Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Possibly Infected Recovery Partition


(!)

brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
15-May-2012, 10:40 PM #1
Possibly Infected Recovery Partition
My computer is an HP Pavilion a1630n. I think the recovery partition on my computer is infected with viruses because whenever I use it to restore my computer to factory default, the viruses come back even after i install antivirus immediately afterwards. There is no sign of infection for awhile after the restore, but eventually the viruses repopulate . I am sure I'm not downloading any viruses. I would wipe out the hard drive, but i do not have an OS disk. Any help would be appreciated.

Last edited by brandino3; 16-May-2012 at 12:14 AM..
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
16-May-2012, 12:17 AM #2
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:09:46 PM, on 5/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1336983857312
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GIDLogonXP - GIDLogonXP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

--
End of file - 5947 bytes





.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 18:13:05 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1127 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
svchost.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1336983857312
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5F88BE79-D526-4949-8CA5-9BFDA9DF7D30} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GIDLogonXP - GIDLogonXP.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-5-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-5-15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-7 821880]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-5-15 25232]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-5-15 136312]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-5-15 130008]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120515.001\IDSXpx86.sys [2012-5-15 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120515.017\NAVENG.SYS [2012-5-15 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120515.017\NAVEX15.SYS [2012-5-15 1589752]
R3 rt2870;802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-5-13 517632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-15 22344]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S4 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-3-30 65608]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-15 654408]
.
=============== Created Last 30 ================
.
2012-05-16 00:24:17 744568 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symefa.sys
2012-05-16 00:24:17 50168 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtspx.sys
2012-05-16 00:24:17 369784 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdi.sys
2012-05-16 00:24:17 340088 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symds.sys
2012-05-16 00:24:17 331384 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdiv.sys
2012-05-16 00:24:17 299640 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symnets.sys
2012-05-16 00:24:16 516216 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtsp.sys
2012-05-16 00:24:16 136312 ----a-r- c:\windows\system32\drivers\n360\0502010.003\ironx86.sys
2012-05-16 00:23:59 -------- d-----w- c:\windows\system32\drivers\n360\0502010.003
2012-05-16 00:07:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-16 00:07:27 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-16 00:07:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-16 00:07:27 -------- d-----w- c:\program files\Symantec
2012-05-16 00:07:13 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-16 00:07:05 -------- d-----w- c:\windows\system32\drivers\N360
2012-05-16 00:07:04 -------- d-----w- c:\program files\Norton Security Suite
2012-05-15 23:54:07 -------- d-----w- c:\program files\NortonInstaller
2012-05-15 23:54:07 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-05-15 23:44:18 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-05-15 23:14:34 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-05-15 14:12:58 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\ID Vault
2012-05-15 14:12:54 -------- d-----w- c:\documents and settings\hp_administrator\application data\ID Vault
2012-05-15 14:12:40 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-05-15 14:12:37 -------- d-----w- c:\documents and settings\all users\GID
2012-05-15 14:12:35 -------- d-----w- c:\program files\SFT
2012-05-15 14:12:18 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-05-15 14:08:56 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-15 14:08:07 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-15 14:07:51 14048 ------w- c:\windows\system32\spmsg2.dll
2012-05-15 13:59:45 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2012-05-15 11:03:25 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-15 10:44:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2012-05-15 10:44:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-15 10:44:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 10:44:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 10:39:39 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-05-15 10:39:11 -------- d-----w- c:\program files\SpywareBlaster
2012-05-15 10:29:04 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2012-05-15 10:28:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 10:28:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-15 10:23:50 -------- d-s---w- C:\ComboFix
2012-05-14 12:31:47 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-14 12:31:47 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-14 08:25:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-05-14 06:41:05 -------- d-----w- c:\program files\ESET
2012-05-14 00:20:09 -------- d-----w- c:\windows\pss
2012-05-14 00:10:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-13 22:24:27 -------- d-----w- C:\temp
2012-05-13 21:43:40 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Google
2012-05-13 21:43:10 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2012-05-13 21:42:52 -------- d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2012-05-13 21:41:20 -------- d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2012-05-13 21:24:48 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-05-13 21:24:26 -------- d-----w- c:\windows\ie8updates
2012-05-13 21:24:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-13 21:24:20 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-13 21:24:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-13 21:24:20 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-13 21:24:20 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-05-13 21:24:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-05-13 21:24:20 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-05-13 21:23:13 -------- dc-h--w- c:\windows\ie8
2012-05-13 21:05:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-13 21:04:40 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-05-13 21:02:56 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2012-05-13 21:02:55 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-13 21:02:45 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-13 21:02:43 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-13 21:02:43 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-05-13 21:01:10 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-05-13 20:52:18 -------- d-sha-r- C:\cmdcons
2012-05-13 20:44:04 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-05-13 20:44:04 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-13 20:43:25 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-05-13 20:21:49 -------- d-----w- c:\windows\system32\scripting
2012-05-13 20:21:49 -------- d-----w- c:\windows\l2schemas
2012-05-13 20:21:48 -------- d-----w- c:\windows\system32\en
2012-05-13 20:21:48 -------- d-----w- c:\windows\system32\bits
2012-05-13 20:18:32 -------- d-----w- c:\windows\network diagnostic
2012-05-13 07:16:05 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-05-13 07:15:43 -------- d-----w- c:\program files\SMC
2012-05-13 07:15:25 -------- d-----w- c:\windows\setup.pss
2012-05-13 07:15:16 517632 ----a-r- c:\windows\system32\drivers\rt2870.sys
2012-05-13 07:06:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-13 07:06:47 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-05-13 06:52:37 -------- d-----r- c:\documents and settings\all users\Documents
2012-05-13 06:50:56 -------- d-----r- c:\windows\Offline Web Pages
2012-05-13 06:47:47 -------- d-sh--r- c:\windows\system32\dllcache
2012-05-13 05:42:09 -------- d-----w- c:\program files\MSXML 4.0
2012-05-13 05:31:14 -------- d-----w- c:\windows\ServicePackFiles
2012-05-13 05:20:32 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-13 05:18:35 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-05-13 05:18:17 357888 ------w- c:\windows\system32\dllcache\srv.sys
2012-05-13 05:17:24 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-05-13 05:17:24 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-05-13 05:17:16 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-05-13 05:12:33 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-05-13 05:11:49 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-13 05:11:49 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-05-13 05:11:45 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-05-13 05:06:22 23040 ------w- c:\windows\kb913800.exe
2012-05-13 05:03:26 -------- d-----w- c:\windows\system32\PreInstall
2012-05-13 04:43:09 -------- d-----w- c:\windows\system32\appmgmt
2012-05-13 04:19:52 -------- d-sh--w- c:\documents and settings\hp_administrator\UserData
2012-05-13 04:16:47 -------- d-----w- c:\windows\system32\SoftwareDistribution
.
==================== Find3M ====================
.
2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-28 18:50:29 81920 ------w- c:\windows\system32\ieencode.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A686AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000079[0x8A615F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A60DD98]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
user != kernel MBR !!!
.
============= FINISH: 18:14:33.92 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-15 19:27:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e rev.
Running: o1i02ik0.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uwdcqpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A15ADF0 ZwAlertResumeThread
SSDT 8A193C50 ZwAlertThread
SSDT 8A1351A8 ZwAllocateVirtualMemory
SSDT 89E021A8 ZwAssignProcessToJobObject
SSDT 88E11960 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5F43710]
SSDT 89E23108 ZwCreateMutant
SSDT 8A0CE280 ZwCreateSymbolicLinkObject
SSDT 8A0E9650 ZwCreateThread
SSDT 8A099108 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5F43990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5F43EF0]
SSDT 8A6EA9D0 ZwDuplicateObject
SSDT 89890260 ZwFreeVirtualMemory
SSDT 89FE0E88 ZwImpersonateAnonymousToken
SSDT 89FDF520 ZwImpersonateThread
SSDT 8A0BB278 ZwLoadDriver
SSDT 89E9ECB8 ZwMapViewOfSection
SSDT 8A13ECB8 ZwOpenEvent
SSDT 89E4B190 ZwOpenProcess
SSDT 8A31ADB0 ZwOpenProcessToken
SSDT 89F46798 ZwOpenSection
SSDT 8A60D428 ZwOpenThread
SSDT 89E41F18 ZwProtectVirtualMemory
SSDT 8A0D8B30 ZwResumeThread
SSDT 89818770 ZwSetContextThread
SSDT 8986F8A0 ZwSetInformationProcess
SSDT 89F4BB30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5F44140]
SSDT 89F473D8 ZwSuspendProcess
SSDT 8A0D7DE8 ZwSuspendThread
SSDT 89E0A1A8 ZwTerminateProcess
SSDT 8A0D8650 ZwTerminateThread
SSDT 89F46C50 ZwUnmapViewOfSection
SSDT 8A152130 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8EB4360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3C, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91121A
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3C, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3C, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91128B
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9113B9
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3C, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00]
.text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\nsi7B.tmp\SWREG.DAT (*** hidden *** ) 3132

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
16-May-2012, 10:08 PM #3
bump
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,326 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
17-May-2012, 09:58 AM #4
The HP Pavilion Media Center a1630n desktop is almost 6 years old, so HP will not have a recovery disc kit available for it for purchase.

You can purchase the recovery disc kit for that desktop from here for $27.00 plus shipping.

If you suspect the built-in recovery partition got infected in some way, then using the kit instead of the partition is a better option.

