896 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe

22:48:28.0843 5896 WinDefend - ok

22:48:28.0921 5896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:48:29.0109 5896 winmgmt - ok

22:48:29.0250 5896 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe

22:48:29.0343 5896 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning

22:48:29.0343 5896 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)

22:48:29.0390 5896 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe

22:48:29.0406 5896 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning

22:48:29.0406 5896 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)

22:48:29.0484 5896 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll

22:48:29.0578 5896 WmdmPmSN - ok

22:48:29.0687 5896 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

22:48:29.0781 5896 Wmi - ok

22:48:29.0906 5896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

22:48:30.0093 5896 WmiApSrv - ok

22:48:30.0187 5896 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

22:48:30.0218 5896 WpdUsb - ok

22:48:30.0281 5896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:48:30.0500 5896 WS2IFSL - ok

22:48:30.0562 5896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

22:48:30.0734 5896 wscsvc - ok

22:48:30.0781 5896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:48:30.0968 5896 WSTCODEC - ok

22:48:31.0015 5896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

22:48:31.0187 5896 wuauserv - ok

22:48:31.0265 5896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

22:48:31.0453 5896 WZCSVC - ok

22:48:31.0609 5896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

22:48:31.0781 5896 xmlprov - ok

22:48:31.0828 5896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:48:31.0843 5896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

22:48:31.0843 5896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

22:48:31.0875 5896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

22:48:31.0875 5896 \Device\Harddisk0\DR0 - detected TDSS File System (1)

22:48:31.0921 5896 Boot (0x1200) (b9e81464156e28b66ed872da1925d8d6) \Device\Harddisk0\DR0\Partition0

22:48:31.0921 5896 \Device\Harddisk0\DR0\Partition0 - ok

22:48:31.0921 5896 ============================================================

22:48:31.0921 5896 Scan finished

22:48:31.0921 5896 ============================================================

22:48:32.0078 3112 Detected object count: 29

22:48:32.0078 3112 Actual detected object count: 29

22:48:53.0515 3112 AOL ACS ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 AOL ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0515 3112 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0515 3112 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0515 3112 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0515 3112 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0515 3112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0515 3112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0531 3112 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0531 3112 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0531 3112 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0531 3112 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0531 3112 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0531 3112 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0531 3112 omci ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0531 3112 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0546 3112 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0546 3112 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0546 3112 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0546 3112 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0546 3112 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0546 3112 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0546 3112 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0546 3112 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0562 3112 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0562 3112 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0562 3112 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0562 3112 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0562 3112 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0562 3112 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0562 3112 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0562 3112 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:53.0578 3112 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:48:53.0578 3112 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:48:54.0500 3112 \Device\Harddisk0\DR0\# - copied to quarantine

22:48:54.0500 3112 \Device\Harddisk0\DR0 - copied to quarantine

22:48:54.0546 3112 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

22:48:54.0562 3112 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

22:48:54.0578 3112 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

22:48:54.0593 3112 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

22:48:54.0609 3112 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

22:48:54.0625 3112 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

22:48:54.0640 3112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

22:48:54.0640 3112 \Device\Harddisk0\DR0 - ok

22:49:01.0359 3112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

22:49:01.0375 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:49:01.0375 3112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

22:49:38.0406 4228 Deinitialize success

==============

MalwareBytes Log

==============

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.06.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jim :: REYNOLDS [administrator]

7/5/2012 11:01:08 PM

mbam-log-2012-07-05 (23-01-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 365542

Time elapsed: 1 hour(s), 17 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Jim\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

jvreynol · July 6, 2012

=============

DDS Logs - DDS.txt

===============

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0

Run by Jim at 5:05:18 on 2012-07-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1912 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe