iexplore.exe instances being created automatically

**jdkuhl** · 2013-01-03, 23:23

Hello.

I have an issue where there are new instances of iexplore.exe are being created in the Windows Task Manager | Applications tab, however, I don't use Internet Explorer. They appear be routing to various ad related websites - I might have as many as 5 open at the same time. It begins to consume significant memory and slow down my computer. Chrome and Firefox create new instances, but there's no indication that they are being routed to places I don't visit - so this may be normal.

Scanned with Norton, Spy Bot, Windows Defender - shows up nothing.

DDS and aswMBR below; attach.zip attached. And thank you to the volunteers who solve problems like this - it's much appreciated!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Justin at 14:42:49 on 2013-01-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.30 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0061117
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=QNl33R_HMPqnY9HTI0muuoJ_kN0
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.12.1012.1\NativeBHO.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [eibpouol] "c:\documents and settings\justin\local settings\application data\dmldovpe.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\managerapp\Onetouch.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [aceton] "c:\windows\system32\rundll32.exe" "c:\documents and settings\justin\application data\aceton.dll",handle_as_unknown
mRun: [vcreac] "c:\windows\system32\rundll32.exe" "c:\documents and settings\justin\application data\vcreac.dll",Print
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EBDFBDCF-B4DC-4B6C-A580-AEB49F271D13} : DHCPNameServer = 192.168.1.1
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - ExtSQL: !HIDDEN! 2013-01-03 10:42; {f7d2f3a1-6b58-48b6-93ce-e65066211dc1}; c:\documents and settings\justin\application data\mozilla\firefox\profiles\g8thnp9n.default\extensions\{f7d2f3a1-6b58-48b6-93ce-e65066211dc1}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2013-1-3 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-12-28 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-2 1369624]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20130102.001\IDSXpx86.sys [2013-1-2 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130102.023\NAVENG.SYS [2013-1-3 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20130102.023\NAVEX15.SYS [2013-1-3 1601184]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-10-16 61552]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-2 168384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-12-29 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-29 30576]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-17 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-17 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-17 136808]
.
=============== Created Last 30 ================
.
2013-01-03 16:30:40 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-01-03 16:30:20 -------- d-----w- c:\documents and settings\justin\local settings\application data\NPE
2013-01-02 23:52:30 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-02 23:52:17 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b4c7d934-e95c-4b49-9789-077f7d5de4df}\mpengine.dll
2013-01-02 23:52:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-02 13:21:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-02 13:19:59 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-02 13:19:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-23 18:41:04 300032 ----a-w- c:\documents and settings\justin\application data\aceton.dll
2012-12-23 18:40:28 586240 ----a-w- c:\documents and settings\justin\application data\vcreac.dll
2012-12-12 22:15:33 -------- d-----w- c:\documents and settings\justin\local settings\application data\HP
2012-12-05 00:58:28 -------- d-----w- c:\program files\iPod
2012-12-05 00:58:01 -------- d-----w- c:\program files\iTunes
2012-12-05 00:58:01 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-05 00:49:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x85F79AB8]
3 CLASSPNP[0xF74A7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\0000006a[0x85F59578]
5 ACPI[0xF7324620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85EEDD98]
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
user != kernel MBR !!!
.
============= FINISH: 14:44:13.53 ===============

aswMBR:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-03 14:52:18
-----------------------------
14:52:18.718 OS Version: Windows 5.1.2600 Service Pack 3
14:52:18.718 Number of processors: 2 586 0x4B02
14:52:18.718 ComputerName: DGKWZ3C1 UserName: Justin
14:52:21.000 Initialize success
14:56:06.218 AVAST engine defs: 13010300
14:56:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:56:19.703 Disk 0 Vendor: Size: 0MB BusType: 0
14:56:19.750 Disk 0 MBR read successfully
14:56:19.750 Disk 0 MBR scan
14:56:19.843 Disk 0 unknown MBR code
14:56:19.843 Disk 0 MBR hidden
14:56:19.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:56:19.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147793 MB offset 80325
14:56:19.906 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
14:56:20.156 Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:40.718 Service scanning
14:57:07.546 Modules scanning
14:57:20.343 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
14:57:25.171 Disk 0 trace - called modules:
14:57:25.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:57:25.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f79ab8]
14:57:25.187 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\0000006a[0x85f59578]
14:57:25.187 5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85eedd98]
14:57:26.953 AVAST engine scan C:\WINDOWS
14:57:40.968 AVAST engine scan C:\WINDOWS\system32
15:01:42.375 AVAST engine scan C:\WINDOWS\system32\drivers
15:02:10.921 AVAST engine scan C:\Documents and Settings\Justin
15:59:23.375 AVAST engine scan C:\Documents and Settings\All Users
16:00:52.875 Scan finished successfully
16:02:19.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
16:02:19.468 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR.txt"

**shelf life** · 2013-01-06, 16:24

hi jdkuhl,

If you aren't launching and using IE then its not normal.
We will get a download to use:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually.

**jdkuhl** · 2013-01-06, 23:29

Thank you for your help. I followed the instructions and the log is shown below. After restarting the computer, however, the iexplore.exe applications popped up in the Windows Task Manager and are redirecting to other websites. I'll wait for your direction...

Log shown below:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Justin :: DGKWZ3C1 [limited]

1/6/2013 1:55:32 PM
mbam-log-2013-01-06 (13-55-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359112
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vcreac (Trojan.RedirRdll2.Gen) -> Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Justin\Application Data\vcreac.dll",Print -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**shelf life** · 2013-01-07, 00:28

ok. We will move on to tdsskiller:

Download:

tdsskiller.exe to your desktop

Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)

Please copy/paste the log file in your reply.

