1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possibly Infected Recovery Partition

Discussion in 'Virus & Other Malware Removal' started by brandino3, May 15, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    My computer is an HP Pavilion a1630n. I think the recovery partition on my computer is infected with viruses because whenever I use it to restore my computer to factory default, the viruses come back even after i install antivirus immediately afterwards. There is no sign of infection for awhile after the restore, but eventually the viruses repopulate . I am sure I'm not downloading any viruses. I would wipe out the hard drive, but i do not have an OS disk. Any help would be appreciated.
     
  2. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:09:46 PM, on 5/15/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1336983857312
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: GIDLogonXP - GIDLogonXP.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

    --
    End of file - 5947 bytes





    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by HP_Administrator at 18:13:05 on 2012-05-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1127 [GMT -7:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Worm Protection *Disabled*
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    svchost.exe
    C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    Trusted Zone: trymedia.com
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1336983857312
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{5F88BE79-D526-4949-8CA5-9BFDA9DF7D30} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: GIDLogonXP - GIDLogonXP.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-5-15 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-5-15 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-7 821880]
    R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-5-15 25232]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-5-15 136312]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-5-15 130008]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120515.001\IDSXpx86.sys [2012-5-15 356792]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120515.017\NAVENG.SYS [2012-5-15 87928]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120515.017\NAVEX15.SYS [2012-5-15 1589752]
    R3 rt2870;802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-5-13 517632]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-15 22344]
    S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    S4 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-3-30 65608]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-15 654408]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 00:24:17 744568 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symefa.sys
    2012-05-16 00:24:17 50168 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtspx.sys
    2012-05-16 00:24:17 369784 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdi.sys
    2012-05-16 00:24:17 340088 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symds.sys
    2012-05-16 00:24:17 331384 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symtdiv.sys
    2012-05-16 00:24:17 299640 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symnets.sys
    2012-05-16 00:24:16 516216 ----a-w- c:\windows\system32\drivers\n360\0502010.003\srtsp.sys
    2012-05-16 00:24:16 136312 ----a-r- c:\windows\system32\drivers\n360\0502010.003\ironx86.sys
    2012-05-16 00:23:59 -------- d-----w- c:\windows\system32\drivers\n360\0502010.003
    2012-05-16 00:07:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-05-16 00:07:27 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-05-16 00:07:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-05-16 00:07:27 -------- d-----w- c:\program files\Symantec
    2012-05-16 00:07:13 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-05-16 00:07:05 -------- d-----w- c:\windows\system32\drivers\N360
    2012-05-16 00:07:04 -------- d-----w- c:\program files\Norton Security Suite
    2012-05-15 23:54:07 -------- d-----w- c:\program files\NortonInstaller
    2012-05-15 23:54:07 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    2012-05-15 23:44:18 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2012-05-15 23:14:34 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
    2012-05-15 14:12:58 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\ID Vault
    2012-05-15 14:12:54 -------- d-----w- c:\documents and settings\hp_administrator\application data\ID Vault
    2012-05-15 14:12:40 25232 ------w- c:\windows\system32\drivers\gidv2.sys
    2012-05-15 14:12:37 -------- d-----w- c:\documents and settings\all users\GID
    2012-05-15 14:12:35 -------- d-----w- c:\program files\SFT
    2012-05-15 14:12:18 -------- d-----w- c:\program files\Constant Guard Protection Suite
    2012-05-15 14:08:56 -------- d-----w- c:\windows\system32\XPSViewer
    2012-05-15 14:08:07 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2012-05-15 14:07:51 14048 ------w- c:\windows\system32\spmsg2.dll
    2012-05-15 13:59:45 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
    2012-05-15 11:03:25 -------- d-----w- c:\windows\SxsCaPendDel
    2012-05-15 10:44:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
    2012-05-15 10:44:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-05-15 10:44:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-15 10:44:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-15 10:39:39 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-05-15 10:39:11 -------- d-----w- c:\program files\SpywareBlaster
    2012-05-15 10:29:04 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
    2012-05-15 10:28:40 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-15 10:28:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-05-15 10:23:50 -------- d-s---w- C:\ComboFix
    2012-05-14 12:31:47 274288 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-14 12:31:47 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-14 08:25:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2012-05-14 06:41:05 -------- d-----w- c:\program files\ESET
    2012-05-14 00:20:09 -------- d-----w- c:\windows\pss
    2012-05-14 00:10:52 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-13 22:24:27 -------- d-----w- C:\temp
    2012-05-13 21:43:40 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Google
    2012-05-13 21:43:10 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
    2012-05-13 21:42:52 -------- d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
    2012-05-13 21:41:20 -------- d-sh--w- c:\documents and settings\hp_administrator\IETldCache
    2012-05-13 21:24:48 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
    2012-05-13 21:24:26 -------- d-----w- c:\windows\ie8updates
    2012-05-13 21:24:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2012-05-13 21:24:20 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2012-05-13 21:24:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2012-05-13 21:24:20 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2012-05-13 21:24:20 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
    2012-05-13 21:24:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2012-05-13 21:24:20 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
    2012-05-13 21:23:13 -------- dc-h--w- c:\windows\ie8
    2012-05-13 21:05:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2012-05-13 21:04:40 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-05-13 21:02:56 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
    2012-05-13 21:02:55 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-05-13 21:02:45 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-05-13 21:02:43 3072 ------w- c:\windows\system32\iacenc.dll
    2012-05-13 21:02:43 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-05-13 21:01:10 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2012-05-13 20:52:18 -------- d-sha-r- C:\cmdcons
    2012-05-13 20:44:04 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
    2012-05-13 20:44:04 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2012-05-13 20:43:25 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2012-05-13 20:21:49 -------- d-----w- c:\windows\system32\scripting
    2012-05-13 20:21:49 -------- d-----w- c:\windows\l2schemas
    2012-05-13 20:21:48 -------- d-----w- c:\windows\system32\en
    2012-05-13 20:21:48 -------- d-----w- c:\windows\system32\bits
    2012-05-13 20:18:32 -------- d-----w- c:\windows\network diagnostic
    2012-05-13 07:16:05 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-05-13 07:15:43 -------- d-----w- c:\program files\SMC
    2012-05-13 07:15:25 -------- d-----w- c:\windows\setup.pss
    2012-05-13 07:15:16 517632 ----a-r- c:\windows\system32\drivers\rt2870.sys
    2012-05-13 07:06:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-05-13 07:06:47 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2012-05-13 06:52:37 -------- d-----r- c:\documents and settings\all users\Documents
    2012-05-13 06:50:56 -------- d-----r- c:\windows\Offline Web Pages
    2012-05-13 06:47:47 -------- d-sh--r- c:\windows\system32\dllcache
    2012-05-13 05:42:09 -------- d-----w- c:\program files\MSXML 4.0
    2012-05-13 05:31:14 -------- d-----w- c:\windows\ServicePackFiles
    2012-05-13 05:20:32 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2012-05-13 05:18:35 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2012-05-13 05:18:17 357888 ------w- c:\windows\system32\dllcache\srv.sys
    2012-05-13 05:17:24 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2012-05-13 05:17:24 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2012-05-13 05:17:16 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2012-05-13 05:12:33 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2012-05-13 05:11:49 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2012-05-13 05:11:49 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2012-05-13 05:11:45 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2012-05-13 05:06:22 23040 ------w- c:\windows\kb913800.exe
    2012-05-13 05:03:26 -------- d-----w- c:\windows\system32\PreInstall
    2012-05-13 04:43:09 -------- d-----w- c:\windows\system32\appmgmt
    2012-05-13 04:19:52 -------- d-sh--w- c:\documents and settings\hp_administrator\UserData
    2012-05-13 04:16:47 -------- d-----w- c:\windows\system32\SoftwareDistribution
    .
    ==================== Find3M ====================
    .
    2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
    2012-02-28 18:50:29 81920 ------w- c:\windows\system32\ieencode.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A686AB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000079[0x8A615F18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP2T0L0-e[0x8A60DD98]
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
    user != kernel MBR !!!
    .
    ============= FINISH: 18:14:33.92 ===============





