Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

unknown virus loading up my browser with junk! [Solved]

Started by bob65 , Feb 13 2012 09:42 AM

This topic is locked

#16
Render

Posted 22 February 2012 - 05:43 PM

Trusted Helper

Malware Removal
4,195 posts

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

#17
bob65

Posted 22 February 2012 - 06:38 PM

Member

Topic Starter
Member
20 posts

19:32:52.0556 4824 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:32:52.0962 4824 ============================================================
19:32:52.0962 4824 Current date / time: 2012/02/22 19:32:52.0962
19:32:52.0962 4824 SystemInfo:
19:32:52.0962 4824
19:32:52.0962 4824 OS Version: 6.0.6002 ServicePack: 2.0
19:32:52.0962 4824 Product type: Workstation
19:32:52.0962 4824 ComputerName: BOB-PC
19:32:52.0962 4824 UserName: Bob
19:32:52.0962 4824 Windows directory: C:\Windows
19:32:52.0962 4824 System windows directory: C:\Windows
19:32:52.0962 4824 Processor architecture: Intel x86
19:32:52.0962 4824 Number of processors: 2
19:32:52.0962 4824 Page size: 0x1000
19:32:52.0962 4824 Boot type: Normal boot
19:32:52.0962 4824 ============================================================
19:32:53.0632 4824 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:32:53.0632 4824 \Device\Harddisk0\DR0:
19:32:53.0632 4824 MBR used
19:32:53.0632 4824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x119B3FD4
19:32:53.0632 4824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x119B4013, BlocksNum 0x1064AAE
19:32:53.0773 4824 Initialize success
19:32:53.0773 4824 ============================================================
19:33:10.0496 4080 ============================================================
19:33:10.0496 4080 Scan started
19:33:10.0496 4080 Mode: Manual; SigCheck; TDLFS;
19:33:10.0496 4080 ============================================================
19:33:12.0274 4080 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:33:12.0540 4080 ACPI - ok
19:33:12.0774 4080 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:33:12.0805 4080 adp94xx - ok
19:33:12.0852 4080 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:33:12.0883 4080 adpahci - ok
19:33:12.0961 4080 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:33:12.0992 4080 adpu160m - ok
19:33:13.0086 4080 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:33:13.0117 4080 adpu320 - ok
19:33:13.0304 4080 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:33:13.0413 4080 AFD - ok
19:33:13.0522 4080 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:33:13.0569 4080 agp440 - ok
19:33:13.0694 4080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:33:13.0725 4080 aic78xx - ok
19:33:13.0772 4080 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:33:13.0803 4080 aliide - ok
19:33:13.0928 4080 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:33:13.0944 4080 amdagp - ok
19:33:14.0022 4080 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:33:14.0037 4080 amdide - ok
19:33:14.0146 4080 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:33:14.0318 4080 AmdK7 - ok
19:33:14.0802 4080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
19:33:15.0004 4080 AmdK8 - ok
19:33:15.0270 4080 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:33:15.0285 4080 arc - ok
19:33:15.0706 4080 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:33:15.0753 4080 arcsas - ok
19:33:15.0925 4080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:33:16.0034 4080 AsyncMac - ok
19:33:16.0096 4080 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:33:16.0112 4080 atapi - ok
19:33:16.0580 4080 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:33:16.0705 4080 BCM43XV - ok
19:33:16.0798 4080 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:33:16.0876 4080 BCM43XX - ok
19:33:17.0064 4080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:33:17.0142 4080 Beep - ok
19:33:17.0422 4080 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
19:33:17.0563 4080 BHDrvx86 - ok
19:33:17.0797 4080 blbdrive - ok
19:33:17.0844 4080 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:33:17.0906 4080 bowser - ok
19:33:18.0093 4080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:33:18.0187 4080 BrFiltLo - ok
19:33:18.0561 4080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:33:18.0639 4080 BrFiltUp - ok
19:33:18.0951 4080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:33:19.0045 4080 Brserid - ok
19:33:19.0138 4080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:33:19.0216 4080 BrSerWdm - ok
19:33:19.0310 4080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:33:19.0388 4080 BrUsbMdm - ok
19:33:19.0466 4080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:33:19.0544 4080 BrUsbSer - ok
19:33:19.0606 4080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:33:19.0684 4080 BTHMODEM - ok
19:33:19.0825 4080 catchme - ok
19:33:19.0965 4080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:33:20.0012 4080 cdfs - ok
19:33:20.0074 4080 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:33:20.0121 4080 cdrom - ok
19:33:20.0262 4080 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:33:20.0340 4080 circlass - ok
19:33:20.0402 4080 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:33:20.0418 4080 CLFS - ok
19:33:20.0574 4080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:33:20.0620 4080 CmBatt - ok
19:33:20.0652 4080 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:33:20.0667 4080 cmdide - ok
19:33:20.0745 4080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:33:20.0761 4080 Compbatt - ok
19:33:20.0854 4080 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:33:20.0870 4080 crcdisk - ok
19:33:20.0901 4080 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:33:20.0995 4080 Crusoe - ok