**jdkuhl** · 2013-01-07, 00:33

Results from tdsskiller:

17:30:52.0109 6100 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:30:53.0828 6100 ============================================================
17:30:53.0828 6100 Current date / time: 2013/01/06 17:30:53.0828
17:30:53.0828 6100 SystemInfo:
17:30:53.0828 6100
17:30:53.0828 6100 OS Version: 5.1.2600 ServicePack: 3.0
17:30:53.0828 6100 Product type: Workstation
17:30:53.0828 6100 ComputerName: DGKWZ3C1
17:30:53.0828 6100 UserName: Justin
17:30:53.0828 6100 Windows directory: C:\WINDOWS
17:30:53.0828 6100 System windows directory: C:\WINDOWS
17:30:53.0828 6100 Processor architecture: Intel x86
17:30:53.0828 6100 Number of processors: 2
17:30:53.0828 6100 Page size: 0x1000
17:30:53.0828 6100 Boot type: Normal boot
17:30:53.0828 6100 ============================================================
17:30:55.0140 6100 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:30:55.0140 6100 ============================================================
17:30:55.0140 6100 \Device\Harddisk0\DR0:
17:30:55.0140 6100 MBR partitions:
17:30:55.0140 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x120A8A59
17:30:55.0140 6100 ============================================================
17:30:55.0171 6100 C: <-> \Device\Harddisk0\DR0\Partition1
17:30:55.0171 6100 ============================================================
17:30:55.0171 6100 Initialize success
17:30:55.0171 6100 ============================================================
17:31:15.0328 3876 ============================================================
17:31:15.0328 3876 Scan started
17:31:15.0328 3876 Mode: Manual; TDLFS;
17:31:15.0328 3876 ============================================================
17:31:15.0406 3876 ================ Scan system memory ========================
17:31:15.0421 3876 System memory - ok
17:31:15.0421 3876 ================ Scan services =============================
17:31:15.0546 3876 [ 886A8A267B39BF510DDD1838FDA9756E ] A3AB C:\WINDOWS\system32\DRIVERS\A3AB.sys
17:31:15.0562 3876 A3AB - ok
17:31:15.0562 3876 Abiosdsk - ok
17:31:15.0593 3876 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:31:15.0625 3876 abp480n5 - ok
17:31:15.0671 3876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:31:15.0671 3876 ACPI - ok
17:31:15.0718 3876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:31:15.0734 3876 ACPIEC - ok
17:31:15.0765 3876 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:31:15.0765 3876 adpu160m - ok
17:31:15.0781 3876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:31:15.0781 3876 aec - ok
17:31:15.0828 3876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:31:15.0843 3876 AFD - ok
17:31:15.0890 3876 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:31:15.0906 3876 agp440 - ok
17:31:15.0937 3876 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:31:15.0953 3876 agpCPQ - ok
17:31:15.0984 3876 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:31:16.0000 3876 Aha154x - ok
17:31:16.0015 3876 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:31:16.0031 3876 aic78u2 - ok
17:31:16.0046 3876 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:31:16.0046 3876 aic78xx - ok
17:31:16.0093 3876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:31:16.0109 3876 Alerter - ok
17:31:16.0140 3876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:31:16.0140 3876 ALG - ok
17:31:16.0171 3876 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:31:16.0187 3876 AliIde - ok
17:31:16.0234 3876 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:31:16.0234 3876 alim1541 - ok
17:31:16.0234 3876 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:31:16.0234 3876 amdagp - ok
17:31:16.0265 3876 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:31:16.0265 3876 AmdK8 - ok
17:31:16.0281 3876 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:31:16.0281 3876 amsint - ok
17:31:16.0312 3876 [ 920298C7AEF97D8168D219D35975D295 ] ANIO C:\WINDOWS\system32\ANIO.SYS
17:31:16.0312 3876 ANIO - ok
17:31:16.0375 3876 [ 0477ABEF0547167B8E7A7E1747F02CD4 ] ANIWZCSdService C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
17:31:16.0375 3876 ANIWZCSdService - ok
17:31:16.0453 3876 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:16.0453 3876 Apple Mobile Device - ok
17:31:16.0500 3876 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:31:16.0531 3876 AppMgmt - ok
17:31:16.0546 3876 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:31:16.0546 3876 asc - ok
17:31:16.0562 3876 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:31:16.0593 3876 asc3350p - ok
17:31:16.0625 3876 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:31:16.0625 3876 asc3550 - ok
17:31:16.0718 3876 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:31:16.0765 3876 aspnet_state - ok
17:31:16.0812 3876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:31:16.0812 3876 AsyncMac - ok
17:31:16.0843 3876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:31:16.0843 3876 atapi - ok
17:31:16.0843 3876 Atdisk - ok
17:31:16.0875 3876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:31:16.0875 3876 Atmarpc - ok
17:31:16.0921 3876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:31:16.0937 3876 AudioSrv - ok
17:31:16.0968 3876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:31:16.0968 3876 audstub - ok
17:31:16.0984 3876 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:31:16.0984 3876 bcm4sbxp - ok
17:31:17.0031 3876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:31:17.0046 3876 Beep - ok
17:31:17.0218 3876 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
17:31:17.0281 3876 BHDrvx86 - ok
17:31:17.0359 3876 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:31:17.0421 3876 BITS - ok
17:31:17.0484 3876 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:31:17.0484 3876 Bonjour Service - ok
17:31:17.0546 3876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:31:17.0546 3876 Browser - ok
17:31:17.0687 3876 [ CFA5F2B90FC2A3F38B297584C9E0D2B8 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:31:17.0812 3876 CarboniteService - ok
17:31:17.0843 3876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:31:17.0843 3876 cbidf - ok
17:31:17.0843 3876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:31:17.0843 3876 cbidf2k - ok
17:31:17.0906 3876 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:31:17.0937 3876 CCDECODE - ok
17:31:17.0968 3876 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:31:17.0968 3876 cd20xrnt - ok