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-15 19:27:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e rev.
    Running: o1i02ik0.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uwdcqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A15ADF0 ZwAlertResumeThread
    SSDT 8A193C50 ZwAlertThread
    SSDT 8A1351A8 ZwAllocateVirtualMemory
    SSDT 89E021A8 ZwAssignProcessToJobObject
    SSDT 88E11960 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5F43710]
    SSDT 89E23108 ZwCreateMutant
    SSDT 8A0CE280 ZwCreateSymbolicLinkObject
    SSDT 8A0E9650 ZwCreateThread
    SSDT 8A099108 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5F43990]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5F43EF0]
    SSDT 8A6EA9D0 ZwDuplicateObject
    SSDT 89890260 ZwFreeVirtualMemory
    SSDT 89FE0E88 ZwImpersonateAnonymousToken
    SSDT 89FDF520 ZwImpersonateThread
    SSDT 8A0BB278 ZwLoadDriver
    SSDT 89E9ECB8 ZwMapViewOfSection
    SSDT 8A13ECB8 ZwOpenEvent
    SSDT 89E4B190 ZwOpenProcess
    SSDT 8A31ADB0 ZwOpenProcessToken
    SSDT 89F46798 ZwOpenSection
    SSDT 8A60D428 ZwOpenThread
    SSDT 89E41F18 ZwProtectVirtualMemory
    SSDT 8A0D8B30 ZwResumeThread
    SSDT 89818770 ZwSetContextThread
    SSDT 8986F8A0 ZwSetInformationProcess
    SSDT 89F4BB30 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5F44140]
    SSDT 89F473D8 ZwSuspendProcess
    SSDT 8A0D7DE8 ZwSuspendThread
    SSDT 89E0A1A8 ZwTerminateProcess
    SSDT 8A0D8650 ZwTerminateThread
    SSDT 89F46C50 ZwUnmapViewOfSection
    SSDT 8A152130 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8EB4360, 0x20574D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3C, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91121A
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3C, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3C, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91128B
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9113B9
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3C, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00]
    .text C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process C:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\nsi7B.tmp\SWREG.DAT (*** hidden *** ) 3132

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  3. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,654
    The HP Pavilion Media Center a1630n desktop is almost 6 years old, so HP will not have a recovery disc kit available for it for purchase.