19:33:21.0166 4080 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:33:21.0229 4080 DfsC - ok
19:33:21.0634 4080 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:33:21.0681 4080 disk - ok
19:33:22.0056 4080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:33:22.0134 4080 drmkaud - ok
19:33:22.0664 4080 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:33:22.0758 4080 DXGKrnl - ok
19:33:23.0101 4080 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
19:33:23.0241 4080 E100B - ok
19:33:23.0662 4080 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:33:23.0756 4080 E1G60 - ok
19:33:24.0115 4080 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
19:33:24.0177 4080 eabfiltr - ok
19:33:24.0349 4080 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:33:24.0396 4080 Ecache - ok
19:33:24.0661 4080 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:33:24.0723 4080 eeCtrl - ok
19:33:24.0957 4080 ElRawDisk (c6b4dda400033eea08951fc21ed78708) C:\Windows\system32\drivers\elrawdsk.sys
19:33:24.0988 4080 ElRawDisk - ok
19:33:25.0113 4080 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:33:25.0144 4080 elxstor - ok
19:33:25.0378 4080 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:33:25.0425 4080 EraserUtilRebootDrv - ok
19:33:25.0846 4080 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:33:25.0940 4080 exfat - ok
19:33:26.0065 4080 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:33:26.0158 4080 fastfat - ok
19:33:26.0221 4080 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:33:26.0299 4080 fdc - ok
19:33:27.0110 4080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:33:27.0172 4080 FileInfo - ok
19:33:27.0625 4080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:33:27.0734 4080 Filetrace - ok
19:33:27.0968 4080 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:33:28.0062 4080 flpydisk - ok
19:33:28.0264 4080 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:33:28.0296 4080 FltMgr - ok
19:33:28.0717 4080 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:33:28.0779 4080 Fs_Rec - ok
19:33:29.0138 4080 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:33:29.0185 4080 gagp30kx - ok
19:33:29.0325 4080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:33:29.0388 4080 GEARAspiWDM - ok
19:33:29.0481 4080 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
19:33:29.0544 4080 HBtnKey - ok
19:33:29.0715 4080 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
19:33:29.0762 4080 HdAudAddService - ok
19:33:30.0090 4080 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:33:30.0199 4080 HDAudBus - ok
19:33:30.0402 4080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:33:30.0480 4080 HidBth - ok
19:33:30.0526 4080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:33:30.0604 4080 HidIr - ok
19:33:30.0714 4080 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:33:30.0745 4080 HidUsb - ok
19:33:30.0823 4080 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:33:30.0838 4080 HpCISSs - ok
19:33:31.0260 4080 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:33:31.0353 4080 HSFHWAZL - ok
19:33:32.0118 4080 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:33:32.0242 4080 HSF_DPV - ok
19:33:32.0648 4080 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:33:32.0710 4080 HSXHWAZL - ok
19:33:33.0132 4080 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:33:33.0225 4080 HTTP - ok
19:33:33.0459 4080 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:33:33.0475 4080 i2omp - ok
19:33:33.0802 4080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:33:33.0896 4080 i8042prt - ok
19:33:34.0364 4080 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:33:34.0582 4080 ialm - ok
19:33:35.0128 4080 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:33:35.0144 4080 iaStorV - ok
19:33:35.0565 4080 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120218.003\IDSvix86.sys
19:33:35.0643 4080 IDSVix86 - ok
19:33:36.0096 4080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:33:36.0142 4080 iirsp - ok
19:33:36.0314 4080 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:33:36.0330 4080 intelide - ok
19:33:36.0392 4080 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
19:33:36.0470 4080 intelppm - ok
19:33:36.0751 4080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:36.0860 4080 IpFilterDriver - ok
19:33:37.0188 4080 IpInIp - ok
19:33:37.0312 4080 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:33:37.0484 4080 IPMIDRV - ok
19:33:37.0718 4080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:33:37.0780 4080 IPNAT - ok
19:33:37.0921 4080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:33:37.0983 4080 IRENUM - ok
19:33:38.0311 4080 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:33:38.0358 4080 isapnp - ok
19:33:38.0872 4080 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:33:38.0904 4080 iScsiPrt - ok
19:33:39.0184 4080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:33:39.0216 4080 iteatapi - ok
19:33:39.0325 4080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:33:39.0340 4080 iteraid - ok
19:33:39.0403 4080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:33:39.0418 4080 kbdclass - ok
19:33:39.0699 4080 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:33:39.0762 4080 kbdhid - ok
19:33:40.0230 4080 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:33:40.0323 4080 KSecDD - ok
19:33:40.0604 4080 Lbd - ok
19:33:41.0025 4080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:33:41.0134 4080 lltdio - ok
19:33:41.0368 4080 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:33:41.0384 4080 LSI_FC - ok
19:33:41.0431 4080 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:33:41.0446 4080 LSI_SAS - ok
19:33:41.0540 4080 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:33:41.0571 4080 LSI_SCSI - ok