You should have the kit anyway. If the hard drive dies and needs to be replaced, the partition will be lost.

------------------------------------------------------------
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
17-May-2012, 12:30 PM #5
OH thank you very much! i didnt know they made recovery disks for my machine. Should i mark this thread solved?
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,326 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
17-May-2012, 12:43 PM #6
It's your choice.

Leave it open and see if a gold/blue shield removal specialist can assist you.

Close it for now, then buy the recovery disc kit and use it to do another full system recovery.

----------------------------------------------------------
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
27-May-2012, 04:29 PM #7
Quick Question: If i wipe out the hard drive using a program like DBAN, will the recovery disks still work on my machine?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-May-2012, 04:46 PM #8
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"




  • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.





  • Select "Start Scan"




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin...
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
27-May-2012, 11:51 PM #9
I have ordered the recovery disks already and im intending on fixing it that way. Can you please answer my previous question?
brandino3's Avatar
brandino3 brandino3 is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: May 2012
28-May-2012, 12:49 AM #10
21:46:11.0140 2120 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:46:11.0452 2120 ============================================================
21:46:11.0452 2120 Current date / time: 2012/05/27 21:46:11.0452
21:46:11.0452 2120 SystemInfo:
21:46:11.0468 2120
21:46:11.0468 2120 OS Version: 5.1.2600 ServicePack: 3.0
21:46:11.0468 2120 Product type: Workstation
21:46:11.0468 2120 ComputerName: CHARLENE
21:46:11.0468 2120 UserName: HP_Administrator
21:46:11.0468 2120 Windows directory: C:\WINDOWS
21:46:11.0468 2120 System windows directory: C:\WINDOWS
21:46:11.0468 2120 Processor architecture: Intel x86
21:46:11.0468 2120 Number of processors: 2
21:46:11.0468 2120 Page size: 0x1000
21:46:11.0468 2120 Boot type: Normal boot
21:46:11.0468 2120 ============================================================
21:46:14.0983 2120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:46:14.0998 2120 ============================================================
21:46:14.0998 2120 \Device\Harddisk0\DR0:
21:46:15.0045 2120 MBR partitions:
21:46:15.0045 2120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C01247F
21:46:15.0045 2120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C01637F, BlocksNum 0x11AE202
21:46:15.0045 2120 ============================================================
21:46:15.0092 2120 C: <-> \Device\Harddisk0\DR0\Partition0
21:46:15.0123 2120 D: <-> \Device\Harddisk0\DR0\Partition1
21:46:15.0123 2120 ============================================================
21:46:15.0123 2120 Initialize success
21:46:15.0123 2120 ============================================================
21:46:23.0762 3492 ============================================================
21:46:23.0762 3492 Scan started
21:46:23.0762 3492 Mode: Manual; SigCheck; TDLFS;
21:46:23.0762 3492 ============================================================
21:46:25.0012 3492 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:46:25.0199 3492 !SASCORE - ok
21:46:25.0402 3492 Abiosdsk - ok
21:46:25.0418 3492 abp480n5 - ok
21:46:25.0699 3492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:46:26.0215 3492 ACPI - ok
21:46:26.0230 3492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:46:26.0355 3492 ACPIEC - ok
21:46:26.0355 3492 adpu160m - ok
21:46:26.0402 3492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:46:26.0527 3492 aec - ok
21:46:26.0558 3492 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:46:26.0590 3492 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:46:26.0590 3492 AegisP - detected UnsignedFile.Multi.Generic (1)
21:46:26.0636 3492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:46:26.0683 3492 AFD - ok
21:46:26.0683 3492 Aha154x - ok
21:46:26.0683 3492 aic78u2 - ok
21:46:26.0699 3492 aic78xx - ok
21:46:26.0730 3492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:46:26.0855 3492 Alerter - ok
21:46:26.0871 3492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:46:27.0027 3492 ALG - ok
21:46:27.0027 3492 AliIde - ok
21:46:27.0058 3492 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:46:27.0105 3492 AmdK8 - ok
21:46:27.0105 3492 amsint - ok
21:46:27.0152 3492 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:46:27.0261 3492 AppMgmt - ok
21:46:27.0277 3492 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
21:46:27.0293 3492 aracpi - ok
21:46:27.0324 3492 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
21:46:27.0339 3492 arhidfltr - ok
21:46:27.0339 3492 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
21:46:27.0355 3492 arkbcfltr - ok
21:46:27.0371 3492 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
21:46:27.0402 3492 armoucfltr - ok
21:46:27.0402 3492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:46:27.0511 3492 Arp1394 - ok
21:46:27.0527 3492 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
21:46:27.0543 3492 ARPolicy - ok
21:46:27.0589 3492 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
21:46:27.0621 3492 ARSVC - ok
21:46:27.0621 3492 asc - ok
21:46:27.0636 3492 asc3350p - ok
21:46:27.0636 3492 asc3550 - ok