    You can purchase the recovery disc kit for that desktop from here for $27.00 plus shipping.

    If you suspect the built-in recovery partition got infected in some way, then using the kit instead of the partition is a better option.

    You should have the kit anyway. If the hard drive dies and needs to be replaced, the partition will be lost.

    ------------------------------------------------------------
     
  5. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    OH thank you very much! i didnt know they made recovery disks for my machine. Should i mark this thread solved?
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,654
    It's your choice.

    Leave it open and see if a gold/blue shield removal specialist can assist you.

    Close it for now, then buy the recovery disc kit and use it to do another full system recovery.

    ----------------------------------------------------------
     
  7. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    Quick Question: If i wipe out the hard drive using a program like DBAN, will the recovery disks still work on my machine?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on [​IMG] to run the application.
    • The "Ready to scan" window will open, Click on "Change parameters"


      [​IMG]

    • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.



      [​IMG]

    • Select "Start Scan"


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin...
     
  9. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    I have ordered the recovery disks already and im intending on fixing it that way. Can you please answer my previous question?
     
  10. brandino3

    brandino3 Thread Starter

    Joined:
    May 15, 2012
    Messages:
    15
    21:46:11.0140 2120 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    21:46:11.0452 2120 ============================================================
    21:46:11.0452 2120 Current date / time: 2012/05/27 21:46:11.0452
    21:46:11.0452 2120 SystemInfo:
    21:46:11.0468 2120
    21:46:11.0468 2120 OS Version: 5.1.2600 ServicePack: 3.0
    21:46:11.0468 2120 Product type: Workstation
    21:46:11.0468 2120 ComputerName: CHARLENE
    21:46:11.0468 2120 UserName: HP_Administrator
    21:46:11.0468 2120 Windows directory: C:\WINDOWS
    21:46:11.0468 2120 System windows directory: C:\WINDOWS
    21:46:11.0468 2120 Processor architecture: Intel x86
    21:46:11.0468 2120 Number of processors: 2
    21:46:11.0468 2120 Page size: 0x1000
    21:46:11.0468 2120 Boot type: Normal boot
    21:46:11.0468 2120 ============================================================
    21:46:14.0983 2120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    21:46:14.0998 2120 ============================================================
    21:46:14.0998 2120 \Device\Harddisk0\DR0:
    21:46:15.0045 2120 MBR partitions:
    21:46:15.0045 2120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C01247F
    21:46:15.0045 2120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C01637F, BlocksNum 0x11AE202
    21:46:15.0045 2120 ============================================================
    21:46:15.0092 2120 C: <-> \Device\Harddisk0\DR0\Partition0
    21:46:15.0123 2120 D: <-> \Device\Harddisk0\DR0\Partition1
    21:46:15.0123 2120 ============================================================
    21:46:15.0123 2120 Initialize success
    21:46:15.0123 2120 ============================================================
    21:46:23.0762 3492 ============================================================
    21:46:23.0762 3492 Scan started
    21:46:23.0762 3492 Mode: Manual; SigCheck; TDLFS;
    21:46:23.0762 3492 ============================================================
    21:46:25.0012 3492 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    21:46:25.0199 3492 !SASCORE - ok
    21:46:25.0402 3492 Abiosdsk - ok
    21:46:25.0418 3492 abp480n5 - ok
    21:46:25.0699 3492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:46:26.0215 3492 ACPI - ok
    21:46:26.0230 3492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:46:26.0355 3492 ACPIEC - ok
    21:46:26.0355 3492 adpu160m - ok
    21:46:26.0402 3492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:46:26.0527 3492 aec - ok
    21:46:26.0558 3492 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    21:46:26.0590 3492 AegisP ( UnsignedFile.Multi.Generic ) - warning
    21:46:26.0590 3492 AegisP - detected UnsignedFile.Multi.Generic (1)
    21:46:26.0636 3492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    21:46:26.0683 3492 AFD - ok
    21:46:26.0683 3492 Aha154x - ok
    21:46:26.0683 3492 aic78u2 - ok
    21:46:26.0699 3492 aic78xx - ok
    21:46:26.0730 3492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    21:46:26.0855 3492 Alerter - ok
    21:46:26.0871 3492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    21:46:27.0027 3492 ALG - ok
    21:46:27.0027 3492 AliIde - ok
    21:46:27.0058 3492 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    21:46:27.0105 3492 AmdK8 - ok
    21:46:27.0105 3492 amsint - ok
    21:46:27.0152 3492 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    21:46:27.0261 3492 AppMgmt - ok
    21:46:27.0277 3492 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
    21:46:27.0293 3492 aracpi - ok
    21:46:27.0324 3492 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
    21:46:27.0339 3492 arhidfltr - ok
    21:46:27.0339 3492 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
    21:46:27.0355 3492 arkbcfltr - ok
    21:46:27.0371 3492 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
    21:46:27.0402 3492 armoucfltr - ok
    21:46:27.0402 3492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:46:27.0511 3492 Arp1394 - ok
    21:46:27.0527 3492 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
    21:46:27.0543 3492 ARPolicy - ok
    21:46:27.0589 3492 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
    21:46:27.0621 3492 ARSVC - ok
    21:46:27.0621 3492 asc - ok