17:31:18.0000 3876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:31:18.0015 3876 Cdaudio - ok
17:31:18.0031 3876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:31:18.0031 3876 Cdfs - ok
17:31:18.0078 3876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:31:18.0093 3876 Cdrom - ok
17:31:18.0093 3876 Changer - ok
17:31:18.0140 3876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:31:18.0171 3876 CiSvc - ok
17:31:18.0203 3876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:31:18.0234 3876 ClipSrv - ok
17:31:18.0265 3876 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:18.0328 3876 clr_optimization_v2.0.50727_32 - ok
17:31:18.0359 3876 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:31:18.0359 3876 CmdIde - ok
17:31:18.0375 3876 COMSysApp - ok
17:31:18.0406 3876 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:31:18.0406 3876 Cpqarray - ok
17:31:18.0453 3876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:31:18.0453 3876 CryptSvc - ok
17:31:18.0468 3876 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:31:18.0500 3876 dac2w2k - ok
17:31:18.0500 3876 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:31:18.0500 3876 dac960nt - ok
17:31:18.0562 3876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:31:18.0562 3876 DcomLaunch - ok
17:31:18.0656 3876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:31:18.0656 3876 Dhcp - ok
17:31:18.0671 3876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:31:18.0671 3876 Disk - ok
17:31:18.0734 3876 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:31:18.0734 3876 DLABOIOM - ok
17:31:18.0750 3876 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:31:18.0750 3876 DLACDBHM - ok
17:31:18.0781 3876 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
17:31:18.0781 3876 DLADResN - ok
17:31:18.0796 3876 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:31:18.0812 3876 DLAIFS_M - ok
17:31:18.0843 3876 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:31:18.0843 3876 DLAOPIOM - ok
17:31:18.0875 3876 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:31:18.0875 3876 DLAPoolM - ok
17:31:18.0875 3876 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:31:18.0875 3876 DLARTL_N - ok
17:31:18.0921 3876 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:31:18.0921 3876 DLAUDFAM - ok
17:31:18.0968 3876 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:31:18.0968 3876 DLAUDF_M - ok
17:31:18.0984 3876 dmadmin - ok
17:31:19.0046 3876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:31:19.0109 3876 dmboot - ok
17:31:19.0109 3876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:31:19.0125 3876 dmio - ok
17:31:19.0140 3876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:31:19.0140 3876 dmload - ok
17:31:19.0218 3876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:31:19.0218 3876 dmserver - ok
17:31:19.0234 3876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:31:19.0234 3876 DMusic - ok
17:31:19.0281 3876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:31:19.0281 3876 Dnscache - ok
17:31:19.0343 3876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:31:19.0375 3876 Dot3svc - ok
17:31:19.0406 3876 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:31:19.0421 3876 dpti2o - ok
17:31:19.0484 3876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:19.0484 3876 drmkaud - ok
17:31:19.0500 3876 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:31:19.0500 3876 DRVMCDB - ok
17:31:19.0546 3876 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:31:19.0546 3876 DRVNDDM - ok
17:31:19.0640 3876 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:31:19.0640 3876 DSproct - ok
17:31:19.0656 3876 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:31:19.0656 3876 E100B - ok
17:31:19.0718 3876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:31:19.0734 3876 EapHost - ok
17:31:19.0796 3876 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:31:19.0796 3876 eeCtrl - ok
17:31:19.0859 3876 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
17:31:19.0859 3876 ehRecvr - ok
17:31:19.0875 3876 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
17:31:19.0875 3876 ehSched - ok
17:31:19.0906 3876 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:31:19.0921 3876 EraserUtilRebootDrv - ok
17:31:19.0953 3876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:31:19.0953 3876 ERSvc - ok
17:31:20.0000 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:31:20.0046 3876 Eventlog - ok
17:31:20.0093 3876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:31:20.0093 3876 EventSystem - ok
17:31:20.0109 3876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:20.0125 3876 Fastfat - ok
17:31:20.0156 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:31:20.0171 3876 FastUserSwitchingCompatibility - ok
17:31:20.0203 3876 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:31:20.0234 3876 Fax - ok
17:31:20.0265 3876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:20.0265 3876 Fdc - ok
17:31:20.0281 3876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:31:20.0281 3876 Fips - ok
17:31:20.0296 3876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:31:20.0312 3876 Flpydisk - ok
17:31:20.0343 3876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:31:20.0359 3876 FltMgr - ok
17:31:20.0453 3876 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:31:20.0453 3876 FontCache3.0.0.0 - ok
17:31:20.0500 3876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:20.0515 3876 Fs_Rec - ok
17:31:20.0531 3876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:20.0531 3876 Ftdisk - ok
17:31:20.0562 3876 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:31:20.0578 3876 GEARAspiWDM - ok
17:31:20.0625 3876 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
17:31:20.0625 3876 GIDv2 - ok
17:31:20.0656 3876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:20.0656 3876 Gpc - ok
17:31:20.0671 3876 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:31:20.0671 3876 HDAudBus - ok
17:31:20.0750 3876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:20.0750 3876 helpsvc - ok
17:31:20.0812 3876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:31:20.0812 3876 HidServ - ok
17:31:20.0859 3876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:31:20.0859 3876 HidUsb - ok
17:31:20.0906 3876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:31:20.0921 3876 hkmsvc - ok
17:31:20.0953 3876 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:31:20.0968 3876 hpn - ok