21:46:27.0949 3492 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:46:27.0964 3492 aspnet_state - ok
21:46:27.0996 3492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:46:28.0136 3492 AsyncMac - ok
21:46:28.0167 3492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:46:28.0324 3492 atapi - ok
21:46:28.0324 3492 Atdisk - ok
21:46:28.0339 3492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:46:28.0464 3492 Atmarpc - ok
21:46:28.0495 3492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:46:28.0620 3492 AudioSrv - ok
21:46:28.0620 3492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:46:28.0745 3492 audstub - ok
21:46:28.0745 3492 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
21:46:28.0777 3492 bb-run - ok
21:46:28.0808 3492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:46:28.0964 3492 Beep - ok
21:46:29.0245 3492 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys
21:46:29.0323 3492 BHDrvx86 - ok
21:46:29.0370 3492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:46:29.0480 3492 BITS - ok
21:46:29.0495 3492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:46:29.0651 3492 Browser - ok
21:46:29.0730 3492 catchme - ok
21:46:29.0792 3492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:46:29.0979 3492 cbidf2k - ok
21:46:29.0979 3492 cd20xrnt - ok
21:46:29.0995 3492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:46:30.0167 3492 Cdaudio - ok
21:46:30.0214 3492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:46:30.0339 3492 Cdfs - ok
21:46:30.0354 3492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:46:30.0479 3492 Cdrom - ok
21:46:30.0479 3492 Changer - ok
21:46:30.0511 3492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:46:30.0620 3492 CiSvc - ok
21:46:30.0636 3492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:46:30.0745 3492 ClipSrv - ok
21:46:31.0042 3492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:31.0057 3492 clr_optimization_v2.0.50727_32 - ok
21:46:31.0057 3492 CmdIde - ok
21:46:31.0073 3492 COMSysApp - ok
21:46:31.0073 3492 Cpqarray - ok
21:46:31.0104 3492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:46:31.0198 3492 CryptSvc - ok
21:46:31.0214 3492 dac2w2k - ok
21:46:31.0214 3492 dac960nt - ok
21:46:31.0276 3492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:46:31.0323 3492 DcomLaunch - ok
21:46:31.0354 3492 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:46:31.0510 3492 Dhcp - ok
21:46:31.0526 3492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:46:31.0651 3492 Disk - ok
21:46:31.0667 3492 dmadmin - ok
21:46:31.0729 3492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:46:31.0870 3492 dmboot - ok
21:46:31.0917 3492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:46:32.0057 3492 dmio - ok
21:46:32.0073 3492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:46:32.0245 3492 dmload - ok
21:46:32.0276 3492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:46:32.0385 3492 dmserver - ok
21:46:32.0416 3492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:46:32.0510 3492 DMusic - ok
21:46:32.0541 3492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:46:32.0557 3492 Dnscache - ok
21:46:32.0588 3492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:46:32.0698 3492 Dot3svc - ok
21:46:32.0698 3492 dpti2o - ok
21:46:32.0713 3492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:46:32.0807 3492 drmkaud - ok
21:46:32.0823 3492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:46:32.0932 3492 EapHost - ok
21:46:33.0057 3492 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:46:33.0073 3492 eeCtrl - ok
21:46:33.0135 3492 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
21:46:33.0151 3492 ehRecvr - ok
21:46:33.0447 3492 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
21:46:33.0510 3492 ehSched - ok
21:46:33.0557 3492 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:46:33.0572 3492 EraserUtilRebootDrv - ok
21:46:33.0604 3492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:46:33.0822 3492 ERSvc - ok
21:46:33.0869 3492 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:46:33.0901 3492 Eventlog - ok
21:46:33.0947 3492 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:46:33.0963 3492 EventSystem - ok
21:46:34.0025 3492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:46:34.0135 3492 Fastfat - ok
21:46:34.0182 3492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:46:34.0229 3492 FastUserSwitchingCompatibility - ok
21:46:34.0244 3492 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:46:34.0354 3492 Fax - ok
21:46:34.0385 3492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:46:34.0525 3492 Fdc - ok
21:46:34.0557 3492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:46:34.0697 3492 Fips - ok
21:46:34.0697 3492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:46:34.0838 3492 Flpydisk - ok
21:46:34.0885 3492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:46:35.0025 3492 FltMgr - ok
21:46:35.0166 3492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:46:35.0181 3492 FontCache3.0.0.0 - ok
21:46:35.0197 3492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:46:35.0369 3492 Fs_Rec - ok
21:46:35.0385 3492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:46:35.0525 3492 Ftdisk - ok
21:46:35.0556 3492 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
21:46:35.0572 3492 ftsata2 - ok
21:46:35.0603 3492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:46:35.0619 3492 GEARAspiWDM - ok
21:46:35.0650 3492 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
21:46:35.0681 3492 GIDv2 - ok
21:46:35.0697 3492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:46:35.0822 3492 Gpc - ok