    21:46:27.0636 3492 asc3350p - ok
    21:46:27.0636 3492 asc3550 - ok
    21:46:27.0949 3492 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    21:46:27.0964 3492 aspnet_state - ok
    21:46:27.0996 3492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:46:28.0136 3492 AsyncMac - ok
    21:46:28.0167 3492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:46:28.0324 3492 atapi - ok
    21:46:28.0324 3492 Atdisk - ok
    21:46:28.0339 3492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:46:28.0464 3492 Atmarpc - ok
    21:46:28.0495 3492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    21:46:28.0620 3492 AudioSrv - ok
    21:46:28.0620 3492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:46:28.0745 3492 audstub - ok
    21:46:28.0745 3492 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
    21:46:28.0777 3492 bb-run - ok
    21:46:28.0808 3492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:46:28.0964 3492 Beep - ok
    21:46:29.0245 3492 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys
    21:46:29.0323 3492 BHDrvx86 - ok
    21:46:29.0370 3492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    21:46:29.0480 3492 BITS - ok
    21:46:29.0495 3492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    21:46:29.0651 3492 Browser - ok
    21:46:29.0730 3492 catchme - ok
    21:46:29.0792 3492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:46:29.0979 3492 cbidf2k - ok
    21:46:29.0979 3492 cd20xrnt - ok
    21:46:29.0995 3492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:46:30.0167 3492 Cdaudio - ok
    21:46:30.0214 3492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:46:30.0339 3492 Cdfs - ok
    21:46:30.0354 3492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:46:30.0479 3492 Cdrom - ok
    21:46:30.0479 3492 Changer - ok
    21:46:30.0511 3492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    21:46:30.0620 3492 CiSvc - ok
    21:46:30.0636 3492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    21:46:30.0745 3492 ClipSrv - ok
    21:46:31.0042 3492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:46:31.0057 3492 clr_optimization_v2.0.50727_32 - ok
    21:46:31.0057 3492 CmdIde - ok
    21:46:31.0073 3492 COMSysApp - ok
    21:46:31.0073 3492 Cpqarray - ok
    21:46:31.0104 3492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    21:46:31.0198 3492 CryptSvc - ok
    21:46:31.0214 3492 dac2w2k - ok
    21:46:31.0214 3492 dac960nt - ok
    21:46:31.0276 3492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    21:46:31.0323 3492 DcomLaunch - ok
    21:46:31.0354 3492 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    21:46:31.0510 3492 Dhcp - ok
    21:46:31.0526 3492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:46:31.0651 3492 Disk - ok
    21:46:31.0667 3492 dmadmin - ok
    21:46:31.0729 3492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:46:31.0870 3492 dmboot - ok
    21:46:31.0917 3492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:46:32.0057 3492 dmio - ok
    21:46:32.0073 3492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:46:32.0245 3492 dmload - ok
    21:46:32.0276 3492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    21:46:32.0385 3492 dmserver - ok
    21:46:32.0416 3492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:46:32.0510 3492 DMusic - ok
    21:46:32.0541 3492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    21:46:32.0557 3492 Dnscache - ok
    21:46:32.0588 3492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    21:46:32.0698 3492 Dot3svc - ok
    21:46:32.0698 3492 dpti2o - ok
    21:46:32.0713 3492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:46:32.0807 3492 drmkaud - ok
    21:46:32.0823 3492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    21:46:32.0932 3492 EapHost - ok
    21:46:33.0057 3492 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    21:46:33.0073 3492 eeCtrl - ok
    21:46:33.0135 3492 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
    21:46:33.0151 3492 ehRecvr - ok
    21:46:33.0447 3492 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    21:46:33.0510 3492 ehSched - ok
    21:46:33.0557 3492 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    21:46:33.0572 3492 EraserUtilRebootDrv - ok
    21:46:33.0604 3492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    21:46:33.0822 3492 ERSvc - ok
    21:46:33.0869 3492 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:46:33.0901 3492 Eventlog - ok
    21:46:33.0947 3492 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    21:46:33.0963 3492 EventSystem - ok
    21:46:34.0025 3492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:46:34.0135 3492 Fastfat - ok
    21:46:34.0182 3492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:46:34.0229 3492 FastUserSwitchingCompatibility - ok
    21:46:34.0244 3492 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    21:46:34.0354 3492 Fax - ok
    21:46:34.0385 3492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    21:46:34.0525 3492 Fdc - ok
    21:46:34.0557 3492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:46:34.0697 3492 Fips - ok
    21:46:34.0697 3492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    21:46:34.0838 3492 Flpydisk - ok
    21:46:34.0885 3492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:46:35.0025 3492 FltMgr - ok
    21:46:35.0166 3492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    21:46:35.0181 3492 FontCache3.0.0.0 - ok
    21:46:35.0197 3492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:46:35.0369 3492 Fs_Rec - ok
    21:46:35.0385 3492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:46:35.0525 3492 Ftdisk - ok
    21:46:35.0556 3492 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
    21:46:35.0572 3492 ftsata2 - ok
    21:46:35.0603 3492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:46:35.0619 3492 GEARAspiWDM - ok
    21:46:35.0650 3492 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
    21:46:35.0681 3492 GIDv2 - ok