17:31:21.0062 3876 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:31:21.0062 3876 hpqcxs08 - ok
17:31:21.0078 3876 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:31:21.0078 3876 hpqddsvc - ok
17:31:21.0109 3876 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:31:21.0125 3876 HPZid412 - ok
17:31:21.0156 3876 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:31:21.0156 3876 HPZipr12 - ok
17:31:21.0156 3876 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:31:21.0187 3876 HPZius12 - ok
17:31:21.0218 3876 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:31:21.0218 3876 HSFHWBS2 - ok
17:31:21.0296 3876 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:31:21.0312 3876 HSF_DP - ok
17:31:21.0359 3876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:21.0359 3876 HTTP - ok
17:31:21.0406 3876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:31:21.0406 3876 HTTPFilter - ok
17:31:21.0421 3876 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:31:21.0421 3876 i2omgmt - ok
17:31:21.0437 3876 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:31:21.0437 3876 i2omp - ok
17:31:21.0484 3876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:21.0484 3876 i8042prt - ok
17:31:21.0562 3876 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:31:21.0578 3876 IDriverT - ok
17:31:21.0625 3876 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:31:21.0656 3876 idsvc - ok
17:31:21.0781 3876 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130104.001\IDSxpx86.sys
17:31:21.0781 3876 IDSxpx86 - ok
17:31:21.0843 3876 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
17:31:21.0843 3876 IDVaultSvc - ok
17:31:21.0859 3876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:21.0875 3876 Imapi - ok
17:31:21.0921 3876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:31:21.0953 3876 ImapiService - ok
17:31:21.0984 3876 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:31:21.0984 3876 ini910u - ok
17:31:22.0015 3876 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:31:22.0015 3876 IntelIde - ok
17:31:22.0078 3876 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:31:22.0078 3876 intelppm - ok
17:31:22.0093 3876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:31:22.0093 3876 Ip6Fw - ok
17:31:22.0125 3876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:22.0125 3876 IpFilterDriver - ok
17:31:22.0140 3876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:22.0140 3876 IpInIp - ok
17:31:22.0156 3876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:22.0156 3876 IpNat - ok
17:31:22.0203 3876 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:31:22.0218 3876 iPod Service - ok
17:31:22.0265 3876 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\WINDOWS\system32\drivers\iPodDrv.sys
17:31:22.0375 3876 iPodDrv - ok
17:31:22.0421 3876 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:22.0421 3876 IPSec - ok
17:31:22.0468 3876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:22.0468 3876 IRENUM - ok
17:31:22.0515 3876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:22.0515 3876 isapnp - ok
17:31:22.0609 3876 [ A456937ACC87BB40D7E2331F1E3A2AC5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:31:22.0625 3876 JavaQuickStarterService - ok
17:31:22.0656 3876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:22.0656 3876 Kbdclass - ok
17:31:22.0671 3876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:31:22.0671 3876 kbdhid - ok
17:31:22.0687 3876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:31:22.0703 3876 kmixer - ok
17:31:22.0734 3876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:22.0734 3876 KSecDD - ok
17:31:22.0750 3876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:31:22.0765 3876 lanmanserver - ok
17:31:22.0812 3876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:31:22.0812 3876 lanmanworkstation - ok
17:31:22.0828 3876 lbrtfdc - ok
17:31:22.0875 3876 [ 03E12DBFACF1AEB86C553B0DB488FB81 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
17:31:22.0875 3876 libusb0 - ok
17:31:22.0906 3876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:31:22.0921 3876 LmHosts - ok
17:31:22.0968 3876 [ C53C86727678B4CDF974C880D27EE7BB ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
17:31:22.0968 3876 MaxBackServiceInt - ok
17:31:23.0000 3876 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
17:31:23.0000 3876 McrdSvc - ok
17:31:23.0031 3876 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:31:23.0031 3876 MDM - ok
17:31:23.0046 3876 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:31:23.0062 3876 mdmxsdk - ok
17:31:23.0109 3876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:31:23.0125 3876 Messenger - ok
17:31:23.0156 3876 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
17:31:23.0187 3876 MHN - ok
17:31:23.0203 3876 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:31:23.0218 3876 MHNDRV - ok
17:31:23.0250 3876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:23.0250 3876 mnmdd - ok
17:31:23.0281 3876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:31:23.0312 3876 mnmsrvc - ok
17:31:23.0328 3876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:31:23.0343 3876 Modem - ok
17:31:23.0375 3876 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:31:23.0375 3876 MODEMCSA - ok
17:31:23.0375 3876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:23.0375 3876 Mouclass - ok
17:31:23.0406 3876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:31:23.0406 3876 mouhid - ok
17:31:23.0421 3876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:23.0421 3876 MountMgr - ok
17:31:23.0468 3876 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:31:23.0484 3876 MozillaMaintenance - ok
17:31:23.0500 3876 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:31:23.0500 3876 mraid35x - ok
17:31:23.0515 3876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:23.0515 3876 MRxDAV - ok
17:31:23.0546 3876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:23.0562 3876 MRxSmb - ok
17:31:23.0656 3876 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
17:31:23.0656 3876 MSCamSvc - ok
17:31:23.0703 3876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:31:23.0703 3876 MSDTC - ok
17:31:23.0718 3876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:31:23.0718 3876 Msfs - ok
17:31:23.0750 3876 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
17:31:23.0750 3876 MSHUSBVideo - ok
17:31:23.0750 3876 MSIServer - ok