19:33:41.0680 4080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:33:41.0774 4080 luafv - ok
19:33:42.0024 4080 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:33:42.0055 4080 mdmxsdk - ok
19:33:42.0273 4080 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:33:42.0304 4080 megasas - ok
19:33:42.0336 4080 MEMSWEEP2 - ok
19:33:42.0398 4080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:33:42.0492 4080 Modem - ok
19:33:42.0726 4080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:33:42.0835 4080 monitor - ok
19:33:43.0194 4080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:33:43.0240 4080 mouclass - ok
19:33:43.0412 4080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:33:43.0521 4080 mouhid - ok
19:33:43.0740 4080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:33:43.0755 4080 MountMgr - ok
19:33:44.0161 4080 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:33:44.0208 4080 mpio - ok
19:33:44.0473 4080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:33:44.0566 4080 mpsdrv - ok
19:33:45.0034 4080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:33:45.0066 4080 Mraid35x - ok
19:33:45.0409 4080 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:33:45.0471 4080 MRxDAV - ok
19:33:45.0768 4080 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:45.0846 4080 mrxsmb - ok
19:33:46.0251 4080 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:46.0314 4080 mrxsmb10 - ok
19:33:46.0641 4080 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:46.0719 4080 mrxsmb20 - ok
19:33:47.0125 4080 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:33:47.0172 4080 msahci - ok
19:33:47.0530 4080 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:33:47.0593 4080 msdsm - ok
19:33:47.0874 4080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:33:47.0983 4080 Msfs - ok
19:33:48.0388 4080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:33:48.0435 4080 msisadrv - ok
19:33:48.0716 4080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:33:48.0778 4080 MSKSSRV - ok
19:33:49.0278 4080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:33:49.0387 4080 MSPCLOCK - ok
19:33:49.0808 4080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:33:49.0886 4080 MSPQM - ok
19:33:50.0276 4080 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:33:50.0307 4080 MsRPC - ok
19:33:50.0635 4080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:33:50.0682 4080 mssmbios - ok
19:33:51.0103 4080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:33:51.0212 4080 MSTEE - ok
19:33:51.0399 4080 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:33:51.0446 4080 Mup - ok
19:33:51.0867 4080 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:33:51.0930 4080 NativeWifiP - ok
19:33:52.0226 4080 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120222.001\NAVENG.SYS
19:33:52.0257 4080 NAVENG - ok
19:33:52.0912 4080 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120222.001\NAVEX15.SYS
19:33:53.0100 4080 NAVEX15 - ok
19:33:53.0568 4080 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:33:53.0630 4080 NDIS - ok
19:33:54.0020 4080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:33:54.0129 4080 NdisTapi - ok
19:33:54.0488 4080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:33:54.0582 4080 Ndisuio - ok
19:33:54.0909 4080 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:33:54.0987 4080 NdisWan - ok
19:33:55.0362 4080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:33:55.0408 4080 NDProxy - ok
19:33:55.0798 4080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:33:55.0892 4080 NetBIOS - ok
19:33:56.0329 4080 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:33:56.0422 4080 netbt - ok
19:33:56.0812 4080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:33:56.0859 4080 nfrd960 - ok
19:33:57.0000 4080 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:33:57.0078 4080 Npfs - ok
19:33:57.0124 4080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:33:57.0187 4080 nsiproxy - ok
19:33:57.0842 4080 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:33:57.0967 4080 Ntfs - ok
19:33:58.0372 4080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:33:58.0528 4080 ntrigdigi - ok
19:33:58.0965 4080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:33:59.0043 4080 Null - ok
19:33:59.0496 4080 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
19:33:59.0636 4080 NVENETFD - ok
19:34:01.0056 4080 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:34:01.0399 4080 nvlddmkm - ok
19:34:01.0867 4080 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:34:01.0929 4080 nvraid - ok
19:34:02.0288 4080 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
19:34:02.0366 4080 nvsmu - ok
19:34:02.0803 4080 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:34:02.0865 4080 nvstor - ok
19:34:03.0240 4080 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
19:34:03.0271 4080 nvstor32 - ok
19:34:03.0692 4080 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:34:03.0739 4080 nv_agp - ok
19:34:04.0035 4080 NwlnkFlt - ok
19:34:04.0503 4080 NwlnkFwd - ok
19:34:04.0831 4080 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:34:04.0893 4080 ohci1394 - ok
19:34:05.0361 4080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:34:05.0439 4080 Parport - ok
19:34:05.0767 4080 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:34:05.0814 4080 partmgr - ok
19:34:06.0126 4080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:34:06.0266 4080 Parvdm - ok
19:34:06.0765 4080 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:34:06.0828 4080 pci - ok
19:34:07.0124 4080 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:34:07.0171 4080 pciide - ok
19:34:07.0608 4080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:34:07.0670 4080 pcmcia - ok