    21:46:35.0697 3492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:46:35.0822 3492 Gpc - ok
    21:46:35.0838 3492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:46:35.0931 3492 HDAudBus - ok
    21:46:36.0025 3492 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    21:46:36.0166 3492 helpsvc - ok
    21:46:36.0166 3492 HidServ - ok
    21:46:36.0197 3492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:46:36.0306 3492 HidUsb - ok
    21:46:36.0353 3492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    21:46:36.0494 3492 hkmsvc - ok
    21:46:36.0494 3492 hpn - ok
    21:46:36.0525 3492 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
    21:46:36.0556 3492 HSXHWBS2 - ok
    21:46:36.0603 3492 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
    21:46:36.0666 3492 HSX_DP - ok
    21:46:36.0712 3492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:46:36.0759 3492 HTTP - ok
    21:46:36.0806 3492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    21:46:36.0947 3492 HTTPFilter - ok
    21:46:36.0947 3492 i2omgmt - ok
    21:46:36.0947 3492 i2omp - ok
    21:46:36.0994 3492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:46:37.0103 3492 i8042prt - ok
    21:46:37.0150 3492 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    21:46:37.0212 3492 iaStor - ok
    21:46:37.0290 3492 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:46:37.0322 3492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    21:46:37.0322 3492 IDriverT - detected UnsignedFile.Multi.Generic (1)
    21:46:37.0603 3492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:46:37.0634 3492 idsvc - ok
    21:46:37.0915 3492 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120525.001\IDSxpx86.sys
    21:46:37.0978 3492 IDSxpx86 - ok
    21:46:38.0025 3492 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
    21:46:38.0071 3492 IDVaultSvc - ok
    21:46:38.0243 3492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:46:38.0493 3492 Imapi - ok
    21:46:38.0540 3492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    21:46:38.0649 3492 ImapiService - ok
    21:46:38.0649 3492 ini910u - ok
    21:46:38.0884 3492 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    21:46:39.0024 3492 IntcAzAudAddService - ok
    21:46:39.0118 3492 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:46:39.0259 3492 IntelIde - ok
    21:46:39.0290 3492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:46:39.0384 3492 intelppm - ok
    21:46:39.0399 3492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:46:39.0524 3492 Ip6Fw - ok
    21:46:39.0540 3492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:46:39.0696 3492 IpFilterDriver - ok
    21:46:39.0727 3492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:46:39.0837 3492 IpInIp - ok
    21:46:39.0884 3492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:46:40.0009 3492 IpNat - ok
    21:46:40.0024 3492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:46:40.0149 3492 IPSec - ok
    21:46:40.0165 3492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:46:40.0274 3492 IRENUM - ok
    21:46:40.0274 3492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:46:40.0368 3492 isapnp - ok
    21:46:40.0555 3492 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    21:46:40.0555 3492 JavaQuickStarterService - ok
    21:46:40.0602 3492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:46:40.0712 3492 Kbdclass - ok
    21:46:40.0743 3492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:46:40.0852 3492 kmixer - ok
    21:46:40.0868 3492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:46:40.0883 3492 KSecDD - ok
    21:46:40.0915 3492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    21:46:40.0961 3492 lanmanserver - ok
    21:46:40.0993 3492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    21:46:41.0024 3492 lanmanworkstation - ok
    21:46:41.0024 3492 lbrtfdc - ok
    21:46:41.0071 3492 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    21:46:41.0086 3492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    21:46:41.0086 3492 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    21:46:41.0118 3492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    21:46:41.0211 3492 LmHosts - ok
    21:46:41.0243 3492 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    21:46:41.0258 3492 MBAMProtector - ok
    21:46:41.0321 3492 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    21:46:41.0383 3492 MBAMService - ok
    21:46:41.0461 3492 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    21:46:41.0493 3492 McrdSvc - ok
    21:46:41.0555 3492 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    21:46:41.0586 3492 mdmxsdk - ok
    21:46:41.0618 3492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    21:46:41.0727 3492 Messenger - ok
    21:46:41.0914 3492 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    21:46:41.0930 3492 MHN ( UnsignedFile.Multi.Generic ) - warning
    21:46:41.0930 3492 MHN - detected UnsignedFile.Multi.Generic (1)
    21:46:41.0946 3492 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    21:46:41.0946 3492 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
    21:46:41.0946 3492 MHNDRV - detected UnsignedFile.Multi.Generic (1)
    21:46:41.0977 3492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:46:42.0133 3492 mnmdd - ok
    21:46:42.0164 3492 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    21:46:42.0258 3492 mnmsrvc - ok
    21:46:42.0289 3492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:46:42.0414 3492 Modem - ok
    21:46:42.0430 3492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:46:42.0555 3492 Mouclass - ok
    21:46:42.0586 3492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:46:42.0789 3492 mouhid - ok
    21:46:42.0805 3492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:46:42.0961 3492 MountMgr - ok
    21:46:42.0961 3492 mraid35x - ok
    21:46:43.0024 3492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:46:43.0164 3492 MRxDAV - ok