17:31:23.0781 3876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:31:23.0781 3876 MSKSSRV - ok
17:31:23.0796 3876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:31:23.0796 3876 MSPCLOCK - ok
17:31:23.0796 3876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:31:23.0796 3876 MSPQM - ok
17:31:23.0828 3876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:23.0828 3876 mssmbios - ok
17:31:23.0859 3876 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:31:23.0859 3876 MSTEE - ok
17:31:23.0875 3876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:31:23.0875 3876 Mup - ok
17:31:23.0937 3876 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
17:31:23.0937 3876 MXOPSWD - ok
17:31:24.0031 3876 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
17:31:24.0046 3876 N360 - ok
17:31:24.0078 3876 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:31:24.0078 3876 NABTSFEC - ok
17:31:24.0125 3876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:31:24.0156 3876 napagent - ok
17:31:24.0218 3876 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130105.017\NAVENG.SYS
17:31:24.0218 3876 NAVENG - ok
17:31:24.0296 3876 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130105.017\NAVEX15.SYS
17:31:24.0343 3876 NAVEX15 - ok
17:31:24.0390 3876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:31:24.0390 3876 NDIS - ok
17:31:24.0453 3876 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:31:24.0453 3876 NdisIP - ok
17:31:24.0484 3876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:24.0484 3876 NdisTapi - ok
17:31:24.0500 3876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:24.0500 3876 Ndisuio - ok
17:31:24.0515 3876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:24.0515 3876 NdisWan - ok
17:31:24.0546 3876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:24.0546 3876 NDProxy - ok
17:31:24.0593 3876 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:31:24.0593 3876 Net Driver HPZ12 - ok
17:31:24.0625 3876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:24.0625 3876 NetBIOS - ok
17:31:24.0640 3876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:24.0640 3876 NetBT - ok
17:31:24.0687 3876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:31:24.0703 3876 NetDDE - ok
17:31:24.0718 3876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:31:24.0718 3876 NetDDEdsdm - ok
17:31:24.0750 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:31:24.0765 3876 Netlogon - ok
17:31:24.0812 3876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:31:24.0812 3876 Netman - ok
17:31:24.0843 3876 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:24.0843 3876 NetTcpPortSharing - ok
17:31:24.0890 3876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:31:24.0890 3876 Nla - ok
17:31:24.0953 3876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:31:24.0953 3876 Npfs - ok
17:31:24.0984 3876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:25.0015 3876 Ntfs - ok
17:31:25.0031 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:31:25.0031 3876 NtLmSsp - ok
17:31:25.0078 3876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:31:25.0093 3876 NtmsSvc - ok
17:31:25.0156 3876 [ F778606B1E8C0567B1FFF5879AB38D8C ] NTService1 C:\Program Files\Maxtor\Utils\SyncServices.exe
17:31:25.0156 3876 NTService1 - ok
17:31:25.0171 3876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:31:25.0171 3876 Null - ok
17:31:25.0500 3876 [ 774A0D43912F75DA99D32F2D9E6A674C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:31:25.0781 3876 nv - ok
17:31:25.0828 3876 [ 75562456AA672BB5FE56D3C64C6D1C7D ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
17:31:25.0890 3876 nvatabus - ok
17:31:25.0921 3876 [ 1D4781A5957300DC81B91161B45704BB ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
17:31:26.0000 3876 nvraid - ok
17:31:26.0031 3876 [ 6B665BDA473E2888A036D0BA5663B5A5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:31:26.0031 3876 NVSvc - ok
17:31:26.0140 3876 [ 8BB901D3DBD7CA15C4D9F1EC98927379 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:31:26.0171 3876 nvUpdatusService - ok
17:31:26.0203 3876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:26.0234 3876 NwlnkFlt - ok
17:31:26.0250 3876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:26.0265 3876 NwlnkFwd - ok
17:31:26.0312 3876 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:26.0312 3876 ose - ok
17:31:26.0375 3876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:26.0375 3876 Parport - ok
17:31:26.0421 3876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:26.0421 3876 PartMgr - ok
17:31:26.0453 3876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:26.0453 3876 ParVdm - ok
17:31:26.0484 3876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:26.0484 3876 PCI - ok
17:31:26.0500 3876 PCIDump - ok
17:31:26.0515 3876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:31:26.0515 3876 PCIIde - ok
17:31:26.0562 3876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:26.0562 3876 Pcmcia - ok
17:31:26.0578 3876 PDCOMP - ok
17:31:26.0578 3876 PDFRAME - ok
17:31:26.0593 3876 PDRELI - ok
17:31:26.0593 3876 PDRFRAME - ok
17:31:26.0625 3876 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:31:26.0640 3876 perc2 - ok
17:31:26.0671 3876 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:31:26.0671 3876 perc2hib - ok
17:31:26.0718 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:31:26.0718 3876 PlugPlay - ok
17:31:26.0765 3876 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:31:26.0765 3876 Pml Driver HPZ12 - ok
17:31:26.0781 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:31:26.0796 3876 PolicyAgent - ok
17:31:26.0828 3876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:26.0843 3876 PptpMiniport - ok
17:31:26.0890 3876 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:31:26.0890 3876 Processor - ok
17:31:26.0890 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:31:26.0890 3876 ProtectedStorage - ok
17:31:26.0953 3876 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:26.0953 3876 PSched - ok
17:31:26.0984 3876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:26.0984 3876 Ptilink - ok
17:31:27.0000 3876 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:31:27.0000 3876 PxHelp20 - ok
17:31:27.0031 3876 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:31:27.0031 3876 ql1080 - ok
17:31:27.0046 3876 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:31:27.0046 3876 Ql10wnt - ok