19:34:08.0091 4080 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
19:34:08.0122 4080 PCTBD - ok
19:34:08.0684 4080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:34:08.0871 4080 PEAUTH - ok
19:34:09.0168 4080 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\Windows\system32\DRIVERS\pneteth.sys
19:34:09.0230 4080 pneteth - ok
19:34:09.0745 4080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:34:09.0838 4080 PptpMiniport - ok
19:34:10.0150 4080 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:34:10.0228 4080 Processor - ok
19:34:10.0634 4080 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:34:10.0728 4080 PSched - ok
19:34:11.0180 4080 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
19:34:11.0227 4080 PxHelp20 - ok
19:34:11.0398 4080 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:34:11.0492 4080 ql2300 - ok
19:34:11.0913 4080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:34:11.0960 4080 ql40xx - ok
19:34:12.0194 4080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:34:12.0288 4080 QWAVEdrv - ok
19:34:12.0693 4080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:34:12.0756 4080 RasAcd - ok
19:34:13.0099 4080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:13.0208 4080 Rasl2tp - ok
19:34:13.0660 4080 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:13.0723 4080 RasPppoe - ok
19:34:14.0082 4080 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:34:14.0160 4080 RasSstp - ok
19:34:14.0628 4080 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:34:14.0721 4080 rdbss - ok
19:34:15.0158 4080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:15.0267 4080 RDPCDD - ok
19:34:15.0657 4080 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:34:15.0798 4080 rdpdr - ok
19:34:16.0234 4080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:34:16.0344 4080 RDPENCDD - ok
19:34:16.0812 4080 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:34:16.0905 4080 RDPWD - ok
19:34:17.0264 4080 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:34:17.0342 4080 rimmptsk - ok
19:34:17.0763 4080 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:34:17.0841 4080 rimsptsk - ok
19:34:18.0247 4080 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:34:18.0309 4080 rismxdp - ok
19:34:18.0793 4080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:34:18.0886 4080 rspndr - ok
19:34:19.0292 4080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:34:19.0323 4080 sbp2port - ok
19:34:19.0682 4080 SBRE - ok
19:34:20.0228 4080 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:34:20.0259 4080 sdbus - ok
19:34:20.0509 4080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:34:20.0602 4080 secdrv - ok
19:34:20.0868 4080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:34:21.0024 4080 Serenum - ok
19:34:21.0336 4080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:34:21.0445 4080 Serial - ok
19:34:21.0850 4080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:34:21.0897 4080 sermouse - ok
19:34:22.0272 4080 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:34:22.0428 4080 sffdisk - ok
19:34:22.0896 4080 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:34:23.0005 4080 sffp_mmc - ok
19:34:23.0301 4080 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:34:23.0364 4080 sffp_sd - ok
19:34:23.0722 4080 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:34:23.0847 4080 sfloppy - ok
19:34:24.0268 4080 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:34:24.0331 4080 sisagp - ok
19:34:24.0752 4080 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:34:24.0799 4080 SiSRaid2 - ok
19:34:25.0064 4080 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:34:25.0111 4080 SiSRaid4 - ok
19:34:25.0298 4080 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:34:25.0376 4080 Smb - ok
19:34:25.0470 4080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:34:25.0485 4080 spldr - ok
19:34:25.0844 4080 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
19:34:25.0906 4080 SRTSP - ok
19:34:26.0203 4080 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
19:34:26.0234 4080 SRTSPX - ok
19:34:26.0421 4080 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:34:26.0499 4080 srv - ok
19:34:26.0624 4080 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:34:26.0702 4080 srv2 - ok
19:34:26.0952 4080 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:34:27.0030 4080 srvnet - ok
19:34:27.0279 4080 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
19:34:27.0388 4080 StillCam - ok
19:34:27.0638 4080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:34:27.0654 4080 swenum - ok
19:34:27.0903 4080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:34:27.0966 4080 Symc8xx - ok
19:34:28.0293 4080 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
19:34:28.0371 4080 SymDS - ok
19:34:28.0761 4080 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
19:34:28.0839 4080 SymEFA - ok
19:34:29.0089 4080 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
19:34:29.0120 4080 SymEvent - ok
19:34:29.0463 4080 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
19:34:29.0494 4080 SymIRON - ok
19:34:29.0853 4080 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
19:34:29.0916 4080 SYMTDIv - ok
19:34:30.0259 4080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:34:30.0321 4080 Sym_hi - ok
19:34:30.0446 4080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:34:30.0477 4080 Sym_u3 - ok
19:34:30.0555 4080 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
19:34:30.0618 4080 SynTP - ok
19:34:30.0852 4080 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:34:30.0914 4080 Tcpip - ok
19:34:31.0257 4080 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:34:31.0351 4080 Tcpip6 - ok