    21:46:43.0227 3492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:46:43.0273 3492 MRxSmb - ok
    21:46:43.0305 3492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:46:43.0461 3492 Msfs - ok
    21:46:43.0477 3492 MSIServer - ok
    21:46:43.0508 3492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:46:43.0633 3492 MSKSSRV - ok
    21:46:43.0648 3492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:46:43.0789 3492 MSPCLOCK - ok
    21:46:43.0820 3492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:46:43.0930 3492 MSPQM - ok
    21:46:43.0976 3492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:46:44.0086 3492 mssmbios - ok
    21:46:44.0101 3492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    21:46:44.0133 3492 Mup - ok
    21:46:44.0320 3492 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    21:46:44.0336 3492 N360 - ok
    21:46:44.0367 3492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    21:46:44.0492 3492 napagent - ok
    21:46:44.0742 3492 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120527.009\NAVENG.SYS
    21:46:44.0758 3492 NAVENG - ok
    21:46:44.0867 3492 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120527.009\NAVEX15.SYS
    21:46:44.0914 3492 NAVEX15 - ok
    21:46:45.0101 3492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:46:45.0320 3492 NDIS - ok
    21:46:45.0367 3492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:46:45.0398 3492 NdisTapi - ok
    21:46:45.0414 3492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:46:45.0507 3492 Ndisuio - ok
    21:46:45.0523 3492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:46:45.0632 3492 NdisWan - ok
    21:46:45.0648 3492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:46:45.0695 3492 NDProxy - ok
    21:46:45.0726 3492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:46:45.0851 3492 NetBIOS - ok
    21:46:45.0867 3492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:46:46.0023 3492 NetBT - ok
    21:46:46.0054 3492 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:46:46.0195 3492 NetDDE - ok
    21:46:46.0195 3492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:46:46.0288 3492 NetDDEdsdm - ok
    21:46:46.0335 3492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:46:46.0429 3492 Netlogon - ok
    21:46:46.0445 3492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    21:46:46.0538 3492 Netman - ok
    21:46:46.0773 3492 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:46:46.0788 3492 NetTcpPortSharing - ok
    21:46:46.0804 3492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    21:46:46.0945 3492 NIC1394 - ok
    21:46:47.0288 3492 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    21:46:47.0335 3492 Nla - ok
    21:46:47.0460 3492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:46:47.0616 3492 Npfs - ok
    21:46:47.0710 3492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:46:47.0897 3492 Ntfs - ok
    21:46:47.0897 3492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:46:47.0991 3492 NtLmSsp - ok
    21:46:48.0366 3492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    21:46:48.0522 3492 NtmsSvc - ok
    21:46:48.0554 3492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:46:48.0757 3492 Null - ok
    21:46:48.0928 3492 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    21:46:49.0085 3492 nv - ok
    21:46:49.0241 3492 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    21:46:49.0272 3492 NVENETFD - ok
    21:46:49.0319 3492 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    21:46:49.0350 3492 nvnetbus - ok
    21:46:49.0397 3492 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
    21:46:49.0428 3492 NVSvc - ok
    21:46:49.0444 3492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:46:49.0600 3492 NwlnkFlt - ok
    21:46:49.0616 3492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:46:49.0788 3492 NwlnkFwd - ok
    21:46:49.0866 3492 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:46:49.0991 3492 ohci1394 - ok
    21:46:50.0147 3492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:46:50.0241 3492 Parport - ok
    21:46:50.0241 3492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:46:50.0366 3492 PartMgr - ok
    21:46:50.0381 3492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:46:50.0522 3492 ParVdm - ok
    21:46:50.0538 3492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:46:50.0662 3492 PCI - ok
    21:46:50.0662 3492 PCIDump - ok
    21:46:50.0662 3492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:46:50.0881 3492 PCIIde - ok
    21:46:51.0084 3492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:46:51.0272 3492 Pcmcia - ok
    21:46:51.0287 3492 PDCOMP - ok
    21:46:51.0287 3492 PDFRAME - ok
    21:46:51.0287 3492 PDRELI - ok
    21:46:51.0303 3492 PDRFRAME - ok
    21:46:51.0303 3492 perc2 - ok
    21:46:51.0303 3492 perc2hib - ok
    21:46:51.0584 3492 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:46:51.0600 3492 PlugPlay - ok
    21:46:51.0647 3492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:46:51.0740 3492 PolicyAgent - ok
    21:46:51.0772 3492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:46:51.0881 3492 PptpMiniport - ok
    21:46:51.0912 3492 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    21:46:51.0990 3492 Processor - ok
    21:46:52.0006 3492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:46:52.0100 3492 ProtectedStorage - ok
    21:46:52.0131 3492 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
    21:46:52.0178 3492 Ps2 - ok
    21:46:52.0178 3492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:46:52.0272 3492 PSched - ok
    21:46:52.0272 3492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:46:52.0443 3492 Ptilink - ok
    21:46:52.0443 3492 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:46:52.0459 3492 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
    21:46:52.0459 3492 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