17:31:27.0078 3876 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:31:27.0109 3876 ql12160 - ok
17:31:27.0125 3876 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:31:27.0125 3876 ql1240 - ok
17:31:27.0140 3876 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:31:27.0140 3876 ql1280 - ok
17:31:27.0140 3876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:27.0140 3876 RasAcd - ok
17:31:27.0187 3876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:31:27.0187 3876 RasAuto - ok
17:31:27.0234 3876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:27.0234 3876 Rasl2tp - ok
17:31:27.0265 3876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:31:27.0265 3876 RasMan - ok
17:31:27.0296 3876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:27.0296 3876 RasPppoe - ok
17:31:27.0312 3876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:27.0312 3876 Raspti - ok
17:31:27.0343 3876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:27.0343 3876 Rdbss - ok
17:31:27.0375 3876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:27.0375 3876 RDPCDD - ok
17:31:27.0390 3876 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:31:27.0390 3876 rdpdr - ok
17:31:27.0453 3876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:27.0468 3876 RDPWD - ok
17:31:27.0484 3876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:31:27.0500 3876 RDSessMgr - ok
17:31:27.0500 3876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:27.0500 3876 redbook - ok
17:31:27.0546 3876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:31:27.0546 3876 RemoteAccess - ok
17:31:27.0609 3876 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:31:27.0609 3876 RemoteRegistry - ok
17:31:27.0640 3876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:31:27.0640 3876 RpcLocator - ok
17:31:27.0671 3876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:31:27.0687 3876 RpcSs - ok
17:31:27.0718 3876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:31:27.0750 3876 RSVP - ok
17:31:27.0765 3876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:31:27.0765 3876 SamSs - ok
17:31:27.0828 3876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:31:27.0828 3876 SCardSvr - ok
17:31:27.0843 3876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:31:27.0875 3876 Schedule - ok
17:31:27.0968 3876 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
17:31:28.0015 3876 SDScannerService - ok
17:31:28.0078 3876 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:31:28.0125 3876 SDUpdateService - ok
17:31:28.0156 3876 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:31:28.0203 3876 SDWSCService - ok
17:31:28.0234 3876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:28.0250 3876 Secdrv - ok
17:31:28.0281 3876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:31:28.0281 3876 seclogon - ok
17:31:28.0312 3876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:31:28.0312 3876 SENS - ok
17:31:28.0359 3876 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:28.0359 3876 serenum - ok
17:31:28.0406 3876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:28.0406 3876 Serial - ok
17:31:28.0437 3876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:28.0453 3876 Sfloppy - ok
17:31:28.0484 3876 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:31:28.0500 3876 SharedAccess - ok
17:31:28.0531 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:31:28.0531 3876 ShellHWDetection - ok
17:31:28.0531 3876 Simbad - ok
17:31:28.0578 3876 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:31:28.0609 3876 sisagp - ok
17:31:28.0640 3876 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:31:28.0640 3876 SLIP - ok
17:31:28.0687 3876 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:31:28.0687 3876 Sparrow - ok
17:31:28.0734 3876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:31:28.0734 3876 splitter - ok
17:31:28.0781 3876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:31:28.0796 3876 Spooler - ok
17:31:28.0812 3876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:28.0828 3876 sr - ok
17:31:28.0890 3876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:31:28.0890 3876 srservice - ok
17:31:29.0000 3876 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
17:31:29.0015 3876 SRTSP - ok
17:31:29.0046 3876 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
17:31:29.0046 3876 SRTSPX - ok
17:31:29.0093 3876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:29.0109 3876 Srv - ok
17:31:29.0140 3876 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:31:29.0156 3876 ssadbus - ok
17:31:29.0171 3876 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:31:29.0171 3876 ssadmdfl - ok
17:31:29.0218 3876 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:31:29.0234 3876 ssadmdm - ok
17:31:29.0281 3876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:31:29.0296 3876 SSDPSRV - ok
17:31:29.0359 3876 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:31:29.0421 3876 STHDA - ok
17:31:29.0468 3876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:31:29.0484 3876 stisvc - ok
17:31:29.0515 3876 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:31:29.0515 3876 streamip - ok
17:31:29.0562 3876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:29.0562 3876 swenum - ok
17:31:29.0578 3876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:31:29.0578 3876 swmidi - ok
17:31:29.0578 3876 SwPrv - ok
17:31:29.0625 3876 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:31:29.0625 3876 symc810 - ok
17:31:29.0656 3876 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:31:29.0656 3876 symc8xx - ok
17:31:29.0718 3876 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
17:31:29.0718 3876 SymDS - ok
17:31:29.0765 3876 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
17:31:29.0828 3876 SymEFA - ok
17:31:29.0875 3876 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:31:29.0875 3876 SymEvent - ok
17:31:29.0890 3876 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
17:31:29.0906 3876 SymIRON - ok
17:31:29.0953 3876 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
17:31:29.0968 3876 SYMTDI - ok
17:31:29.0984 3876 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:31:29.0984 3876 sym_hi - ok
17:31:30.0000 3876 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:31:30.0031 3876 sym_u3 - ok
17:31:30.0046 3876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:30.0062 3876 sysaudio - ok
17:31:30.0109 3876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:31:30.0140 3876 SysmonLog - ok