19:34:31.0600 4080 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:34:31.0663 4080 tcpipreg - ok
19:34:31.0959 4080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:34:31.0990 4080 TDPIPE - ok
19:34:32.0380 4080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:34:32.0474 4080 TDTCP - ok
19:34:32.0864 4080 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:34:32.0958 4080 tdx - ok
19:34:33.0410 4080 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:34:33.0457 4080 TermDD - ok
19:34:33.0675 4080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:33.0769 4080 tssecsrv - ok
19:34:34.0190 4080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:34:34.0284 4080 tunmp - ok
19:34:34.0611 4080 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:34:34.0674 4080 tunnel - ok
19:34:35.0173 4080 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:34:35.0204 4080 uagp35 - ok
19:34:35.0532 4080 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:34:35.0625 4080 udfs - ok
19:34:35.0984 4080 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:34:36.0031 4080 uliagpkx - ok
19:34:36.0468 4080 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:34:36.0514 4080 uliahci - ok
19:34:36.0920 4080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:34:36.0967 4080 UlSata - ok
19:34:37.0388 4080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:34:37.0435 4080 ulsata2 - ok
19:34:37.0794 4080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:34:37.0903 4080 umbus - ok
19:34:38.0090 4080 usbbus (af9388e736af0c325067f05edc350010) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:34:38.0137 4080 usbbus - ok
19:34:38.0199 4080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:34:38.0246 4080 usbccgp - ok
19:34:38.0636 4080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:34:38.0792 4080 usbcir - ok
19:34:39.0198 4080 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:34:39.0244 4080 UsbDiag - ok
19:34:39.0650 4080 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:34:39.0697 4080 usbehci - ok
19:34:40.0149 4080 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:34:40.0196 4080 usbhub - ok
19:34:40.0570 4080 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:34:40.0617 4080 USBModem - ok
19:34:41.0132 4080 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:34:41.0226 4080 usbohci - ok
19:34:41.0335 4080 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:34:41.0428 4080 usbprint - ok
19:34:41.0522 4080 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:34:41.0584 4080 usbscan - ok
19:34:41.0678 4080 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:41.0709 4080 USBSTOR - ok
19:34:41.0756 4080 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
19:34:41.0818 4080 usbuhci - ok
19:34:41.0974 4080 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:34:42.0037 4080 usbvideo - ok
19:34:42.0271 4080 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:34:42.0349 4080 usb_rndisx - ok
19:34:42.0661 4080 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:42.0754 4080 vga - ok
19:34:43.0066 4080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:34:43.0160 4080 VgaSave - ok
19:34:43.0644 4080 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:34:43.0722 4080 viaagp - ok
19:34:44.0361 4080 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:34:44.0486 4080 ViaC7 - ok
19:34:44.0751 4080 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:34:44.0782 4080 viaide - ok
19:34:45.0297 4080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:34:45.0344 4080 volmgr - ok
19:34:45.0734 4080 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:34:45.0828 4080 volmgrx - ok
19:34:46.0530 4080 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:34:46.0576 4080 volsnap - ok
19:34:46.0748 4080 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:34:46.0810 4080 vsmraid - ok
19:34:46.0904 4080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:34:46.0982 4080 WacomPen - ok
19:34:47.0247 4080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:47.0341 4080 Wanarp - ok
19:34:47.0372 4080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:47.0419 4080 Wanarpv6 - ok
19:34:47.0746 4080 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:34:47.0793 4080 Wd - ok
19:34:48.0464 4080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:34:48.0589 4080 Wdf01000 - ok
19:34:49.0821 4080 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:34:49.0930 4080 winachsf - ok
19:34:50.0679 4080 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
19:34:50.0757 4080 WinUSB - ok
19:34:51.0350 4080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:34:51.0428 4080 WmiAcpi - ok
19:34:51.0740 4080 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:34:51.0787 4080 WpdUsb - ok
19:34:51.0880 4080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:34:52.0005 4080 ws2ifsl - ok
19:34:52.0723 4080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:34:52.0816 4080 WUDFRd - ok
19:34:53.0955 4080 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
19:34:54.0018 4080 XAudio - ok
19:34:54.0096 4080 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
19:34:54.0766 4080 \Device\Harddisk0\DR0 - ok
19:34:54.0813 4080 Boot (0x1200) (a182bf0e45f72dab2aa19132cb7766ac) \Device\Harddisk0\DR0\Partition0
19:34:54.0938 4080 \Device\Harddisk0\DR0\Partition0 - ok
19:34:55.0032 4080 Boot (0x1200) (9f3edab57323961243649d12d8a28921) \Device\Harddisk0\DR0\Partition1
19:34:55.0110 4080 \Device\Harddisk0\DR0\Partition1 - ok
19:34:55.0110 4080 ============================================================
19:34:55.0110 4080 Scan finished
19:34:55.0110 4080 ============================================================
19:34:55.0156 5528 Detected object count: 0
19:34:55.0156 5528 Actual detected object count: 0
19:36:37.0263 0480 Deinitialize success