    21:46:52.0459 3492 ql1080 - ok
    21:46:52.0459 3492 Ql10wnt - ok
    21:46:52.0475 3492 ql12160 - ok
    21:46:52.0475 3492 ql1240 - ok
    21:46:52.0475 3492 ql1280 - ok
    21:46:52.0506 3492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:46:52.0631 3492 RasAcd - ok
    21:46:52.0678 3492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    21:46:52.0787 3492 RasAuto - ok
    21:46:52.0803 3492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:46:52.0912 3492 Rasl2tp - ok
    21:46:52.0943 3492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    21:46:53.0240 3492 RasMan - ok
    21:46:53.0303 3492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:46:53.0396 3492 RasPppoe - ok
    21:46:53.0428 3492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:46:53.0584 3492 Raspti - ok
    21:46:53.0599 3492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:46:53.0709 3492 Rdbss - ok
    21:46:53.0740 3492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:46:53.0865 3492 RDPCDD - ok
    21:46:53.0881 3492 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:46:53.0974 3492 rdpdr - ok
    21:46:54.0021 3492 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:46:54.0052 3492 RDPWD - ok
    21:46:54.0068 3492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    21:46:54.0177 3492 RDSessMgr - ok
    21:46:54.0209 3492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:46:54.0287 3492 redbook - ok
    21:46:54.0334 3492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    21:46:54.0443 3492 RemoteAccess - ok
    21:46:54.0474 3492 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    21:46:54.0584 3492 RemoteRegistry - ok
    21:46:54.0599 3492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    21:46:54.0693 3492 RpcLocator - ok
    21:46:54.0755 3492 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    21:46:54.0771 3492 RpcSs - ok
    21:46:54.0818 3492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    21:46:54.0943 3492 RSVP - ok
    21:46:55.0005 3492 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    21:46:55.0037 3492 rt2870 - ok
    21:46:55.0068 3492 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    21:46:55.0115 3492 rtl8139 - ok
    21:46:55.0162 3492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:46:55.0255 3492 SamSs - ok
    21:46:55.0333 3492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    21:46:55.0349 3492 SASDIFSV - ok
    21:46:55.0349 3492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    21:46:55.0365 3492 SASKUTIL - ok
    21:46:55.0380 3492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    21:46:55.0505 3492 SCardSvr - ok
    21:46:55.0521 3492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    21:46:55.0661 3492 Schedule - ok
    21:46:55.0693 3492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:46:55.0802 3492 Secdrv - ok
    21:46:55.0833 3492 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    21:46:55.0958 3492 seclogon - ok
    21:46:55.0974 3492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    21:46:56.0068 3492 SENS - ok
    21:46:56.0099 3492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    21:46:56.0224 3492 Serial - ok
    21:46:56.0255 3492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:46:56.0364 3492 Sfloppy - ok
    21:46:56.0411 3492 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    21:46:56.0536 3492 SharedAccess - ok
    21:46:56.0567 3492 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:46:56.0614 3492 ShellHWDetection - ok
    21:46:56.0614 3492 Simbad - ok
    21:46:56.0630 3492 Sparrow - ok
    21:46:56.0646 3492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:46:56.0771 3492 splitter - ok
    21:46:56.0802 3492 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    21:46:56.0833 3492 Spooler - ok
    21:46:56.0864 3492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:46:57.0005 3492 sr - ok
    21:46:57.0052 3492 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    21:46:57.0145 3492 srservice - ok
    21:46:57.0239 3492 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
    21:46:57.0270 3492 SRTSP - ok
    21:46:57.0286 3492 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
    21:46:57.0302 3492 SRTSPX - ok
    21:46:57.0349 3492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:46:57.0395 3492 Srv - ok
    21:46:57.0427 3492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    21:46:57.0552 3492 SSDPSRV - ok
    21:46:57.0598 3492 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    21:46:57.0708 3492 stisvc - ok
    21:46:57.0723 3492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:46:57.0864 3492 swenum - ok
    21:46:57.0895 3492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:46:58.0005 3492 swmidi - ok
    21:46:58.0020 3492 SwPrv - ok
    21:46:58.0020 3492 symc810 - ok
    21:46:58.0036 3492 symc8xx - ok
    21:46:58.0067 3492 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
    21:46:58.0098 3492 SymDS - ok
    21:46:58.0145 3492 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
    21:46:58.0192 3492 SymEFA - ok
    21:46:58.0286 3492 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    21:46:58.0301 3492 SymEvent - ok
    21:46:58.0333 3492 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
    21:46:58.0348 3492 SymIRON - ok
    21:46:58.0380 3492 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
    21:46:58.0411 3492 SYMTDI - ok
    21:46:58.0411 3492 sym_hi - ok
    21:46:58.0426 3492 sym_u3 - ok
    21:46:58.0458 3492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:46:58.0598 3492 sysaudio - ok
    21:46:58.0629 3492 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    21:46:58.0770 3492 SysmonLog - ok
    21:46:58.0801 3492 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    21:46:58.0942 3492 TapiSrv - ok
    21:46:58.0989 3492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:46:59.0036 3492 Tcpip - ok