17:31:30.0187 3876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:31:30.0187 3876 TapiSrv - ok
17:31:30.0234 3876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:30.0234 3876 Tcpip - ok
17:31:30.0281 3876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:30.0281 3876 TDPIPE - ok
17:31:30.0296 3876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:30.0296 3876 TDTCP - ok
17:31:30.0312 3876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:30.0312 3876 TermDD - ok
17:31:30.0343 3876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:31:30.0359 3876 TermService - ok
17:31:30.0406 3876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:31:30.0406 3876 Themes - ok
17:31:30.0453 3876 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:31:30.0468 3876 TlntSvr - ok
17:31:30.0484 3876 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:31:30.0484 3876 TosIde - ok
17:31:30.0500 3876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:31:30.0515 3876 TrkWks - ok
17:31:30.0562 3876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:31:30.0562 3876 Udfs - ok
17:31:30.0609 3876 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:31:30.0625 3876 ultra - ok
17:31:30.0687 3876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:31:30.0687 3876 Update - ok
17:31:30.0734 3876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:31:30.0765 3876 upnphost - ok
17:31:30.0781 3876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:31:30.0796 3876 UPS - ok
17:31:30.0828 3876 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:31:30.0843 3876 USBAAPL - ok
17:31:30.0859 3876 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:31:30.0875 3876 usbaudio - ok
17:31:30.0921 3876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:30.0937 3876 usbccgp - ok
17:31:30.0984 3876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:30.0984 3876 usbehci - ok
17:31:31.0031 3876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:31.0031 3876 usbhub - ok
17:31:31.0031 3876 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:31:31.0031 3876 usbohci - ok
17:31:31.0078 3876 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:31.0109 3876 usbprint - ok
17:31:31.0125 3876 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:31.0125 3876 usbscan - ok
17:31:31.0140 3876 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:31.0156 3876 USBSTOR - ok
17:31:31.0171 3876 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:31.0171 3876 usbuhci - ok
17:31:31.0203 3876 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:31:31.0203 3876 usbvideo - ok
17:31:31.0234 3876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:31:31.0250 3876 VgaSave - ok
17:31:31.0296 3876 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:31:31.0296 3876 viaagp - ok
17:31:31.0328 3876 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:31:31.0328 3876 ViaIde - ok
17:31:31.0343 3876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:31.0343 3876 VolSnap - ok
17:31:31.0406 3876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:31:31.0421 3876 VSS - ok
17:31:31.0468 3876 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
17:31:31.0484 3876 w32time - ok
17:31:31.0640 3876 [ 5D81DFEDC21830764B02F12415AFAE2B ] wampapache c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
17:31:31.0656 3876 wampapache - ok
17:31:31.0703 3876 wampmysqld - ok
17:31:31.0718 3876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:31.0750 3876 Wanarp - ok
17:31:31.0750 3876 wanatw - ok
17:31:31.0750 3876 WDICA - ok
17:31:31.0796 3876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:31.0796 3876 wdmaud - ok
17:31:31.0859 3876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:31:31.0859 3876 WebClient - ok
17:31:31.0906 3876 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:31:31.0921 3876 winachsf - ok
17:31:32.0000 3876 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:31:32.0000 3876 WinDefend - ok
17:31:32.0093 3876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:32.0093 3876 winmgmt - ok
17:31:32.0140 3876 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:31:32.0156 3876 WmdmPmSN - ok
17:31:32.0218 3876 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:31:32.0265 3876 Wmi - ok
17:31:32.0312 3876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:31:32.0312 3876 WmiApSrv - ok
17:31:32.0406 3876 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:31:32.0468 3876 WMPNetworkSvc - ok
17:31:32.0500 3876 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:31:32.0515 3876 WpdUsb - ok
17:31:32.0562 3876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:31:32.0562 3876 wscsvc - ok
17:31:32.0609 3876 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:32.0609 3876 WSTCODEC - ok
17:31:32.0625 3876 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:31:32.0625 3876 wuauserv - ok
17:31:32.0671 3876 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:32.0671 3876 WudfPf - ok
17:31:32.0687 3876 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:32.0687 3876 WudfRd - ok
17:31:32.0718 3876 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:31:32.0718 3876 WudfSvc - ok
17:31:32.0781 3876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:31:32.0796 3876 WZCSVC - ok
17:31:32.0828 3876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:31:32.0843 3876 xmlprov - ok
17:31:32.0859 3876 ================ Scan global ===============================
17:31:32.0921 3876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:31:32.0968 3876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:31:33.0000 3876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:31:33.0000 3876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:31:33.0015 3876 [Global] - ok
17:31:33.0015 3876 ================ Scan MBR ==================================
17:31:33.0031 3876 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
17:31:33.0250 3876 \Device\Harddisk0\DR0 - ok
17:31:33.0250 3876 ================ Scan VBR ==================================
17:31:33.0250 3876 [ 82C75350CFA9CE83E02A705B0D1BC8CC ] \Device\Harddisk0\DR0\Partition1
17:31:33.0265 3876 \Device\Harddisk0\DR0\Partition1 - ok
17:31:33.0265 3876 ============================================================
17:31:33.0265 3876 Scan finished
17:31:33.0265 3876 ============================================================
17:31:33.0281 2424 Detected object count: 0
17:31:33.0281 2424 Actual detected object count: 0