21:46:35.0838 3492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:46:35.0931 3492 HDAudBus - ok
21:46:36.0025 3492 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:46:36.0166 3492 helpsvc - ok
21:46:36.0166 3492 HidServ - ok
21:46:36.0197 3492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:46:36.0306 3492 HidUsb - ok
21:46:36.0353 3492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:46:36.0494 3492 hkmsvc - ok
21:46:36.0494 3492 hpn - ok
21:46:36.0525 3492 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
21:46:36.0556 3492 HSXHWBS2 - ok
21:46:36.0603 3492 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
21:46:36.0666 3492 HSX_DP - ok
21:46:36.0712 3492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:46:36.0759 3492 HTTP - ok
21:46:36.0806 3492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:46:36.0947 3492 HTTPFilter - ok
21:46:36.0947 3492 i2omgmt - ok
21:46:36.0947 3492 i2omp - ok
21:46:36.0994 3492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:46:37.0103 3492 i8042prt - ok
21:46:37.0150 3492 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:46:37.0212 3492 iaStor - ok
21:46:37.0290 3492 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:46:37.0322 3492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:46:37.0322 3492 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:46:37.0603 3492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:46:37.0634 3492 idsvc - ok
21:46:37.0915 3492 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120525.001\IDSxpx86.sys
21:46:37.0978 3492 IDSxpx86 - ok
21:46:38.0025 3492 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
21:46:38.0071 3492 IDVaultSvc - ok
21:46:38.0243 3492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:46:38.0493 3492 Imapi - ok
21:46:38.0540 3492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:46:38.0649 3492 ImapiService - ok
21:46:38.0649 3492 ini910u - ok
21:46:38.0884 3492 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:46:39.0024 3492 IntcAzAudAddService - ok
21:46:39.0118 3492 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:46:39.0259 3492 IntelIde - ok
21:46:39.0290 3492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:46:39.0384 3492 intelppm - ok
21:46:39.0399 3492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:46:39.0524 3492 Ip6Fw - ok
21:46:39.0540 3492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:46:39.0696 3492 IpFilterDriver - ok
21:46:39.0727 3492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:46:39.0837 3492 IpInIp - ok
21:46:39.0884 3492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:46:40.0009 3492 IpNat - ok
21:46:40.0024 3492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:46:40.0149 3492 IPSec - ok
21:46:40.0165 3492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:46:40.0274 3492 IRENUM - ok
21:46:40.0274 3492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:46:40.0368 3492 isapnp - ok
21:46:40.0555 3492 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:46:40.0555 3492 JavaQuickStarterService - ok
21:46:40.0602 3492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:46:40.0712 3492 Kbdclass - ok
21:46:40.0743 3492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:46:40.0852 3492 kmixer - ok
21:46:40.0868 3492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:46:40.0883 3492 KSecDD - ok
21:46:40.0915 3492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:46:40.0961 3492 lanmanserver - ok
21:46:40.0993 3492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:46:41.0024 3492 lanmanworkstation - ok
21:46:41.0024 3492 lbrtfdc - ok
21:46:41.0071 3492 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:46:41.0086 3492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:46:41.0086 3492 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:46:41.0118 3492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:46:41.0211 3492 LmHosts - ok
21:46:41.0243 3492 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:46:41.0258 3492 MBAMProtector - ok
21:46:41.0321 3492 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:46:41.0383 3492 MBAMService - ok
21:46:41.0461 3492 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
21:46:41.0493 3492 McrdSvc - ok
21:46:41.0555 3492 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:46:41.0586 3492 mdmxsdk - ok
21:46:41.0618 3492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:46:41.0727 3492 Messenger - ok
21:46:41.0914 3492 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
21:46:41.0930 3492 MHN ( UnsignedFile.Multi.Generic ) - warning
21:46:41.0930 3492 MHN - detected UnsignedFile.Multi.Generic (1)
21:46:41.0946 3492 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:46:41.0946 3492 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:46:41.0946 3492 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:46:41.0977 3492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:46:42.0133 3492 mnmdd - ok
21:46:42.0164 3492 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:46:42.0258 3492 mnmsrvc - ok
21:46:42.0289 3492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:46:42.0414 3492 Modem - ok
21:46:42.0430 3492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:46:42.0555 3492 Mouclass - ok
21:46:42.0586 3492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:46:42.0789 3492 mouhid - ok
21:46:42.0805 3492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:46:42.0961 3492 MountMgr - ok
21:46:42.0961 3492 mraid35x - ok
21:46:43.0024 3492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:46:43.0164 3492 MRxDAV - ok
21:46:43.0227 3492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:46:43.0273 3492 MRxSmb - ok