    21:46:59.0051 3492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:46:59.0176 3492 TDPIPE - ok
    21:46:59.0192 3492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:46:59.0317 3492 TDTCP - ok
    21:46:59.0348 3492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:46:59.0457 3492 TermDD - ok
    21:46:59.0473 3492 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    21:46:59.0598 3492 TermService - ok
    21:46:59.0645 3492 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:46:59.0661 3492 Themes - ok
    21:46:59.0707 3492 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    21:46:59.0817 3492 TlntSvr - ok
    21:46:59.0832 3492 TosIde - ok
    21:46:59.0848 3492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    21:46:59.0989 3492 TrkWks - ok
    21:47:00.0020 3492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:47:00.0145 3492 Udfs - ok
    21:47:00.0145 3492 ultra - ok
    21:47:00.0176 3492 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
    21:47:00.0239 3492 UMWdf - ok
    21:47:00.0551 3492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:47:00.0645 3492 Update - ok
    21:47:00.0676 3492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    21:47:00.0910 3492 upnphost - ok
    21:47:00.0973 3492 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    21:47:01.0207 3492 UPS - ok
    21:47:01.0348 3492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:47:01.0441 3492 usbehci - ok
    21:47:01.0598 3492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:47:01.0707 3492 usbhub - ok
    21:47:01.0738 3492 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    21:47:01.0848 3492 usbohci - ok
    21:47:01.0879 3492 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:47:02.0019 3492 usbstor - ok
    21:47:02.0051 3492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:47:02.0176 3492 usbuhci - ok
    21:47:02.0207 3492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:47:02.0347 3492 VgaSave - ok
    21:47:02.0363 3492 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    21:47:02.0504 3492 ViaIde - ok
    21:47:02.0519 3492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:47:02.0597 3492 VolSnap - ok
    21:47:02.0629 3492 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    21:47:02.0722 3492 VSS - ok
    21:47:02.0754 3492 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    21:47:02.0863 3492 W32Time - ok
    21:47:02.0910 3492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:47:03.0004 3492 Wanarp - ok
    21:47:03.0019 3492 WDICA - ok
    21:47:03.0050 3492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:47:03.0160 3492 wdmaud - ok
    21:47:03.0191 3492 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    21:47:03.0300 3492 WebClient - ok
    21:47:03.0363 3492 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    21:47:03.0394 3492 winachsx - ok
    21:47:03.0472 3492 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    21:47:03.0566 3492 winmgmt - ok
    21:47:03.0582 3492 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
    21:47:03.0613 3492 WmdmPmSN - ok
    21:47:03.0675 3492 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    21:47:03.0707 3492 Wmi - ok
    21:47:03.0753 3492 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    21:47:03.0894 3492 WmiApSrv - ok
    21:47:03.0988 3492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    21:47:04.0144 3492 WS2IFSL - ok
    21:47:04.0191 3492 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    21:47:04.0316 3492 wscsvc - ok
    21:47:04.0331 3492 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    21:47:04.0425 3492 wuauserv - ok
    21:47:04.0488 3492 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    21:47:04.0613 3492 WZCSVC - ok
    21:47:04.0628 3492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    21:47:04.0722 3492 xmlprov - ok
    21:47:04.0769 3492 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
    21:47:04.0909 3492 \Device\Harddisk0\DR0 - ok
    21:47:04.0909 3492 Boot (0x1200) (ad4f7dfb128be7a2d20ec5ee0645dec9) \Device\Harddisk0\DR0\Partition0
    21:47:04.0909 3492 \Device\Harddisk0\DR0\Partition0 - ok
    21:47:04.0909 3492 Boot (0x1200) (5932f9a5e9002d86f1b757b1afc4ad91) \Device\Harddisk0\DR0\Partition1
    21:47:04.0909 3492 \Device\Harddisk0\DR0\Partition1 - ok
    21:47:04.0909 3492 ============================================================
    21:47:04.0909 3492 Scan finished
    21:47:04.0909 3492 ============================================================
    21:47:05.0019 3428 Detected object count: 6
    21:47:05.0019 3428 Actual detected object count: 6
    21:47:14.0157 3428 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0157 3428 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:47:14.0157 3428 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0157 3428 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:47:14.0173 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0173 3428 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:47:14.0173 3428 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0173 3428 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:47:14.0173 3428 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0173 3428 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:47:14.0173 3428 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
    21:47:14.0173 3428 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Apologies I missed your question, Yes you can format with DBAN then install Windows from recovery CD set.

    TDSSKiller has not identified any Rootkit or TDSS file sets......

    If you do intend wiping the HD and re-installing from the CD set mark solved, if not continue:

    Download aswMBR from Here
    If it asks to update during the process please allow this to happen.

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review


    You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Kevin...
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1053409