**shelf life** · 2013-01-07, 01:59

ok. Another download to get. It requires that you read a short guide to explain it. Read through the guide then download combofix to your desktop, run combofix and post its log:

Guide to using Combofix

**jdkuhl** · 2013-01-07, 03:01

Results from ComboFix:

ComboFix 13-01-05.01 - Justin 01/06/2013 19:30:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.270 [GMT -6:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Justin\Application Data\aceton.dll
c:\documents and settings\Justin\Application Data\vcreac.dll
c:\documents and settings\Justin\My Documents\~WRL0173.tmp
c:\documents and settings\Justin\My Documents\~WRL2969.tmp
c:\documents and settings\Justin\My Documents\~WRL3628.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-06 19:41 . 2013-01-06 19:41 -------- d-----w- c:\documents and settings\Justin\Application Data\Malwarebytes
2013-01-06 19:40 . 2013-01-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-06 19:40 . 2013-01-06 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-06 19:40 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 07:51 . 2012-11-19 07:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4B7448E3-2B11-49C9-8E99-841D5DBDFE37}\mpengine.dll
2013-01-03 20:39 . 2013-01-03 20:40 -------- d-----w- c:\program files\ERUNT
2013-01-03 16:30 . 2013-01-03 16:55 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\NPE
2013-01-02 23:52 . 2012-11-19 07:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-02 23:52 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-02 23:49 . 2013-01-02 23:49 -------- d-----w- c:\program files\Windows Defender
2013-01-02 13:21 . 2013-01-02 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-01-02 13:19 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-02 13:19 . 2013-01-02 13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-12 22:15 . 2012-12-12 22:15 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 22:09 . 2012-10-28 22:09 57344 ----a-r- c:\documents and settings\Justin\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-05 04:08 . 2012-12-05 04:08 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2007-02-27 716456]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-03-25 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-08-30 108392]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 16:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 2:05 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 2:05 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 11:47 AM 995488]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [12/28/2011 9:02 PM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 2:05 PM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [10/16/2012 11:19 AM 61552]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [7/27/2011 12:48 PM 6656]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 2:05 PM 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/2/2013 7:19 AM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/2/2013 7:20 AM 1369624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/25/2005 3:00 PM 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/25/2012 12:45 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [1/4/2013 4:34 PM 373728]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1/2/2013 7:20 AM 168384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/29/2011 9:48 AM 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/29/2011 4:17 PM 30576]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [6/17/2012 6:03 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [6/17/2012 6:03 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [6/17/2012 6:03 AM 136808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 16:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-01-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-02 20:08]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3692966689-1600950048-196516940-1006Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-29 21:28]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3692966689-1600950048-196516940-1006UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-29 21:28]
.
2011-12-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LcBuddy_exe.job
- c:\program files\Microsoft LifeCam\LcBuddy.exe [2010-12-13 20:37]
.
2013-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2013-01-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-02 20:07]
.
2013-01-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-02 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=QNl33R_HMPqnY9HTI0muuoJ_kN0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\g8thnp9n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-01-03 10:42; {f7d2f3a1-6b58-48b6-93ce-e65066211dc1}; c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\g8thnp9n.default\extensions\{f7d2f3a1-6b58-48b6-93ce-e65066211dc1}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eibpouol - c:\documents and settings\Justin\Local Settings\Application Data\dmldovpe.exe
HKLM-Run-aceton - c:\documents and settings\Justin\Application Data\aceton.dll
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5392)
c:\windows\system32\WININET.dll
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-01-06 19:58:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-07 01:57
.
Pre-Run: 3,073,019,904 bytes free
Post-Run: 3,421,220,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BD64CD279E99E70C9CCE58E232DA15A9

**jdkuhl** · 2013-01-07, 03:08

Just a comment to add: I wonder if a similar thing is happening on Google Chrome. I have two tabs open at the current time with 7 chrome.exe processes in the Windows Task Manager - all consuming in total about 350MB of memory.

Thank you again for your help.

**shelf life** · 2013-01-07, 03:34

That dosnt look bad. It is possible to have multiply chrome.exe running in task manager even if only one chrome window is open. Details are here. We will get one more download to use. its called aswmbr.exe:

Download Aswmbr.exe to your desktop.
Double click the aswMBR.exe to run it.
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.
I probably wont be back online for 16 hrs or so.

**jdkuhl** · 2013-01-07, 11:57

Log shown below...

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 20:47:56
-----------------------------
20:47:56.093 OS Version: Windows 5.1.2600 Service Pack 3
20:47:56.093 Number of processors: 2 586 0x4B02
20:47:56.093 ComputerName: DGKWZ3C1 UserName: Justin
20:48:02.765 Initialize success
20:52:12.718 AVAST engine defs: 13010601
20:52:32.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:52:32.140 Disk 0 Vendor: Size: 0MB BusType: 0
20:52:32.156 Disk 0 MBR read successfully
20:52:32.156 Disk 0 MBR scan
20:52:32.281 Disk 0 unknown MBR code
20:52:32.281 Disk 0 MBR hidden
20:52:32.281 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:52:32.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147793 MB offset 80325
20:52:32.343 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
20:52:32.375 Disk 0 scanning C:\WINDOWS\system32\drivers
20:53:09.671 Service scanning
20:53:38.000 Modules scanning
20:53:46.343 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:53:48.437 Disk 0 trace - called modules:
20:53:48.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:53:48.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4cab8]
20:53:48.468 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\0000006a[0x85f97f18]
20:53:48.468 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85fd4d98]
20:53:48.953 AVAST engine scan C:\WINDOWS
20:54:23.078 AVAST engine scan C:\WINDOWS\system32
20:58:48.312 AVAST engine scan C:\WINDOWS\system32\drivers
20:59:16.015 AVAST engine scan C:\Documents and Settings\Justin
21:57:15.234 AVAST engine scan C:\Documents and Settings\All Users
21:59:25.953 Scan finished successfully
04:53:53.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
04:53:53.343 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR-1-6-2013.txt"

Thread: iexplore.exe instances being created automatically

Thread Tools

Display

iexplore.exe instances being created automatically

Posting Permissions