21:46:43.0305 3492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:46:43.0461 3492 Msfs - ok
21:46:43.0477 3492 MSIServer - ok
21:46:43.0508 3492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:46:43.0633 3492 MSKSSRV - ok
21:46:43.0648 3492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:46:43.0789 3492 MSPCLOCK - ok
21:46:43.0820 3492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:46:43.0930 3492 MSPQM - ok
21:46:43.0976 3492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:46:44.0086 3492 mssmbios - ok
21:46:44.0101 3492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:46:44.0133 3492 Mup - ok
21:46:44.0320 3492 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
21:46:44.0336 3492 N360 - ok
21:46:44.0367 3492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:46:44.0492 3492 napagent - ok
21:46:44.0742 3492 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120527.009\NAVENG.SYS
21:46:44.0758 3492 NAVENG - ok
21:46:44.0867 3492 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120527.009\NAVEX15.SYS
21:46:44.0914 3492 NAVEX15 - ok
21:46:45.0101 3492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:46:45.0320 3492 NDIS - ok
21:46:45.0367 3492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:46:45.0398 3492 NdisTapi - ok
21:46:45.0414 3492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:46:45.0507 3492 Ndisuio - ok
21:46:45.0523 3492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:46:45.0632 3492 NdisWan - ok
21:46:45.0648 3492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:46:45.0695 3492 NDProxy - ok
21:46:45.0726 3492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:46:45.0851 3492 NetBIOS - ok
21:46:45.0867 3492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:46:46.0023 3492 NetBT - ok
21:46:46.0054 3492 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:46:46.0195 3492 NetDDE - ok
21:46:46.0195 3492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:46:46.0288 3492 NetDDEdsdm - ok
21:46:46.0335 3492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:46:46.0429 3492 Netlogon - ok
21:46:46.0445 3492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:46:46.0538 3492 Netman - ok
21:46:46.0773 3492 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:46:46.0788 3492 NetTcpPortSharing - ok
21:46:46.0804 3492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:46:46.0945 3492 NIC1394 - ok
21:46:47.0288 3492 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:46:47.0335 3492 Nla - ok
21:46:47.0460 3492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:46:47.0616 3492 Npfs - ok
21:46:47.0710 3492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:46:47.0897 3492 Ntfs - ok
21:46:47.0897 3492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:46:47.0991 3492 NtLmSsp - ok
21:46:48.0366 3492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:46:48.0522 3492 NtmsSvc - ok
21:46:48.0554 3492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:46:48.0757 3492 Null - ok
21:46:48.0928 3492 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:46:49.0085 3492 nv - ok
21:46:49.0241 3492 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:46:49.0272 3492 NVENETFD - ok
21:46:49.0319 3492 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:46:49.0350 3492 nvnetbus - ok
21:46:49.0397 3492 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
21:46:49.0428 3492 NVSvc - ok
21:46:49.0444 3492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:46:49.0600 3492 NwlnkFlt - ok
21:46:49.0616 3492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:46:49.0788 3492 NwlnkFwd - ok
21:46:49.0866 3492 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:46:49.0991 3492 ohci1394 - ok
21:46:50.0147 3492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:46:50.0241 3492 Parport - ok
21:46:50.0241 3492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:46:50.0366 3492 PartMgr - ok
21:46:50.0381 3492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:46:50.0522 3492 ParVdm - ok
21:46:50.0538 3492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:46:50.0662 3492 PCI - ok
21:46:50.0662 3492 PCIDump - ok
21:46:50.0662 3492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:46:50.0881 3492 PCIIde - ok
21:46:51.0084 3492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:46:51.0272 3492 Pcmcia - ok
21:46:51.0287 3492 PDCOMP - ok
21:46:51.0287 3492 PDFRAME - ok
21:46:51.0287 3492 PDRELI - ok
21:46:51.0303 3492 PDRFRAME - ok
21:46:51.0303 3492 perc2 - ok
21:46:51.0303 3492 perc2hib - ok
21:46:51.0584 3492 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:46:51.0600 3492 PlugPlay - ok
21:46:51.0647 3492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:46:51.0740 3492 PolicyAgent - ok
21:46:51.0772 3492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:46:51.0881 3492 PptpMiniport - ok
21:46:51.0912 3492 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:46:51.0990 3492 Processor - ok
21:46:52.0006 3492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:46:52.0100 3492 ProtectedStorage - ok
21:46:52.0131 3492 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:46:52.0178 3492 Ps2 - ok
21:46:52.0178 3492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:46:52.0272 3492 PSched - ok
21:46:52.0272 3492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:46:52.0443 3492 Ptilink - ok
21:46:52.0443 3492 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:46:52.0459 3492 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:46:52.0459 3492 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:46:52.0459 3492 ql1080 - ok