#18
Render

Posted 22 February 2012 - 07:02 PM

Trusted Helper

Malware Removal
4,195 posts

It's late here now and I have an early start tomorrow but I'll have a look at your log and reply tomorrow

#19
Render

Posted 23 February 2012 - 08:54 AM

Trusted Helper

Malware Removal
4,195 posts

If all else fails, if I use system restore to "factory settings" would that get rid of it?

I'm not sure.

Posted Image

GMER Rootkit Scanner

Download GMER from HERE.
Extract the contents of zipped file to your desktop.
Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER should crash then proceed to the OTL scan!

#20
bob65

Posted 23 February 2012 - 10:53 AM

Member

Topic Starter
Member
20 posts

I'm sorry I told you wrong earlier, this is the program that causes a shutdown because of possible damage to my computer.

#21
Render

Posted 23 February 2012 - 11:21 AM

Trusted Helper

Malware Removal
4,195 posts

Try with this one:

We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Zip Mirrors (Recommended)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

#22
bob65

Posted 23 February 2012 - 09:33 PM

Member

Topic Starter
Member
20 posts

I ran this one for nearly 12 hours and it was still scanning the files tab when I stopped program. I ran SYSPROT which is close to RootReal I think. Here is the log, hope it helps.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\smss.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wininit.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\services.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsass.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsm.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\winlogon.exe
PID: 796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 864
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1072
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\audiodg.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SLsvc.exe
PID: 1280
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\dwm.exe
PID: 1732
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1776
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\spoolsv.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 1884
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 1980
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PID: 848
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
PID: 1448
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PID: 1756
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PID: 1404
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 2108
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2248
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2292
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PID: 2396
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2472
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2508
Hidden: No
Window Visible: No

Name: C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PID: 2584
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2708
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchIndexer.exe
PID: 2740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\drivers\XAudio.exe
PID: 2804
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 2836
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
PID: 3368
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PID: 3488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PID: 3836
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 1356
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\dllhost.exe
PID: 4080
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PID: 3112
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1948
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 3340
Hidden: No
Window Visible: No

Name: C:\Users\Bob\Desktop\SysProt.exe
PID: 2032
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Bob\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AB3AB000
Module End: AB3B6000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81C40000
Module End: 81FFA000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81C0D000
Module End: 81C40000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8060D000
Module End: 80614000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80614000
Module End: 80625000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80625000
Module End: 8062D000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8062D000
Module End: 8066E000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8066E000
Module End: 8074E000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8074E000
Module End: 807CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 807CA000
Module End: 807D7000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 82202000
Module End: 82248000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 82248000
Module End: 82251000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 82251000
Module End: 82259000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 82259000
Module End: 82280000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 82280000
Module End: 8228F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8228F000
Module End: 82292000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 82292000
Module End: 8229C000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8229C000
Module End: 822AB000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 822AB000
Module End: 822F5000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 822F5000
Module End: 822FC000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 822FC000
Module End: 8230A000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8230A000
Module End: 8231A000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 8231A000
Module End: 82322000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 82322000
Module End: 82340000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvstor32.sys
Service Name: nvstor32
Module Base: 82340000
Module End: 8235A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8235A000
Module End: 8239B000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8239B000
Module End: 823CD000
Hidden: No

Module Name: C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
Service Name: SymDS
Module Base: 87800000
Module End: 87857000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 87857000
Module End: 87867000
Hidden: No

Module Name: C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
Service Name: SymEFA
Module Base: 87867000
Module End: 87922000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 87922000
Module End: 8792B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8792B000
Module End: 8799D000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 87A09000
Module End: 87B14000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 87B3F000
Module End: 87B7A000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 87C0D000
Module End: 87CF7000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 87CF7000
Module End: 87D12000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 87E0B000
Module End: 87F1B000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 87F1B000
Module End: 87F54000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 87F54000
Module End: 87F5C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 87F5C000
Module End: 87F6B000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 87F6B000
Module End: 87F92000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 87F92000
Module End: 87FA3000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 87FA3000
Module End: 87FC4000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 87FC4000
Module End: 87FCD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 87E00000
Module End: 87E0B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 87D12000
Module End: 87D1B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 87D1B000
Module End: 87D2B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 87D2B000
Module End: 87D2F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys
Service Name: HBtnKey
Module Base: 87D2F000
Module End: 87D32000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 87D32000
Module End: 87D42000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 87D42000
Module End: 87D49000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 87D49000
Module End: 87D52000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XV
Module Base: 87D52000
Module End: 87DD8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8C80E000
Module End: 8CC51000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8CC51000
Module End: 8CCF1000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8CCF1000
Module End: 8CCFD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: 8CCFD000
Module End: 8CD00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8CD00000
Module End: 8CD0A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8CD0A000
Module End: 8CD48000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8CD48000
Module End: 8CD57000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8CD57000
Module End: 8CD6F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8CD6F000
Module End: 8CD75000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8CD75000
Module End: 8CD85000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8CD85000
Module End: 8CD93000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8CD93000
Module End: 8CDAD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8CDAD000
Module End: 8CDBB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 8CDBB000
Module End: 8CDCF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 87B7A000
Module End: 87BCB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8E00D000
Module End: 8E09A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvm60x32.sys
Service Name: NVENETFD
Module Base: 8E09A000
Module End: 8E15C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8E15C000
Module End: 8E16F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8E16F000
Module End: 8E17A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8E17A000
Module End: 8E1A5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8E1A5000
Module End: 8E1A7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E1A7000
Module End: 8E1B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8E1B2000
Module End: 8E1E1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8E1E1000
Module End: 8E1EC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8CDCF000
Module End: 8CDE6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8E1EC000
Module End: 8E1F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 87DD8000
Module End: 87DFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8CDE6000
Module End: 8CDF5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 87BCB000
Module End: 87BDF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 87BDF000
Module End: 87BF4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8799D000
Module End: 879AD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serscan.sys
Service Name: StillCam
Module Base: 8E1F7000
Module End: 8E1FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8E000000
Module End: 8E002000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 879AD000
Module End: 879D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E002000
Module End: 8E00C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8C800000
Module End: 8C80D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8CDF5000
Module End: 8CDFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8EE0E000
Module End: 8EE43000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8EE43000
Module End: 8EE54000
Hidden: No