21:46:52.0459 3492 Ql10wnt - ok
21:46:52.0475 3492 ql12160 - ok
21:46:52.0475 3492 ql1240 - ok
21:46:52.0475 3492 ql1280 - ok
21:46:52.0506 3492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:46:52.0631 3492 RasAcd - ok
21:46:52.0678 3492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:46:52.0787 3492 RasAuto - ok
21:46:52.0803 3492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:46:52.0912 3492 Rasl2tp - ok
21:46:52.0943 3492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:46:53.0240 3492 RasMan - ok
21:46:53.0303 3492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:46:53.0396 3492 RasPppoe - ok
21:46:53.0428 3492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:46:53.0584 3492 Raspti - ok
21:46:53.0599 3492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:46:53.0709 3492 Rdbss - ok
21:46:53.0740 3492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:46:53.0865 3492 RDPCDD - ok
21:46:53.0881 3492 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:46:53.0974 3492 rdpdr - ok
21:46:54.0021 3492 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:46:54.0052 3492 RDPWD - ok
21:46:54.0068 3492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:46:54.0177 3492 RDSessMgr - ok
21:46:54.0209 3492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:46:54.0287 3492 redbook - ok
21:46:54.0334 3492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:46:54.0443 3492 RemoteAccess - ok
21:46:54.0474 3492 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:46:54.0584 3492 RemoteRegistry - ok
21:46:54.0599 3492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:46:54.0693 3492 RpcLocator - ok
21:46:54.0755 3492 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:46:54.0771 3492 RpcSs - ok
21:46:54.0818 3492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:46:54.0943 3492 RSVP - ok
21:46:55.0005 3492 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:46:55.0037 3492 rt2870 - ok
21:46:55.0068 3492 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:46:55.0115 3492 rtl8139 - ok
21:46:55.0162 3492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:46:55.0255 3492 SamSs - ok
21:46:55.0333 3492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:46:55.0349 3492 SASDIFSV - ok
21:46:55.0349 3492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:46:55.0365 3492 SASKUTIL - ok
21:46:55.0380 3492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:46:55.0505 3492 SCardSvr - ok
21:46:55.0521 3492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:46:55.0661 3492 Schedule - ok
21:46:55.0693 3492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:46:55.0802 3492 Secdrv - ok
21:46:55.0833 3492 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:46:55.0958 3492 seclogon - ok
21:46:55.0974 3492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:46:56.0068 3492 SENS - ok
21:46:56.0099 3492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:46:56.0224 3492 Serial - ok
21:46:56.0255 3492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:46:56.0364 3492 Sfloppy - ok
21:46:56.0411 3492 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:46:56.0536 3492 SharedAccess - ok
21:46:56.0567 3492 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:46:56.0614 3492 ShellHWDetection - ok
21:46:56.0614 3492 Simbad - ok
21:46:56.0630 3492 Sparrow - ok
21:46:56.0646 3492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:46:56.0771 3492 splitter - ok
21:46:56.0802 3492 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:46:56.0833 3492 Spooler - ok
21:46:56.0864 3492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:46:57.0005 3492 sr - ok
21:46:57.0052 3492 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:46:57.0145 3492 srservice - ok
21:46:57.0239 3492 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
21:46:57.0270 3492 SRTSP - ok
21:46:57.0286 3492 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
21:46:57.0302 3492 SRTSPX - ok
21:46:57.0349 3492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:46:57.0395 3492 Srv - ok
21:46:57.0427 3492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:46:57.0552 3492 SSDPSRV - ok
21:46:57.0598 3492 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:46:57.0708 3492 stisvc - ok
21:46:57.0723 3492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:46:57.0864 3492 swenum - ok
21:46:57.0895 3492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:46:58.0005 3492 swmidi - ok
21:46:58.0020 3492 SwPrv - ok
21:46:58.0020 3492 symc810 - ok
21:46:58.0036 3492 symc8xx - ok
21:46:58.0067 3492 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
21:46:58.0098 3492 SymDS - ok
21:46:58.0145 3492 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
21:46:58.0192 3492 SymEFA - ok
21:46:58.0286 3492 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:46:58.0301 3492 SymEvent - ok
21:46:58.0333 3492 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
21:46:58.0348 3492 SymIRON - ok
21:46:58.0380 3492 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
21:46:58.0411 3492 SYMTDI - ok
21:46:58.0411 3492 sym_hi - ok
21:46:58.0426 3492 sym_u3 - ok
21:46:58.0458 3492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:46:58.0598 3492 sysaudio - ok
21:46:58.0629 3492 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:46:58.0770 3492 SysmonLog - ok
21:46:58.0801 3492 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:46:58.0942 3492 TapiSrv - ok
21:46:58.0989 3492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:46:59.0036 3492 Tcpip - ok
21:46:59.0051 3492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:46:59.0176 3492 TDPIPE - ok
21:46:59.0192 3492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:46:59.0317 3492 TDTCP - ok
21:46:59.0348 3492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:46:59.0457 3492 TermDD - ok
21:46:59.0473 3492 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:46:59.0598 3492 TermService - ok
21:46:59.0645 3492 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:46:59.0661 3492 Themes - ok
21:46:59.0707 3492 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:46:59.0817 3492 TlntSvr - ok
21:46:59.0832 3492 TosIde - ok
21:46:59.0848 3492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:46:59.0989 3492 TrkWks - ok
21:47:00.0020 3492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:47:00.0145 3492 Udfs - ok
21:47:00.0145 3492 ultra - ok
21:47:00.0176 3492 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
21:47:00.0239 3492 UMWdf - ok
21:47:00.0551 3492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:47:00.0645 3492 Update - ok
21:47:00.0676 3492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:47:00.0910 3492 upnphost - ok
21:47:00.0973 3492 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:47:01.0207 3492 UPS - ok
21:47:01.0348 3492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:01.0441 3492 usbehci - ok
21:47:01.0598 3492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:01.0707 3492 usbhub - ok
21:47:01.0738 3492 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:47:01.0848 3492 usbohci - ok
21:47:01.0879 3492 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:02.0019 3492 usbstor - ok
21:47:02.0051 3492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:47:02.0176 3492 usbuhci - ok
21:47:02.0207 3492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:47:02.0347 3492 VgaSave - ok
21:47:02.0363 3492 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:47:02.0504 3492 ViaIde - ok
21:47:02.0519 3492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:02.0597 3492 VolSnap - ok
21:47:02.0629 3492 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:47:02.0722 3492 VSS - ok
21:47:02.0754 3492 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:47:02.0863 3492 W32Time - ok
21:47:02.0910 3492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:03.0004 3492 Wanarp - ok
21:47:03.0019 3492 WDICA - ok
21:47:03.0050 3492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:03.0160 3492 wdmaud - ok
21:47:03.0191 3492 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:47:03.0300 3492 WebClient - ok
21:47:03.0363 3492 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
21:47:03.0394 3492 winachsx - ok
21:47:03.0472 3492 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:47:03.0566 3492 winmgmt - ok
21:47:03.0582 3492 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
21:47:03.0613 3492 WmdmPmSN - ok
21:47:03.0675 3492 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:47:03.0707 3492 Wmi - ok
21:47:03.0753 3492 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:47:03.0894 3492 WmiApSrv - ok
21:47:03.0988 3492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:47:04.0144 3492 WS2IFSL - ok
21:47:04.0191 3492 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:47:04.0316 3492 wscsvc - ok
21:47:04.0331 3492 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:47:04.0425 3492 wuauserv - ok
21:47:04.0488 3492 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:47:04.0613 3492 WZCSVC - ok
21:47:04.0628 3492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:47:04.0722 3492 xmlprov - ok
21:47:04.0769 3492 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
21:47:04.0909 3492 \Device\Harddisk0\DR0 - ok
21:47:04.0909 3492 Boot (0x1200) (ad4f7dfb128be7a2d20ec5ee0645dec9) \Device\Harddisk0\DR0\Partition0
21:47:04.0909 3492 \Device\Harddisk0\DR0\Partition0 - ok
21:47:04.0909 3492 Boot (0x1200) (5932f9a5e9002d86f1b757b1afc4ad91) \Device\Harddisk0\DR0\Partition1
21:47:04.0909 3492 \Device\Harddisk0\DR0\Partition1 - ok
21:47:04.0909 3492 ============================================================
21:47:04.0909 3492 Scan finished
21:47:04.0909 3492 ============================================================
21:47:05.0019 3428 Detected object count: 6
21:47:05.0019 3428 Actual detected object count: 6
21:47:14.0157 3428 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0157 3428 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:14.0157 3428 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0157 3428 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:14.0173 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0173 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:14.0173 3428 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0173 3428 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:14.0173 3428 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0173 3428 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:14.0173 3428 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:14.0173 3428 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
28-May-2012, 03:15 AM #11
Apologies I missed your question, Yes you can format with DBAN then install Windows from recovery CD set.

TDSSKiller has not identified any Rootkit or TDSS file sets......

If you do intend wiping the HD and re-installing from the CD set mark solved, if not continue:

Download aswMBR from Here
If it asks to update during the process please allow this to happen.
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below



    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt back here for review


You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Kevin...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