Module Name: C:\Windows\system32\drivers\CHDART.sys
Service Name: HdAudAddService
Module Base: 8EE54000
Module End: 8EE80000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8EE80000
Module End: 8EEAD000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8EEAD000
Module End: 8EED2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8EED2000
Module End: 8EF0F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8FE03000
Module End: 8FF06000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8FF06000
Module End: 8FFBA000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8FFBA000
Module End: 8FFC7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8FFC7000
Module End: 8FFDE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8FFDE000
Module End: 8FFE7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\usbvideo.sys
Service Name: usbvideo
Module Base: 8EF0F000
Module End: 8EF30000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8FFE7000
Module End: 8FFEF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8EF30000
Module End: 8EF37000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8EF37000
Module End: 8EF43000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8EF43000
Module End: 8EF64000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8EF64000
Module End: 8EF6C000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8EF6C000
Module End: 8EF74000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8EF7F000
Module End: 8EF8D000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8EF8D000
Module End: 8EF96000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8EF96000
Module End: 8EFAC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
Service Name: SYMTDIv
Module Base: 90004000
Module End: 9005D000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: 9005D000
Module End: 90083000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 90083000
Module End: 90097000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 90097000
Module End: 900DF000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 900DF000
Module End: 90111000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 90111000
Module End: 9011A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 9011A000
Module End: 90130000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 90130000
Module End: 9013E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eabfiltr.sys
Service Name: eabfiltr
Module Base: 9013E000
Module End: 90140000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 90140000
Module End: 90153000
Hidden: No

Module Name: C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
Service Name: SymIRON
Module Base: 90153000
Module End: 90177000
Hidden: No

Module Name: C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
Service Name: SRTSPX
Module Base: 90177000
Module End: 90182000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 90182000
Module End: 901BE000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 901BE000
Module End: 901C8000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120222.002\IDSvix86.sys
Service Name: IDSVix86
Module Base: 9080B000
Module End: 90869000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\elrawdsk.sys
Service Name: ElRawDisk
Module Base: 90869000
Module End: 9086C000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: 9086C000
Module End: 908CA000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Service Name: EraserUtilRebootDrv
Module Base: 908CA000
Module End: 908E8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 908E8000
Module End: 908FF000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
Service Name: BHDrvx86
Module Base: 908FF000
Module End: 909CB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 909CB000
Module End: 909D8000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 909D8000
Module End: 909E2000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 909E2000
Module End: 909FC000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 90800000
Module End: 9080A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 901C8000
Module End: 901D7000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 901D7000
Module End: 901F2000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9D208000
Module End: 9D2B8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9D2B8000
Module End: 9D2C8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9D2C8000
Module End: 9D2F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9D2F2000
Module End: 9D2FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9D2FC000
Module End: 9D30F000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9D30F000
Module End: 9D37C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9D37C000
Module End: 9D399000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9D399000
Module End: 9D3B2000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9D3B2000
Module End: 9D3C7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9D3C7000
Module End: 9D3E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8EFAC000
Module End: 8EFE5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9D3E6000
Module End: 9D3FE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 87FCD000
Module End: 87FF5000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A0001000
Module End: A0050000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A0050000
Module End: A0054000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A0054000
Module End: A0132000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: A0132000
Module End: A013C000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A013C000
Module End: A0148000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: A0148000
Module End: A0150000
Hidden: No

Module Name: C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
Service Name: SRTSP
Module Base: A0152000
Module End: A01D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A01D8000
Module End: A01EE000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120223.001\NAVEX15.SYS
Service Name: NAVEX15
Module Base: AB201000
Module End: AB381000
Hidden: No

Module Name: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120223.001\NAVENG.SYS
Service Name: NAVENG
Module Base: AB381000
Module End: AB395000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8FFF8000
Module End: 8FFFF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8EF74000
Module End: 8EF7F000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 868B5090
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 8627B630
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 85DAA0A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlpcConnectPort
Address: 8689DFB0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 86951008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 869A4440
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 86A7C780
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 85DAA238
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 869AFDF8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: 85D95A60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 868B54F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 8689CF18
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 867F3F48
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 860DC048
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 86D1C908
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 869A4360
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 86951C40
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 85D959A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 86904F70
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 869517B0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 86951048
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwResumeThread
Address: 8627B710
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 86A9F460
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 86A7C900
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 86929EA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 869519E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 85DAB0F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 85DAA618
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 86950C08
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 86A7C9D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 85D790E0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThreadEx
Address: 86950080
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: BOB-PC.HSD1.GA.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BOB-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
State: LISTENING

Local Address: BOB-PC:49163
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\services.exe
State: LISTENING

Local Address: BOB-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: BOB-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\lsass.exe
State: LISTENING

Local Address: BOB-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: BOB-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: BOB-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\wininit.exe
State: LISTENING

Local Address: BOB-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BOB-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BOB-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: BOB-PC.HSD1.GA.COMCAST.NET.:56585
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC.HSD1.GA.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC.HSD1.GA.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BOB-PC.HSD1.GA.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BOB-PC:62313
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:56586
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:62033
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: BOB-PC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\Desktop.ini
Status: Access denied

Object: D:\System Volume Information\EfaData
Status: Access denied

Object: D:\System Volume Information\Folder.htt
Status: Access denied

Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\pctEfaData
Status: Access denied

Object: D:\System Volume Information\Protect.ed
Status: Access denied

Object: D:\System Volume Information\SPP
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{b88fbe94-2bf6-11e0-a5e9-001b2457eca8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\62B48380.TMP
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\C66BDEA4.TMP
Status: Access denied

Object: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\F5E4E116.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\62B48380.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\C66BDEA4.TMP
Status: Access denied

Object: C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\F5E4E116.TMP
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

#23
Render

Posted 24 February 2012 - 03:40 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Nothing useful from that log also. Can you please try to restore your OS to some earlier restore point before that issue?

#24
bob65

Posted 24 February 2012 - 08:19 AM

Member

Topic Starter
Member
20 posts

Hi,
I don't have restore points that go back far enough. Should I start over with restore to factory settings at this point?

#25
Render

Posted 24 February 2012 - 08:28 AM

Trusted Helper

Malware Removal
4,195 posts

No. Not yet. It's an interesting thing. We will try with clean startup:

Step 1: Start the System Configuration Utility
Click Start Posted Image

, type msconfig in the Start Search box, and then press ENTER.

Posted Image

If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Click to clear the Load Startup Items check box.Note The Use Original Boot.ini check box is unavailable.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart.

Step 3: Determine whether the problem is resolved

After the computer starts, try to start the affected game or program to determine whether the problem is resolved.
If the problem does not occur after you restart, the interference is occurring because of a background program or service. In this case, see the "Determine what is causing the problem" section.
If the problem returns after you perform a clean startup, the interference is not occurring because of a background program or service. In this case, this article cannot resolve your problem. See the "How to return Windows to Normal startup mode" section to return your computer to the original startup mode. Then, go to the "Next steps" section for other resources that may help you resolve this problem.

#26
bob65

Posted 24 February 2012 - 11:17 AM

Member

Topic Starter
Member
20 posts

I did what you said then used my Advanced SystemCare program to clean up everything. I looked at a few websites then just let my computer set idle for 1 hour. When I cleaned up again here is what there was to clean up.

38.4 MB temp files (1637 files)
35.5 MB windows error reporting (160 items)
251.5 MB windows log files
342 MB memory dumps

#27
Render

Posted 24 February 2012 - 12:34 PM

Trusted Helper

Malware Removal
4,195 posts

OK. This IObit Advanced SystemCare seems like some-kind of system utility. I can't test it's full feature thingis as it is payable.

Do the following and than test in both browsers:

Restore Internet Explorer default settings.

Click on Start and then on Control Panel
In Control Panel window click on Network and Internet and then on Internet Options
In Internet Properties window click on Advanced tab
Under "Reset Internet Explorer setting", click the Reset button.
Put a check mark on Delete Personal Settings.
Click Apply > OK.

Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.

NEXT...

Open Firefox in Safe Mode by typing “firefox -safe-mode” in Start->Run.
Choose what you want to be brought back to its original settings by checking the following options:
Reset toolbars and controls: Removes any made toolbar customization.
Reset all user preferences to Firefox defaults: Restores the default Options and preference settings and resets the default theme. It also changes back to default all the entries in the about:config page.
Restore default search engines: Adds back all of the default search engines (Google, Yahoo, eBay, Creative Commons, Answers.com, and Amazon.com) , without removing any added search engines.
Click on Make Changes and Restart.

#28
bob65

Posted 24 February 2012 - 01:56 PM

Member

Topic Starter
Member
20 posts

Same thing, 15 minutes in both browsers:

450 files in temp internet files while in Internet Explorer
200 files in temp internet files while in Firefox

#29
Render

Posted 25 February 2012 - 12:07 PM

Trusted Helper

Malware Removal
4,195 posts

From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement