[A] Trojan.gen.2 & trojan.zeroaccess!

Inactive
By LABJ
Mar 29, 2012
Topic Status:
Not open for further replies.
  1. Good evening!
    I'm having a real issue with getting rid of TROJAN.GEN.2 & TROJAN.ZEROACCESS Rookit! off of my desktop. Please help me! This virus is making ads pop up immediately on my screen, my network connection (internet) is down, my antivirus is not avail to run... Im currently running on safe mode trying to run malware and antivirus scans but those doesn't help much... PLEASE HELP ME! Windows XP system

    Thank you
    Jennifer
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Hi Broni... Thank you so much for replying.. I haven't started the process yet but I just wanted to state that I only have one pc (infected).. If I'm not able to post the logs once the scan is completed.. I can only reply to you on my android phone... My pc internet is down due to the virus... Is it ok that I remain on Safe mOde (networking... I have access to the internet and able to run antivirus) or should I return to normal mode (I can't access the internet nor run my Norton antiV)
  4. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Safe Mode with Networking will be fine for now.
  5. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Malwarebyte AntiV.. Scan Results

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.29.09

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: JAII [administrator]

    Protection: Disabled

    3/29/2012 9:24:15 PM
    mbam-log-2012-03-29 (21-24-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 322783
    Time elapsed: 11 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 18
    C:\WINDOWS\system32\ATSWPDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbidf2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CdaD10BA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DVDVRRdr_xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\earthlinksafeconnectagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hotspotshieldservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LUsbKbd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lvcomser.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lyncusbserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NxFsMon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pdlndtdl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pnarp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SunkFilt39.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svcwrsssdk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SWNC8U20.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tmcomm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Xyz777s.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

    (end)
  6. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Restarting PC....
  7. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    GMER.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-29 21:54:14
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200826AS rev.3.03
    Running: 92bfqyml.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxldypog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
    Disk \Device\Harddisk0\DR0 PE file @ sector 390716865

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 1848

    ---- EOF - GMER 1.0.15 ----
  8. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    DDS Attach.txt log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 21:56:48 on 2012-03-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.494 [GMT -4:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
    mRun: [DISCover] c:\program files\disc\DISCover.exe
    mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
    mRun: [<NO NAME>]
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    Trusted Zone: trymedia.com
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302294965281
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{C4E78A90-4060-4034-813C-905D5F65EF2D} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Notify: AtiExtEvent - Ati2evxx.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
    S0 ujpcjh;ujpcjh;c:\windows\system32\drivers\ggav.sys --> c:\windows\system32\drivers\ggav.sys [?]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-19 820856]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-29 652360]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
    S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120327.002\IDSXpx86.sys [2012-3-27 356280]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-29 20464]
    S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120327.025\naveng.sys [2012-3-27 86136]
    S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120327.025\navex15.sys [2012-3-27 1576312]
    .
    =============== Created Last 30 ================
    .
    2012-03-30 01:23:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 01:23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-29 23:10:18 -------- d-----w- c:\documents and settings\administrator\application data\Tific
    2012-03-29 23:10:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Symantec
    2012-03-29 04:26:43 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2012-03-29 02:03:42 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
    2012-03-29 02:03:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-03-28 22:20:44 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-03-28 22:20:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-28 22:13:11 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2012-03-28 22:12:43 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2012-03-28 22:05:49 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-03-28 03:22:19 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-03-28 02:29:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-27 01:20:43 -------- d-----w- c:\documents and settings\all users\CrypKey
    2012-03-27 00:37:59 -------- d-----w- C:\Log
    2012-03-27 00:37:35 27648 ----a-r- c:\windows\Setup_ck.exe
    2012-03-27 00:37:35 19584 ----a-w- c:\windows\system32\Ckldrv.sys
    2012-03-27 00:37:35 18432 ----a-w- c:\windows\Setup_ck.dll
    2012-03-27 00:37:35 165888 ----a-w- c:\windows\Ckconfig.exe
    2012-03-27 00:37:35 122880 ----a-w- c:\windows\system32\Crypserv.exe
    2012-03-27 00:37:35 11776 ----a-w- c:\windows\Ckrfresh.exe
    2012-03-27 00:37:22 178176 ----a-w- c:\windows\system32\StellarProfile.dll
    2012-03-27 00:37:22 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
    2012-03-27 00:37:20 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
    2012-03-26 14:31:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    .
    ==================== Find3M ====================
    .
    2012-02-27 00:02:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-27 00:02:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 21:57:51.35 ===============
  9. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/8/2011 4:01:35 PM
    System Uptime: 3/29/2012 9:41:52 PM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Amberine M
    Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 178 GiB total, 152.067 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 1.115 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4500_Help
    5 Card Slingo from HP Media Center (remove only)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.2)
    AiO_Scan
    AiO_Scan_CDA
    AiOSoftware
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AstroPop Deluxe from HP Media Center (remove only)
    ATI Control Panel
    ATI Display Driver
    Barnyard Invasion from HP Media Center (remove only)
    Bejeweled 2 Deluxe from HP Media Center (remove only)
    Blackhawk Striker 2 from HP Media Center (remove only)
    Blasterball 2 from HP Media Center (remove only)
    Blasterball 2 Remix from HP Media Center (remove only)
    Boggle Supreme from HP Media Center (remove only)
    Bonjour
    Bookworm Deluxe from HP Media Center (remove only)
    Bounce Symphony from HP Media Center (remove only)
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CameraDrivers
    Chuzzle Deluxe from HP Media Center (remove only)
    Compatibility Pack for the 2007 Office system
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_LightScribePlugin
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    Crystal Maze from HP Media Center (remove only)
    CueTour
    Customer Experience Enhancement
    CustomerResearchQFolder
    Data Fax SoftModem with SmartCP
    Destination Component
    DeviceDiscovery
    DISCover
    DocMgr
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    Easy Internet Sign-up
    eSupportQFolder
    Family Feud
    FATE from HP Media Center (remove only)
    Fax
    Fax_CDA
    GemMaster Mystic
    Google Toolbar for Internet Explorer
    GPBaseService
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Customer Participation Program 10.0
    HP Deskjet Printer Preload
    HP DigitalMedia Archive
    HP Document Manager 1.0
    HP Document Viewer 5.3
    HP Game Console and games
    HP Image Zone 5.3
    HP Image Zone for Media Center PC
    HP Imaging Device Functions 10.0
    HP Multimedia Keyboard Software
    HP Officejet J4500 Series
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 5.0
    HP Photosmart Essential 2.5
    HP PSC & OfficeJet 5.3.A
    HP PSC & OfficeJet 5.3.B
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    Insaniquarium Deluxe from HP Media Center (remove only)
    InstantShareAlert
    InstantShareDevices
    InterVideo WinDVD Player
    iTunes
    J2SE Runtime Environment 5.0 Update 5
    J4500
    Java Auto Updater
    Java(TM) 6 Update 31
    Lemonade Tycoon 2 from HP Media Center (remove only)
    Lexibox Deluxe from HP Media Center (remove only)
    LightScribe 1.4.52.1
    Mah Jong Quest from HP Media Center (remove only)
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Away Mode
    Microsoft Money 2005
    Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
    Microsoft Office File Validation Add-In
    Microsoft Office Standard Edition 2003
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.5
    muvee autoProducer unPlugged 1.2
    Netscape Browser (remove only)
    NewCopy
    NewCopy_CDA
    Norton Security Suite
    OCR Software by I.R.I.S. 10.0
    Otto
    PanoStandAlone
    PC-Doctor 5 for Windows
    PhotoGallery
    Polar Bowler from HP Media Center (remove only)
    Polar Golfer from HP Media Center (remove only)
    ProductContext
    PS2
    PSPrinters08
    PSSWCORE
    PSTAPlugin
    Puzzle Express from HP Media Center (remove only)
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    QuickTime
    RandMap
    Readme
    RealPlayer
    Remove IntelliMover Demo
    Ricochet Lost Worlds from HP Media Center (remove only)
    Scan
    ScannerCopy
    SCRABBLE from HP Media Center (remove only)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Shooting Stars Pool from HP Media Center (remove only)
    Shop for HP Supplies
    Shrek 2 Ogre Bowler from HP Media Center (remove only)
    SkinsHP1
    Slingo Deluxe from HP Media Center (remove only)
    SmartWebPrintingOC
    Snowboard SuperJam from HP Media Center (remove only)
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    Stellar Phoenix Windows Data Recovery
    Super Granny from HP Media Center (remove only)
    TeamViewer 7
    Toolbox
    Tradewinds from HP Media Center (remove only)
    TrayApp
    Unload
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Zuma Deluxe from HP Media Center (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/29/2012 9:54:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/28/2012 8:19:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    3/28/2012 8:17:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    3/28/2012 8:15:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    3/28/2012 6:13:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 eeCtrl Fips NetworkX SRTSPX SymIRON SYMTDI
    3/28/2012 6:12:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/27/2012 11:10:23 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    3/27/2012 11:09:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
    3/27/2012 11:09:30 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    3/27/2012 10:29:56 PM, error: Service Control Manager [7023] - The Atinevxx service terminated with the following error: The specified module could not be found.
    3/26/2012 11:55:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
    .
    ==== End Of File ===========================
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    edited......
  11. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  12. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    .. I'm done... Just a little uncertainty...

    I'm done with all the required processes from malware to dds.. I've read and responded to all steps.. I'm not sure if the pc is clear from all malware and viruses?



    Thank you so much, Broni!:):grinthumb
  13. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please read my previous reply.
  14. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    tdsskiller log

    22:12:12.0437 1752 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    22:12:12.0828 1752 ============================================================
    22:12:12.0828 1752 Current date / time: 2012/03/29 22:12:12.0828
    22:12:12.0828 1752 SystemInfo:
    22:12:12.0828 1752
    22:12:12.0828 1752 OS Version: 5.1.2600 ServicePack: 3.0
    22:12:12.0828 1752 Product type: Workstation
    22:12:12.0828 1752 ComputerName: JAII
    22:12:12.0828 1752 UserName: Administrator
    22:12:12.0828 1752 Windows directory: C:\WINDOWS
    22:12:12.0828 1752 System windows directory: C:\WINDOWS
    22:12:12.0828 1752 Processor architecture: Intel x86
    22:12:12.0828 1752 Number of processors: 1
    22:12:12.0828 1752 Page size: 0x1000
    22:12:12.0828 1752 Boot type: Safe boot with network
    22:12:12.0828 1752 ============================================================
    22:12:16.0718 1752 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:12:16.0781 1752 \Device\Harddisk0\DR0:
    22:12:16.0781 1752 MBR used
    22:12:16.0781 1752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
    22:12:16.0781 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1639862A
    22:12:16.0843 1752 Initialize success
    22:12:16.0843 1752 ============================================================
    22:12:23.0546 0332 ============================================================
    22:12:23.0546 0332 Scan started
    22:12:23.0546 0332 Mode: Manual;
    22:12:23.0546 0332 ============================================================
    22:12:25.0812 0332 Abiosdsk - ok
    22:12:25.0890 0332 abp480n5 - ok
    22:12:25.0937 0332 acedrv05 - ok
    22:12:26.0046 0332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:12:26.0046 0332 ACPI - ok
    22:12:26.0109 0332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:12:26.0109 0332 ACPIEC - ok
    22:12:26.0156 0332 adpu160m - ok
    22:12:26.0265 0332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    22:12:26.0265 0332 aec - ok
    22:12:26.0375 0332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    22:12:26.0375 0332 AFD - ok
    22:12:26.0406 0332 Aha154x - ok
    22:12:26.0437 0332 aic78u2 - ok
    22:12:26.0484 0332 aic78xx - ok
    22:12:26.0656 0332 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    22:12:26.0859 0332 ALCXWDM - ok
    22:12:26.0937 0332 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    22:12:26.0937 0332 Alerter - ok
    22:12:27.0000 0332 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    22:12:27.0000 0332 ALG - ok
    22:12:27.0046 0332 AliIde - ok
    22:12:27.0109 0332 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    22:12:27.0109 0332 AmdK8 - ok
    22:12:27.0156 0332 amsint - ok
    22:12:27.0312 0332 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:12:27.0312 0332 Apple Mobile Device - ok
    22:12:27.0375 0332 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    22:12:27.0390 0332 AppMgmt - ok
    22:12:27.0484 0332 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
    22:12:27.0484 0332 aracpi - ok
    22:12:27.0546 0332 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
    22:12:27.0546 0332 arhidfltr - ok
    22:12:27.0609 0332 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
    22:12:27.0609 0332 arkbcfltr - ok
    22:12:27.0671 0332 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
    22:12:27.0671 0332 armoucfltr - ok
    22:12:27.0750 0332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    22:12:27.0750 0332 Arp1394 - ok
    22:12:27.0781 0332 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
    22:12:27.0781 0332 ARPolicy - ok
    22:12:27.0859 0332 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
    22:12:27.0859 0332 ARSVC - ok
    22:12:28.0000 0332 asc - ok
    22:12:28.0062 0332 asc3350p - ok
    22:12:28.0125 0332 asc3550 - ok
    22:12:28.0281 0332 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    22:12:28.0281 0332 aspnet_state - ok
    22:12:28.0390 0332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:12:28.0390 0332 AsyncMac - ok
    22:12:28.0468 0332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:12:28.0468 0332 atapi - ok
    22:12:28.0515 0332 Atdisk - ok
    22:12:28.0625 0332 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
    22:12:28.0640 0332 Ati HotKey Poller - ok
    22:12:28.0750 0332 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    22:12:28.0796 0332 ati2mtag - ok
    22:12:28.0859 0332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:12:28.0859 0332 Atmarpc - ok
    22:12:28.0937 0332 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    22:12:28.0937 0332 AudioSrv - ok
    22:12:29.0015 0332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:12:29.0015 0332 audstub - ok
    22:12:29.0078 0332 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
    22:12:29.0078 0332 bb-run - ok
    22:12:29.0171 0332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:12:29.0171 0332 Beep - ok
    22:12:29.0546 0332 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
    22:12:29.0578 0332 BHDrvx86 - ok
    22:12:29.0765 0332 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    22:12:29.0765 0332 BITS - ok
    22:12:29.0953 0332 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    22:12:29.0953 0332 Bonjour Service - ok
    22:12:30.0031 0332 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    22:12:30.0031 0332 Browser - ok
    22:12:30.0140 0332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:12:30.0140 0332 cbidf2k - ok
    22:12:30.0218 0332 cd20xrnt - ok
    22:12:30.0312 0332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:12:30.0312 0332 Cdaudio - ok
    22:12:30.0390 0332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:12:30.0390 0332 Cdfs - ok
    22:12:30.0468 0332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:12:30.0468 0332 Cdrom - ok
    22:12:30.0500 0332 Changer - ok
    22:12:30.0562 0332 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    22:12:30.0562 0332 CiSvc - ok
    22:12:30.0609 0332 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    22:12:30.0609 0332 ClipSrv - ok
    22:12:30.0687 0332 CmdIde - ok
    22:12:30.0718 0332 COMSysApp - ok
    22:12:30.0781 0332 Cpqarray - ok
    22:12:30.0812 0332 Crypkey License - ok
    22:12:30.0875 0332 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    22:12:30.0875 0332 CryptSvc - ok
    22:12:30.0906 0332 dac2w2k - ok
    22:12:30.0968 0332 dac960nt - ok
    22:12:31.0046 0332 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    22:12:31.0046 0332 DcomLaunch - ok
    22:12:31.0140 0332 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    22:12:31.0140 0332 Dhcp - ok
    22:12:31.0234 0332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:12:31.0234 0332 Disk - ok
    22:12:31.0343 0332 dmadmin - ok
    22:12:31.0421 0332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    22:12:31.0437 0332 dmboot - ok
    22:12:31.0578 0332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    22:12:31.0593 0332 dmio - ok
    22:12:31.0640 0332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:12:31.0640 0332 dmload - ok
    22:12:31.0718 0332 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    22:12:31.0718 0332 dmserver - ok
    22:12:31.0828 0332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    22:12:31.0828 0332 DMusic - ok
    22:12:31.0906 0332 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    22:12:31.0906 0332 Dnscache - ok
    22:12:32.0062 0332 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    22:12:32.0078 0332 Dot3svc - ok
    22:12:32.0125 0332 dpti2o - ok
    22:12:32.0203 0332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:12:32.0203 0332 drmkaud - ok
    22:12:32.0265 0332 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    22:12:32.0265 0332 EapHost - ok
    22:12:32.0562 0332 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:12:32.0562 0332 eeCtrl - ok
    22:12:32.0750 0332 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
    22:12:32.0750 0332 ehRecvr - ok
    22:12:32.0796 0332 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    22:12:32.0796 0332 ehSched - ok
    22:12:33.0000 0332 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:12:33.0000 0332 EraserUtilRebootDrv - ok
    22:12:33.0250 0332 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    22:12:33.0250 0332 ERSvc - ok
    22:12:33.0359 0332 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    22:12:33.0359 0332 Eventlog - ok
    22:12:33.0421 0332 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    22:12:33.0421 0332 EventSystem - ok
    22:12:33.0546 0332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:12:33.0546 0332 Fastfat - ok
    22:12:33.0640 0332 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    22:12:33.0656 0332 FastUserSwitchingCompatibility - ok
    22:12:33.0734 0332 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    22:12:33.0734 0332 Fax - ok
    22:12:33.0859 0332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    22:12:33.0859 0332 Fdc - ok
    22:12:33.0906 0332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    22:12:33.0906 0332 Fips - ok
    22:12:33.0968 0332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:12:33.0968 0332 Flpydisk - ok
    22:12:34.0015 0332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    22:12:34.0015 0332 FltMgr - ok
    22:12:34.0078 0332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:12:34.0078 0332 Fs_Rec - ok
    22:12:34.0109 0332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:12:34.0125 0332 Ftdisk - ok
    22:12:34.0156 0332 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
    22:12:34.0156 0332 ftsata2 - ok
    22:12:34.0234 0332 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    22:12:34.0234 0332 GEARAspiWDM - ok
    22:12:34.0312 0332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:12:34.0312 0332 Gpc - ok
    22:12:34.0437 0332 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:12:34.0437 0332 helpsvc - ok
    22:12:34.0515 0332 HidServ - ok
    22:12:34.0625 0332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:12:34.0625 0332 HidUsb - ok
    22:12:34.0718 0332 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    22:12:34.0734 0332 hkmsvc - ok
    22:12:34.0796 0332 hpn - ok
    22:12:34.0984 0332 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    22:12:34.0984 0332 hpqcxs08 - ok
    22:12:35.0046 0332 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    22:12:35.0046 0332 hpqddsvc - ok
    22:12:35.0250 0332 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    22:12:35.0250 0332 HPZid412 - ok
    22:12:35.0296 0332 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    22:12:35.0296 0332 HPZipr12 - ok
    22:12:35.0390 0332 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    22:12:35.0390 0332 HPZius12 - ok
    22:12:35.0515 0332 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    22:12:35.0515 0332 HSFHWBS2 - ok
    22:12:35.0625 0332 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    22:12:35.0656 0332 HSF_DP - ok
    22:12:35.0781 0332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:12:35.0796 0332 HTTP - ok
    22:12:35.0875 0332 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    22:12:35.0875 0332 HTTPFilter - ok
    22:12:35.0953 0332 i2omgmt - ok
    22:12:36.0000 0332 i2omp - ok
    22:12:36.0078 0332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:12:36.0078 0332 i8042prt - ok
    22:12:36.0187 0332 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    22:12:36.0187 0332 iaStor - ok
    22:12:36.0359 0332 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:12:36.0375 0332 IDriverT - ok
    22:12:36.0718 0332 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSxpx86.sys
    22:12:36.0734 0332 IDSxpx86 - ok
    22:12:37.0000 0332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:12:37.0000 0332 Imapi - ok
    22:12:37.0093 0332 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    22:12:37.0093 0332 ImapiService - ok
    22:12:37.0250 0332 ini910u - ok
    22:12:37.0375 0332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:12:37.0375 0332 IntelIde - ok
    22:12:37.0437 0332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:12:37.0453 0332 intelppm - ok
    22:12:37.0515 0332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    22:12:37.0515 0332 Ip6Fw - ok
    22:12:37.0562 0332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:12:37.0562 0332 IpFilterDriver - ok
    22:12:37.0625 0332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:12:37.0625 0332 IpInIp - ok
    22:12:37.0687 0332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:12:37.0687 0332 IpNat - ok
    22:12:37.0812 0332 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
    22:12:37.0843 0332 iPod Service - ok
    22:12:38.0062 0332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:12:38.0062 0332 IPSec - ok
    22:12:38.0125 0332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:12:38.0125 0332 IRENUM - ok
    22:12:38.0218 0332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:12:38.0218 0332 isapnp - ok
    22:12:38.0406 0332 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    22:12:38.0406 0332 JavaQuickStarterService - ok
    22:12:38.0453 0332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:12:38.0453 0332 Kbdclass - ok
    22:12:38.0500 0332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    22:12:38.0515 0332 kmixer - ok
    22:12:38.0593 0332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:12:38.0593 0332 KSecDD - ok
    22:12:38.0671 0332 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    22:12:38.0671 0332 lanmanserver - ok
    22:12:38.0750 0332 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    22:12:38.0765 0332 lanmanworkstation - ok
    22:12:38.0843 0332 lbrtfdc - ok
    22:12:39.0078 0332 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    22:12:39.0078 0332 LightScribeService - ok
    22:12:39.0265 0332 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    22:12:39.0265 0332 LmHosts - ok
    22:12:39.0390 0332 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    22:12:39.0390 0332 MBAMProtector - ok
    22:12:39.0515 0332 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    22:12:39.0531 0332 MBAMService - ok
    22:12:39.0687 0332 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    22:12:39.0687 0332 McrdSvc - ok
    22:12:39.0875 0332 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    22:12:39.0875 0332 MDM - ok
    22:12:40.0062 0332 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    22:12:40.0062 0332 mdmxsdk - ok
    22:12:40.0156 0332 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    22:12:40.0156 0332 Messenger - ok
    22:12:40.0234 0332 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    22:12:40.0234 0332 MHN - ok
    22:12:40.0343 0332 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    22:12:40.0343 0332 MHNDRV - ok
    22:12:40.0390 0332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:12:40.0406 0332 mnmdd - ok
    22:12:40.0515 0332 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    22:12:40.0515 0332 mnmsrvc - ok
    22:12:40.0593 0332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    22:12:40.0593 0332 Modem - ok
    22:12:40.0671 0332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:12:40.0671 0332 Mouclass - ok
    22:12:40.0718 0332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:12:40.0718 0332 MountMgr - ok
    22:12:40.0765 0332 mraid35x - ok
    22:12:40.0796 0332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:12:40.0812 0332 MRxDAV - ok
    22:12:40.0859 0332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:12:40.0875 0332 MRxSmb - ok
    22:12:40.0921 0332 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    22:12:40.0921 0332 MSDTC - ok
    22:12:41.0062 0332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    22:12:41.0062 0332 Msfs - ok
    22:12:41.0109 0332 MSIServer - ok
    22:12:41.0281 0332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:12:41.0281 0332 MSKSSRV - ok
    22:12:41.0375 0332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:12:41.0375 0332 MSPCLOCK - ok
    22:12:41.0406 0332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:12:41.0406 0332 MSPQM - ok
    22:12:41.0468 0332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:12:41.0468 0332 mssmbios - ok
    22:12:41.0562 0332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    22:12:41.0562 0332 Mup - ok
    22:12:41.0718 0332 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    22:12:41.0734 0332 N360 - ok
    22:12:41.0921 0332 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    22:12:41.0921 0332 napagent - ok
    22:12:42.0234 0332 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVENG.SYS
    22:12:42.0234 0332 NAVENG - ok
    22:12:42.0312 0332 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVEX15.SYS
    22:12:42.0375 0332 NAVEX15 - ok
    22:12:42.0640 0332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    22:12:42.0640 0332 NDIS - ok
    22:12:42.0750 0332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:12:42.0750 0332 NdisTapi - ok
    22:12:42.0859 0332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:12:42.0859 0332 Ndisuio - ok
    22:12:42.0906 0332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:12:42.0906 0332 NdisWan - ok
    22:12:42.0984 0332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:12:42.0984 0332 NDProxy - ok
    22:12:43.0062 0332 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
    22:12:43.0062 0332 Net Driver HPZ12 - ok
    22:12:43.0140 0332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:12:43.0140 0332 NetBIOS - ok
    22:12:43.0187 0332 NetBT (ea29cc8b9469b1a3921a796a608dbd03) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:12:43.0187 0332 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: ea29cc8b9469b1a3921a796a608dbd03, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
    22:12:43.0187 0332 NetBT ( Virus.Win32.ZAccess.k ) - infected
    22:12:43.0187 0332 NetBT - detected Virus.Win32.ZAccess.k (0)
    22:12:43.0250 0332 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    22:12:43.0250 0332 NetDDE - ok
    22:12:43.0281 0332 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    22:12:43.0281 0332 NetDDEdsdm - ok
    22:12:43.0375 0332 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    22:12:43.0375 0332 Netlogon - ok
    22:12:43.0453 0332 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    22:12:43.0453 0332 Netman - ok
    22:12:43.0515 0332 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
    22:12:43.0515 0332 NetworkX - ok
    22:12:43.0625 0332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    22:12:43.0625 0332 NIC1394 - ok
    22:12:43.0765 0332 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    22:12:43.0781 0332 Nla - ok
    22:12:43.0906 0332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    22:12:43.0906 0332 Npfs - ok
    22:12:43.0984 0332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:12:44.0000 0332 Ntfs - ok
    22:12:44.0078 0332 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    22:12:44.0078 0332 NtLmSsp - ok
    22:12:44.0156 0332 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    22:12:44.0171 0332 NtmsSvc - ok
    22:12:44.0265 0332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:12:44.0265 0332 Null - ok
    22:12:44.0312 0332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:12:44.0312 0332 NwlnkFlt - ok
    22:12:44.0359 0332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:12:44.0359 0332 NwlnkFwd - ok
    22:12:44.0437 0332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    22:12:44.0453 0332 ohci1394 - ok
    22:12:44.0765 0332 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:12:44.0765 0332 ose - ok
    22:12:45.0000 0332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:12:45.0031 0332 Parport - ok
    22:12:45.0093 0332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:12:45.0109 0332 PartMgr - ok
    22:12:45.0218 0332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:12:45.0218 0332 ParVdm - ok
    22:12:45.0312 0332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:12:45.0312 0332 PCI - ok
    22:12:45.0359 0332 PCIDump - ok
    22:12:45.0406 0332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:12:45.0421 0332 PCIIde - ok
    22:12:45.0468 0332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:12:45.0468 0332 Pcmcia - ok
    22:12:45.0671 0332 PDCOMP - ok
    22:12:45.0718 0332 PDFRAME - ok
    22:12:45.0765 0332 PDRELI - ok
    22:12:45.0796 0332 PDRFRAME - ok
    22:12:45.0843 0332 perc2 - ok
    22:12:45.0875 0332 perc2hib - ok
    22:12:46.0015 0332 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    22:12:46.0031 0332 PlugPlay - ok
    22:12:46.0109 0332 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
    22:12:46.0109 0332 Pml Driver HPZ12 - ok
    22:12:46.0187 0332 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    22:12:46.0187 0332 PolicyAgent - ok
    22:12:46.0296 0332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:12:46.0328 0332 PptpMiniport - ok
    22:12:46.0390 0332 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    22:12:46.0390 0332 Processor - ok
    22:12:46.0468 0332 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    22:12:46.0468 0332 ProtectedStorage - ok
    22:12:46.0625 0332 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
    22:12:46.0640 0332 Ps2 - ok
    22:12:46.0734 0332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:12:46.0734 0332 PSched - ok
    22:12:46.0781 0332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:12:46.0781 0332 Ptilink - ok
    22:12:46.0843 0332 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:12:46.0843 0332 PxHelp20 - ok
    22:12:46.0890 0332 ql1080 - ok
    22:12:46.0937 0332 Ql10wnt - ok
    22:12:46.0968 0332 ql12160 - ok
    22:12:47.0015 0332 ql1240 - ok
    22:12:47.0046 0332 ql1280 - ok
    22:12:47.0109 0332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:12:47.0109 0332 RasAcd - ok
    22:12:47.0156 0332 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    22:12:47.0156 0332 RasAuto - ok
    22:12:47.0234 0332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:12:47.0234 0332 Rasl2tp - ok
    22:12:47.0312 0332 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    22:12:47.0328 0332 RasMan - ok
    22:12:47.0437 0332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:12:47.0437 0332 RasPppoe - ok
    22:12:47.0484 0332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:12:47.0484 0332 Raspti - ok
    22:12:47.0546 0332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:12:47.0562 0332 Rdbss - ok
    22:12:47.0593 0332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:12:47.0593 0332 RDPCDD - ok
    22:12:47.0671 0332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:12:47.0687 0332 rdpdr - ok
    22:12:47.0765 0332 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:12:47.0765 0332 RDPWD - ok
    22:12:47.0828 0332 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    22:12:47.0828 0332 RDSessMgr - ok
    22:12:47.0906 0332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:12:47.0906 0332 redbook - ok
    22:12:48.0000 0332 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    22:12:48.0015 0332 RemoteAccess - ok
    22:12:48.0078 0332 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    22:12:48.0078 0332 RemoteRegistry - ok
    22:12:48.0156 0332 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    22:12:48.0156 0332 RpcLocator - ok
    22:12:48.0250 0332 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    22:12:48.0250 0332 RpcSs - ok
    22:12:48.0328 0332 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    22:12:48.0328 0332 RSVP - ok
    22:12:48.0437 0332 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    22:12:48.0437 0332 RTL8023xp - ok
    22:12:48.0515 0332 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    22:12:48.0515 0332 rtl8139 - ok
    22:12:48.0562 0332 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    22:12:48.0562 0332 SamSs - ok
    22:12:48.0640 0332 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    22:12:48.0640 0332 SCardSvr - ok
    22:12:48.0687 0332 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    22:12:48.0718 0332 Schedule - ok
    22:12:48.0828 0332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:12:48.0828 0332 Secdrv - ok
    22:12:48.0890 0332 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    22:12:48.0890 0332 seclogon - ok
    22:12:48.0921 0332 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    22:12:48.0937 0332 SENS - ok
    22:12:49.0062 0332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    22:12:49.0062 0332 Serial - ok
    22:12:49.0109 0332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:12:49.0109 0332 Sfloppy - ok
    22:12:49.0203 0332 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    22:12:49.0218 0332 SharedAccess - ok
    22:12:49.0296 0332 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    22:12:49.0296 0332 ShellHWDetection - ok
    22:12:49.0359 0332 Simbad - ok
    22:12:49.0406 0332 Sparrow - ok
    22:12:49.0468 0332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    22:12:49.0468 0332 splitter - ok
    22:12:49.0593 0332 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    22:12:49.0593 0332 Spooler - ok
    22:12:49.0718 0332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:12:49.0718 0332 sr - ok
    22:12:49.0796 0332 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    22:12:49.0796 0332 srservice - ok
    22:12:49.0906 0332 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    22:12:49.0937 0332 SRTSP - ok
    22:12:50.0000 0332 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    22:12:50.0000 0332 SRTSPX - ok
    22:12:50.0093 0332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:12:50.0093 0332 Srv - ok
    22:12:50.0171 0332 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    22:12:50.0171 0332 SSDPSRV - ok
    22:12:50.0250 0332 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    22:12:50.0250 0332 stisvc - ok
    22:12:50.0343 0332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:12:50.0343 0332 swenum - ok
    22:12:50.0390 0332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    22:12:50.0390 0332 swmidi - ok
    22:12:50.0437 0332 SwPrv - ok
    22:12:50.0500 0332 symc810 - ok
    22:12:50.0531 0332 symc8xx - ok
    22:12:50.0625 0332 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
    22:12:50.0625 0332 SymDS - ok
    22:12:50.0703 0332 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    22:12:50.0718 0332 SymEFA - ok
    22:12:50.0812 0332 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    22:12:50.0843 0332 SymEvent - ok
    22:12:50.0968 0332 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
    22:12:50.0968 0332 SymIRON - ok
    22:12:51.0062 0332 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
    22:12:51.0078 0332 SYMTDI - ok
    22:12:51.0109 0332 sym_hi - ok
    22:12:51.0140 0332 sym_u3 - ok
    22:12:51.0218 0332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:12:51.0218 0332 sysaudio - ok
    22:12:51.0281 0332 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    22:12:51.0296 0332 SysmonLog - ok
    22:12:51.0359 0332 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    22:12:51.0359 0332 TapiSrv - ok
    22:12:51.0453 0332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:12:51.0453 0332 Tcpip - ok
    22:12:51.0515 0332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:12:51.0515 0332 TDPIPE - ok
    22:12:51.0578 0332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:12:51.0578 0332 TDTCP - ok
    22:12:51.0640 0332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:12:51.0640 0332 TermDD - ok
    22:12:51.0718 0332 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    22:12:51.0734 0332 TermService - ok
    22:12:51.0843 0332 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    22:12:51.0843 0332 Themes - ok
    22:12:51.0937 0332 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    22:12:51.0937 0332 TlntSvr - ok
    22:12:51.0984 0332 TosIde - ok
    22:12:52.0078 0332 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    22:12:52.0078 0332 TrkWks - ok
    22:12:52.0156 0332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    22:12:52.0156 0332 Udfs - ok
    22:12:52.0187 0332 ujpcjh - ok
    22:12:52.0218 0332 ultra - ok
    22:12:52.0281 0332 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
    22:12:52.0281 0332 UMWdf - ok
    22:12:52.0343 0332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    22:12:52.0359 0332 Update - ok
    22:12:52.0734 0332 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    22:12:52.0750 0332 upnphost - ok
    22:12:52.0843 0332 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    22:12:52.0843 0332 UPS - ok
    22:12:53.0140 0332 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    22:12:53.0140 0332 usbaudio - ok
    22:12:53.0234 0332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:12:53.0234 0332 usbccgp - ok
    22:12:53.0328 0332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:12:53.0328 0332 usbehci - ok
    22:12:53.0359 0332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:12:53.0359 0332 usbhub - ok
    22:12:53.0375 0332 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    22:12:53.0390 0332 usbohci - ok
    22:12:53.0453 0332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:12:53.0453 0332 usbprint - ok
    22:12:53.0500 0332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:12:53.0500 0332 usbscan - ok
    22:12:53.0578 0332 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:12:53.0578 0332 usbstor - ok
    22:12:53.0656 0332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:12:53.0656 0332 usbuhci - ok
    22:12:53.0718 0332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    22:12:53.0718 0332 VgaSave - ok
    22:12:53.0750 0332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:12:53.0765 0332 ViaIde - ok
    22:12:53.0812 0332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:12:53.0812 0332 VolSnap - ok
    22:12:53.0906 0332 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    22:12:53.0906 0332 VSS - ok
    22:12:53.0968 0332 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    22:12:53.0968 0332 W32Time - ok
    22:12:54.0093 0332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:12:54.0093 0332 Wanarp - ok
    22:12:54.0125 0332 WDICA - ok
    22:12:54.0187 0332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:12:54.0203 0332 wdmaud - ok
    22:12:54.0250 0332 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    22:12:54.0250 0332 WebClient - ok
    22:12:54.0343 0332 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    22:12:54.0359 0332 winachsf - ok
    22:12:54.0640 0332 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:12:54.0640 0332 winmgmt - ok
    22:12:54.0734 0332 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
    22:12:54.0734 0332 WmdmPmSN - ok
    22:12:54.0828 0332 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    22:12:54.0843 0332 Wmi - ok
    22:12:54.0968 0332 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:12:54.0968 0332 WmiApSrv - ok
    22:12:55.0031 0332 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    22:12:55.0031 0332 wuauserv - ok
    22:12:55.0125 0332 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    22:12:55.0140 0332 WZCSVC - ok
    22:12:55.0187 0332 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    22:12:55.0187 0332 xmlprov - ok
    22:12:55.0281 0332 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
    22:12:55.0328 0332 \Device\Harddisk0\DR0 - ok
    22:12:55.0359 0332 Boot (0x1200) (d06af46b36c165e23698ab088ea76500) \Device\Harddisk0\DR0\Partition0
    22:12:55.0359 0332 \Device\Harddisk0\DR0\Partition0 - ok
    22:12:55.0390 0332 Boot (0x1200) (2aa93d102a4fda4da17780d18899bfa1) \Device\Harddisk0\DR0\Partition1
    22:12:55.0390 0332 \Device\Harddisk0\DR0\Partition1 - ok
    22:12:55.0406 0332 ============================================================
    22:12:55.0406 0332 Scan finished
    22:12:55.0406 0332 ============================================================
    22:12:55.0453 0832 Detected object count: 1
    22:12:55.0453 0832 Actual detected object count: 1
    22:13:20.0265 0832 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
    22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\@ - copied to quarantine
    22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\cfg.ini - copied to quarantine
    22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\Desktop.ini - copied to quarantine
    22:13:20.0312 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\L\aqaeidou - copied to quarantine
    22:13:20.0312 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\oemid - copied to quarantine
    22:13:20.0328 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000001.@ - copied to quarantine
    22:13:20.0390 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000002.@ - copied to quarantine
    22:13:20.0406 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000004.@ - copied to quarantine
    22:13:20.0437 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000000.@ - copied to quarantine
    22:13:20.0437 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000004.@ - copied to quarantine
    22:13:20.0453 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000032.@ - copied to quarantine
    22:13:20.0468 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\version - copied to quarantine
    22:13:21.0828 0832 Backup copy found, using it..
    22:13:21.0843 0832 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
    22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3179965643 - will be deleted on reboot
    22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\@ - will be deleted on reboot
    22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\cfg.ini - will be deleted on reboot
    22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\Desktop.ini - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\oemid - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000001.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000002.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000004.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000000.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000004.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000032.@ - will be deleted on reboot
    22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\version - will be deleted on reboot
    22:13:23.0937 0832 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
    22:13:54.0296 1200 Deinitialize success
  15. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Re-run TDSSKiller one more time.
  16. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Is there another step I should take?
  17. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Read my previous reply.
  18. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Re-run TDSSKiller

    0 threats were found.. All Clear:grinthumb


    23:07:52.0156 1960 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    23:07:52.0437 1960 ============================================================
    23:07:52.0437 1960 Current date / time: 2012/03/29 23:07:52.0437
    23:07:52.0437 1960 SystemInfo:
    23:07:52.0437 1960
    23:07:52.0437 1960 OS Version: 5.1.2600 ServicePack: 3.0
    23:07:52.0437 1960 Product type: Workstation
    23:07:52.0437 1960 ComputerName: JAII
    23:07:52.0437 1960 UserName: Administrator
    23:07:52.0437 1960 Windows directory: C:\WINDOWS
    23:07:52.0437 1960 System windows directory: C:\WINDOWS
    23:07:52.0437 1960 Processor architecture: Intel x86
    23:07:52.0437 1960 Number of processors: 1
    23:07:52.0437 1960 Page size: 0x1000
    23:07:52.0437 1960 Boot type: Safe boot with network
    23:07:52.0437 1960 ============================================================
    23:07:52.0937 1960 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:07:53.0000 1960 \Device\Harddisk0\DR0:
    23:07:53.0000 1960 MBR used
    23:07:53.0000 1960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
    23:07:53.0000 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1639862A
    23:07:53.0015 1960 Initialize success
    23:07:53.0015 1960 ============================================================
    23:07:54.0250 0248 ============================================================
    23:07:54.0250 0248 Scan started
    23:07:54.0250 0248 Mode: Manual;
    23:07:54.0250 0248 ============================================================
    23:07:54.0812 0248 Abiosdsk - ok
    23:07:54.0843 0248 abp480n5 - ok
    23:07:54.0875 0248 acedrv05 - ok
    23:07:54.0953 0248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:07:54.0953 0248 ACPI - ok
    23:07:55.0031 0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:07:55.0031 0248 ACPIEC - ok
    23:07:55.0218 0248 adpu160m - ok
    23:07:55.0343 0248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:07:55.0343 0248 aec - ok
    23:07:55.0406 0248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    23:07:55.0406 0248 AFD - ok
    23:07:55.0437 0248 Aha154x - ok
    23:07:55.0500 0248 aic78u2 - ok
    23:07:55.0546 0248 aic78xx - ok
    23:07:55.0734 0248 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    23:07:55.0750 0248 ALCXWDM - ok
    23:07:55.0796 0248 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    23:07:55.0796 0248 Alerter - ok
    23:07:55.0843 0248 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    23:07:55.0843 0248 ALG - ok
    23:07:55.0890 0248 AliIde - ok
    23:07:55.0953 0248 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    23:07:55.0953 0248 AmdK8 - ok
    23:07:56.0000 0248 amsint - ok
    23:07:56.0109 0248 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:07:56.0109 0248 Apple Mobile Device - ok
    23:07:56.0281 0248 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    23:07:56.0281 0248 AppMgmt - ok
    23:07:56.0421 0248 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
    23:07:56.0421 0248 aracpi - ok
    23:07:56.0484 0248 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
    23:07:56.0484 0248 arhidfltr - ok
    23:07:56.0578 0248 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
    23:07:56.0578 0248 arkbcfltr - ok
    23:07:56.0593 0248 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
    23:07:56.0593 0248 armoucfltr - ok
    23:07:56.0687 0248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:07:56.0687 0248 Arp1394 - ok
    23:07:56.0734 0248 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
    23:07:56.0734 0248 ARPolicy - ok
    23:07:56.0781 0248 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
    23:07:56.0781 0248 ARSVC - ok
    23:07:56.0843 0248 asc - ok
    23:07:56.0875 0248 asc3350p - ok
    23:07:56.0906 0248 asc3550 - ok
    23:07:57.0078 0248 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    23:07:57.0078 0248 aspnet_state - ok
    23:07:57.0140 0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:07:57.0140 0248 AsyncMac - ok
    23:07:57.0187 0248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:07:57.0187 0248 atapi - ok
    23:07:57.0234 0248 Atdisk - ok
    23:07:57.0312 0248 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
    23:07:57.0312 0248 Ati HotKey Poller - ok
    23:07:57.0421 0248 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:07:57.0421 0248 ati2mtag - ok
    23:07:57.0515 0248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:07:57.0515 0248 Atmarpc - ok
    23:07:57.0578 0248 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    23:07:57.0578 0248 AudioSrv - ok
    23:07:57.0687 0248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:07:57.0687 0248 audstub - ok
    23:07:57.0765 0248 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
    23:07:57.0765 0248 bb-run - ok
    23:07:57.0859 0248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:07:57.0859 0248 Beep - ok
    23:07:58.0218 0248 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
    23:07:58.0218 0248 BHDrvx86 - ok
    23:07:58.0421 0248 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    23:07:58.0421 0248 BITS - ok
    23:07:58.0578 0248 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    23:07:58.0593 0248 Bonjour Service - ok
    23:07:58.0781 0248 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    23:07:58.0781 0248 Browser - ok
    23:07:58.0890 0248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:07:58.0890 0248 cbidf2k - ok
    23:07:58.0953 0248 cd20xrnt - ok
    23:07:59.0031 0248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:07:59.0031 0248 Cdaudio - ok
    23:07:59.0125 0248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:07:59.0125 0248 Cdfs - ok
    23:07:59.0171 0248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:07:59.0171 0248 Cdrom - ok
    23:07:59.0203 0248 Changer - ok
    23:07:59.0281 0248 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    23:07:59.0281 0248 CiSvc - ok
    23:07:59.0328 0248 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    23:07:59.0328 0248 ClipSrv - ok
    23:07:59.0359 0248 CmdIde - ok
    23:07:59.0406 0248 COMSysApp - ok
    23:07:59.0468 0248 Cpqarray - ok
    23:07:59.0484 0248 Crypkey License - ok
    23:07:59.0546 0248 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    23:07:59.0546 0248 CryptSvc - ok
    23:07:59.0578 0248 dac2w2k - ok
    23:07:59.0609 0248 dac960nt - ok
    23:07:59.0718 0248 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    23:07:59.0718 0248 DcomLaunch - ok
    23:07:59.0796 0248 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    23:07:59.0796 0248 Dhcp - ok
    23:07:59.0843 0248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:07:59.0843 0248 Disk - ok
    23:07:59.0890 0248 dmadmin - ok
    23:07:59.0968 0248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:07:59.0968 0248 dmboot - ok
    23:08:00.0000 0248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:08:00.0015 0248 dmio - ok
    23:08:00.0062 0248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:08:00.0062 0248 dmload - ok
    23:08:00.0140 0248 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    23:08:00.0140 0248 dmserver - ok
    23:08:00.0203 0248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:08:00.0203 0248 DMusic - ok
    23:08:00.0296 0248 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    23:08:00.0296 0248 Dnscache - ok
    23:08:00.0359 0248 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    23:08:00.0359 0248 Dot3svc - ok
    23:08:00.0406 0248 dpti2o - ok
    23:08:00.0500 0248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:08:00.0500 0248 drmkaud - ok
    23:08:00.0546 0248 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    23:08:00.0546 0248 EapHost - ok
    23:08:00.0734 0248 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    23:08:00.0750 0248 eeCtrl - ok
    23:08:00.0937 0248 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
    23:08:00.0937 0248 ehRecvr - ok
    23:08:00.0968 0248 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    23:08:00.0968 0248 ehSched - ok
    23:08:01.0156 0248 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    23:08:01.0156 0248 EraserUtilRebootDrv - ok
    23:08:01.0281 0248 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    23:08:01.0281 0248 ERSvc - ok
    23:08:01.0343 0248 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    23:08:01.0343 0248 Eventlog - ok
    23:08:01.0390 0248 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    23:08:01.0390 0248 EventSystem - ok
    23:08:01.0515 0248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:08:01.0515 0248 Fastfat - ok
    23:08:01.0609 0248 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:08:01.0609 0248 FastUserSwitchingCompatibility - ok
    23:08:01.0703 0248 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    23:08:01.0703 0248 Fax - ok
    23:08:01.0875 0248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    23:08:01.0890 0248 Fdc - ok
    23:08:01.0937 0248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:08:01.0937 0248 Fips - ok
    23:08:02.0000 0248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    23:08:02.0000 0248 Flpydisk - ok
    23:08:02.0046 0248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:08:02.0046 0248 FltMgr - ok
    23:08:02.0093 0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:08:02.0093 0248 Fs_Rec - ok
    23:08:02.0125 0248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:08:02.0125 0248 Ftdisk - ok
    23:08:02.0187 0248 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
    23:08:02.0187 0248 ftsata2 - ok
    23:08:02.0250 0248 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:08:02.0250 0248 GEARAspiWDM - ok
    23:08:02.0328 0248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:08:02.0328 0248 Gpc - ok
    23:08:02.0437 0248 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    23:08:02.0437 0248 helpsvc - ok
    23:08:02.0531 0248 HidServ - ok
    23:08:02.0640 0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:08:02.0640 0248 HidUsb - ok
    23:08:02.0687 0248 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    23:08:02.0687 0248 hkmsvc - ok
    23:08:02.0750 0248 hpn - ok
    23:08:02.0953 0248 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    23:08:02.0953 0248 hpqcxs08 - ok
    23:08:03.0000 0248 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    23:08:03.0000 0248 hpqddsvc - ok
    23:08:03.0234 0248 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    23:08:03.0234 0248 HPZid412 - ok
    23:08:03.0281 0248 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    23:08:03.0281 0248 HPZipr12 - ok
    23:08:03.0343 0248 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    23:08:03.0343 0248 HPZius12 - ok
    23:08:03.0437 0248 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    23:08:03.0437 0248 HSFHWBS2 - ok
    23:08:03.0500 0248 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    23:08:03.0515 0248 HSF_DP - ok
    23:08:03.0593 0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:08:03.0593 0248 HTTP - ok
    23:08:03.0687 0248 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    23:08:03.0687 0248 HTTPFilter - ok
    23:08:03.0765 0248 i2omgmt - ok
    23:08:03.0796 0248 i2omp - ok
    23:08:03.0875 0248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:08:03.0875 0248 i8042prt - ok
    23:08:03.0968 0248 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    23:08:03.0984 0248 iaStor - ok
    23:08:04.0140 0248 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    23:08:04.0140 0248 IDriverT - ok
    23:08:04.0468 0248 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSxpx86.sys
    23:08:04.0468 0248 IDSxpx86 - ok
    23:08:04.0703 0248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:08:04.0703 0248 Imapi - ok
    23:08:04.0796 0248 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    23:08:04.0796 0248 ImapiService - ok
    23:08:04.0953 0248 ini910u - ok
    23:08:05.0062 0248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:08:05.0078 0248 IntelIde - ok
    23:08:05.0125 0248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:08:05.0125 0248 intelppm - ok
    23:08:05.0171 0248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:08:05.0171 0248 Ip6Fw - ok
    23:08:05.0218 0248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:08:05.0218 0248 IpFilterDriver - ok
    23:08:05.0281 0248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:08:05.0281 0248 IpInIp - ok
    23:08:05.0343 0248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:08:05.0343 0248 IpNat - ok
    23:08:05.0468 0248 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
    23:08:05.0484 0248 iPod Service - ok
    23:08:05.0671 0248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:08:05.0671 0248 IPSec - ok
    23:08:05.0734 0248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:08:05.0734 0248 IRENUM - ok
    23:08:05.0828 0248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:08:05.0828 0248 isapnp - ok
    23:08:06.0015 0248 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    23:08:06.0015 0248 JavaQuickStarterService - ok
    23:08:06.0046 0248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:08:06.0046 0248 Kbdclass - ok
    23:08:06.0109 0248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:08:06.0109 0248 kmixer - ok
    23:08:06.0171 0248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:08:06.0171 0248 KSecDD - ok
    23:08:06.0265 0248 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    23:08:06.0265 0248 lanmanserver - ok
    23:08:06.0343 0248 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    23:08:06.0343 0248 lanmanworkstation - ok
    23:08:06.0421 0248 lbrtfdc - ok
    23:08:06.0640 0248 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    23:08:06.0640 0248 LightScribeService - ok
    23:08:06.0734 0248 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    23:08:06.0734 0248 LmHosts - ok
    23:08:06.0843 0248 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    23:08:06.0843 0248 MBAMProtector - ok
    23:08:06.0953 0248 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    23:08:06.0953 0248 MBAMService - ok
    23:08:07.0125 0248 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    23:08:07.0125 0248 McrdSvc - ok
    23:08:07.0312 0248 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    23:08:07.0312 0248 MDM - ok
    23:08:07.0484 0248 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    23:08:07.0484 0248 mdmxsdk - ok
    23:08:07.0578 0248 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    23:08:07.0578 0248 Messenger - ok
    23:08:07.0671 0248 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    23:08:07.0671 0248 MHN - ok
    23:08:07.0796 0248 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    23:08:07.0796 0248 MHNDRV - ok
    23:08:07.0859 0248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:08:07.0859 0248 mnmdd - ok
    23:08:07.0953 0248 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    23:08:07.0953 0248 mnmsrvc - ok
    23:08:08.0015 0248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:08:08.0015 0248 Modem - ok
    23:08:08.0046 0248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:08:08.0046 0248 Mouclass - ok
    23:08:08.0093 0248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:08:08.0093 0248 MountMgr - ok
    23:08:08.0125 0248 mraid35x - ok
    23:08:08.0171 0248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:08:08.0171 0248 MRxDAV - ok
    23:08:08.0265 0248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:08:08.0265 0248 MRxSmb - ok
    23:08:08.0328 0248 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    23:08:08.0328 0248 MSDTC - ok
    23:08:08.0437 0248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:08:08.0437 0248 Msfs - ok
    23:08:08.0500 0248 MSIServer - ok
    23:08:08.0578 0248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:08:08.0578 0248 MSKSSRV - ok
    23:08:08.0625 0248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:08:08.0625 0248 MSPCLOCK - ok
    23:08:08.0656 0248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:08:08.0656 0248 MSPQM - ok
    23:08:08.0718 0248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:08:08.0734 0248 mssmbios - ok
    23:08:08.0796 0248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:08:08.0796 0248 Mup - ok
    23:08:08.0953 0248 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    23:08:08.0953 0248 N360 - ok
    23:08:09.0140 0248 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    23:08:09.0140 0248 napagent - ok
    23:08:09.0468 0248 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVENG.SYS
    23:08:09.0468 0248 NAVENG - ok
    23:08:09.0562 0248 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVEX15.SYS
    23:08:09.0562 0248 NAVEX15 - ok
    23:08:09.0812 0248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:08:09.0812 0248 NDIS - ok
    23:08:09.0890 0248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:08:09.0890 0248 NdisTapi - ok
    23:08:09.0953 0248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:08:09.0953 0248 Ndisuio - ok
    23:08:10.0015 0248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:08:10.0015 0248 NdisWan - ok
    23:08:10.0093 0248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:08:10.0093 0248 NDProxy - ok
    23:08:10.0171 0248 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
    23:08:10.0171 0248 Net Driver HPZ12 - ok
    23:08:10.0265 0248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:08:10.0265 0248 NetBIOS - ok
    23:08:10.0359 0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:08:10.0359 0248 NetBT - ok
    23:08:10.0421 0248 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    23:08:10.0421 0248 NetDDE - ok
    23:08:10.0453 0248 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    23:08:10.0453 0248 NetDDEdsdm - ok
    23:08:10.0500 0248 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:08:10.0515 0248 Netlogon - ok
    23:08:10.0562 0248 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    23:08:10.0578 0248 Netman - ok
    23:08:10.0625 0248 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
    23:08:10.0625 0248 NetworkX - ok
    23:08:10.0718 0248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:08:10.0718 0248 NIC1394 - ok
    23:08:10.0812 0248 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    23:08:10.0812 0248 Nla - ok
    23:08:10.0859 0248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:08:10.0859 0248 Npfs - ok
    23:08:10.0906 0248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:08:10.0921 0248 Ntfs - ok
    23:08:10.0984 0248 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:08:10.0984 0248 NtLmSsp - ok
    23:08:11.0062 0248 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    23:08:11.0062 0248 NtmsSvc - ok
    23:08:11.0171 0248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:08:11.0171 0248 Null - ok
    23:08:11.0218 0248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:08:11.0218 0248 NwlnkFlt - ok
    23:08:11.0265 0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:08:11.0265 0248 NwlnkFwd - ok
    23:08:11.0343 0248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:08:11.0343 0248 ohci1394 - ok
    23:08:11.0531 0248 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:08:11.0531 0248 ose - ok
    23:08:11.0765 0248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:08:11.0765 0248 Parport - ok
    23:08:11.0812 0248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:08:11.0812 0248 PartMgr - ok
    23:08:11.0906 0248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:08:11.0906 0248 ParVdm - ok
    23:08:11.0937 0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:08:11.0937 0248 PCI - ok
    23:08:11.0968 0248 PCIDump - ok
    23:08:12.0015 0248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:08:12.0015 0248 PCIIde - ok
    23:08:12.0046 0248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:08:12.0046 0248 Pcmcia - ok
    23:08:12.0093 0248 PDCOMP - ok
    23:08:12.0140 0248 PDFRAME - ok
    23:08:12.0171 0248 PDRELI - ok
    23:08:12.0203 0248 PDRFRAME - ok
    23:08:12.0250 0248 perc2 - ok
    23:08:12.0281 0248 perc2hib - ok
    23:08:12.0421 0248 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    23:08:12.0421 0248 PlugPlay - ok
    23:08:12.0500 0248 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
    23:08:12.0500 0248 Pml Driver HPZ12 - ok
    23:08:12.0578 0248 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:08:12.0578 0248 PolicyAgent - ok
    23:08:12.0703 0248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:08:12.0703 0248 PptpMiniport - ok
    23:08:12.0750 0248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:08:12.0750 0248 Processor - ok
    23:08:12.0812 0248 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:08:12.0812 0248 ProtectedStorage - ok
    23:08:12.0906 0248 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
    23:08:12.0906 0248 Ps2 - ok
    23:08:12.0968 0248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:08:12.0968 0248 PSched - ok
    23:08:13.0015 0248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:08:13.0031 0248 Ptilink - ok
    23:08:13.0078 0248 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:08:13.0078 0248 PxHelp20 - ok
    23:08:13.0125 0248 ql1080 - ok
    23:08:13.0156 0248 Ql10wnt - ok
    23:08:13.0203 0248 ql12160 - ok
    23:08:13.0234 0248 ql1240 - ok
    23:08:13.0265 0248 ql1280 - ok
    23:08:13.0312 0248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:08:13.0312 0248 RasAcd - ok
    23:08:13.0375 0248 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    23:08:13.0390 0248 RasAuto - ok
    23:08:13.0453 0248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:08:13.0453 0248 Rasl2tp - ok
    23:08:13.0500 0248 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    23:08:13.0500 0248 RasMan - ok
    23:08:13.0531 0248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:08:13.0531 0248 RasPppoe - ok
    23:08:13.0609 0248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:08:13.0609 0248 Raspti - ok
    23:08:13.0671 0248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:08:13.0671 0248 Rdbss - ok
    23:08:13.0718 0248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:08:13.0718 0248 RDPCDD - ok
    23:08:13.0781 0248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:08:13.0796 0248 rdpdr - ok
    23:08:13.0875 0248 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:08:13.0875 0248 RDPWD - ok
    23:08:13.0921 0248 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    23:08:13.0937 0248 RDSessMgr - ok
    23:08:13.0968 0248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:08:13.0968 0248 redbook - ok
    23:08:14.0046 0248 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    23:08:14.0046 0248 RemoteAccess - ok
    23:08:14.0140 0248 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    23:08:14.0140 0248 RemoteRegistry - ok
    23:08:14.0203 0248 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    23:08:14.0203 0248 RpcLocator - ok
    23:08:14.0281 0248 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    23:08:14.0281 0248 RpcSs - ok
    23:08:14.0359 0248 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    23:08:14.0359 0248 RSVP - ok
    23:08:14.0468 0248 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    23:08:14.0468 0248 RTL8023xp - ok
    23:08:14.0531 0248 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    23:08:14.0531 0248 rtl8139 - ok
    23:08:14.0593 0248 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    23:08:14.0593 0248 SamSs - ok
    23:08:14.0671 0248 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    23:08:14.0671 0248 SCardSvr - ok
    23:08:14.0734 0248 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    23:08:14.0750 0248 Schedule - ok
    23:08:14.0859 0248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:08:14.0859 0248 Secdrv - ok
    23:08:14.0937 0248 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    23:08:14.0937 0248 seclogon - ok
    23:08:14.0968 0248 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    23:08:14.0968 0248 SENS - ok
    23:08:15.0093 0248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    23:08:15.0093 0248 Serial - ok
    23:08:15.0140 0248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:08:15.0140 0248 Sfloppy - ok
    23:08:15.0218 0248 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    23:08:15.0218 0248 SharedAccess - ok
    23:08:15.0296 0248 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:08:15.0312 0248 ShellHWDetection - ok
    23:08:15.0390 0248 Simbad - ok
    23:08:15.0437 0248 Sparrow - ok
    23:08:15.0500 0248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:08:15.0500 0248 splitter - ok
    23:08:15.0562 0248 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    23:08:15.0578 0248 Spooler - ok
    23:08:15.0656 0248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:08:15.0656 0248 sr - ok
    23:08:15.0718 0248 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    23:08:15.0718 0248 srservice - ok
    23:08:15.0875 0248 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    23:08:15.0890 0248 SRTSP - ok
    23:08:15.0953 0248 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    23:08:15.0953 0248 SRTSPX - ok
    23:08:16.0046 0248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:08:16.0046 0248 Srv - ok
    23:08:16.0109 0248 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    23:08:16.0125 0248 SSDPSRV - ok
    23:08:16.0187 0248 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    23:08:16.0187 0248 stisvc - ok
    23:08:16.0265 0248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:08:16.0265 0248 swenum - ok
    23:08:16.0312 0248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:08:16.0312 0248 swmidi - ok
    23:08:16.0359 0248 SwPrv - ok
    23:08:16.0421 0248 symc810 - ok
    23:08:16.0453 0248 symc8xx - ok
    23:08:16.0546 0248 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
    23:08:16.0546 0248 SymDS - ok
    23:08:16.0625 0248 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    23:08:16.0625 0248 SymEFA - ok
    23:08:16.0703 0248 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    23:08:16.0703 0248 SymEvent - ok
    23:08:16.0750 0248 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
    23:08:16.0750 0248 SymIRON - ok
    23:08:16.0843 0248 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
    23:08:16.0859 0248 SYMTDI - ok
    23:08:16.0906 0248 sym_hi - ok
    23:08:16.0937 0248 sym_u3 - ok
    23:08:17.0015 0248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:08:17.0015 0248 sysaudio - ok
    23:08:17.0062 0248 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    23:08:17.0078 0248 SysmonLog - ok
    23:08:17.0140 0248 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    23:08:17.0140 0248 TapiSrv - ok
    23:08:17.0265 0248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:08:17.0281 0248 Tcpip - ok
    23:08:17.0343 0248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:08:17.0343 0248 TDPIPE - ok
    23:08:17.0390 0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:08:17.0390 0248 TDTCP - ok
    23:08:17.0453 0248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:08:17.0453 0248 TermDD - ok
    23:08:17.0546 0248 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    23:08:17.0546 0248 TermService - ok
    23:08:17.0625 0248 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    23:08:17.0625 0248 Themes - ok
    23:08:17.0703 0248 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    23:08:17.0703 0248 TlntSvr - ok
    23:08:17.0750 0248 TosIde - ok
    23:08:17.0828 0248 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    23:08:17.0828 0248 TrkWks - ok
    23:08:17.0906 0248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:08:17.0921 0248 Udfs - ok
    23:08:17.0968 0248 ujpcjh - ok
    23:08:18.0000 0248 ultra - ok
    23:08:18.0046 0248 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
    23:08:18.0046 0248 UMWdf - ok
    23:08:18.0125 0248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:08:18.0140 0248 Update - ok
    23:08:18.0218 0248 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    23:08:18.0218 0248 upnphost - ok
    23:08:18.0265 0248 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    23:08:18.0265 0248 UPS - ok
    23:08:18.0375 0248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    23:08:18.0375 0248 usbaudio - ok
    23:08:18.0437 0248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:08:18.0437 0248 usbccgp - ok
    23:08:18.0500 0248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:08:18.0500 0248 usbehci - ok
    23:08:18.0578 0248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:08:18.0578 0248 usbhub - ok
    23:08:18.0625 0248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:08:18.0625 0248 usbohci - ok
    23:08:18.0687 0248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:08:18.0687 0248 usbprint - ok
    23:08:18.0734 0248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:08:18.0734 0248 usbscan - ok
    23:08:18.0781 0248 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:08:18.0781 0248 usbstor - ok
    23:08:18.0843 0248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:08:18.0843 0248 usbuhci - ok
    23:08:18.0906 0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:08:18.0906 0248 VgaSave - ok
    23:08:18.0953 0248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:08:18.0953 0248 ViaIde - ok
    23:08:18.0984 0248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:08:18.0984 0248 VolSnap - ok
    23:08:19.0046 0248 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    23:08:19.0046 0248 VSS - ok
    23:08:19.0093 0248 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    23:08:19.0109 0248 W32Time - ok
    23:08:19.0234 0248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:08:19.0234 0248 Wanarp - ok
    23:08:19.0265 0248 WDICA - ok
    23:08:19.0312 0248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:08:19.0312 0248 wdmaud - ok
    23:08:19.0390 0248 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    23:08:19.0390 0248 WebClient - ok
    23:08:19.0484 0248 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    23:08:19.0484 0248 winachsf - ok
    23:08:19.0625 0248 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:08:19.0625 0248 winmgmt - ok
    23:08:19.0734 0248 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
    23:08:19.0734 0248 WmdmPmSN - ok
    23:08:19.0812 0248 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    23:08:19.0812 0248 Wmi - ok
    23:08:19.0953 0248 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    23:08:19.0953 0248 WmiApSrv - ok
    23:08:20.0000 0248 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    23:08:20.0015 0248 wuauserv - ok
    23:08:20.0109 0248 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    23:08:20.0125 0248 WZCSVC - ok
    23:08:20.0171 0248 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    23:08:20.0171 0248 xmlprov - ok
    23:08:20.0250 0248 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
    23:08:20.0296 0248 \Device\Harddisk0\DR0 - ok
    23:08:20.0328 0248 Boot (0x1200) (d06af46b36c165e23698ab088ea76500) \Device\Harddisk0\DR0\Partition0
    23:08:20.0328 0248 \Device\Harddisk0\DR0\Partition0 - ok
    23:08:20.0343 0248 Boot (0x1200) (2aa93d102a4fda4da17780d18899bfa1) \Device\Harddisk0\DR0\Partition1
    23:08:20.0343 0248 \Device\Harddisk0\DR0\Partition1 - ok
    23:08:20.0343 0248 ============================================================
    23:08:20.0343 0248 Scan finished
    23:08:20.0343 0248 ============================================================
    23:08:20.0406 0240 Detected object count: 0
    23:08:20.0406 0240 Actual detected object count: 0
     
  19. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  20. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    MBR Log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-29 23:19:42
    -----------------------------
    23:19:42.406 OS Version: Windows 5.1.2600 Service Pack 3
    23:19:42.406 Number of processors: 1 586 0x2701
    23:19:42.406 ComputerName: JAII UserName:
    23:19:44.828 Initialize success
    23:21:48.921 AVAST engine defs: 12032901
    23:22:08.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    23:22:08.828 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
    23:22:08.859 Disk 0 MBR read successfully
    23:22:08.890 Disk 0 MBR scan
    23:22:08.921 Disk 0 unknown MBR code
    23:22:08.937 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8714 MB offset 63
    23:22:08.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182064 MB offset 17848215
    23:22:09.000 Disk 0 malicious Win32:MBRoot code @ sector 61 !
    23:22:09.031 Disk 0 PE file @ sector 390716865 !
    23:22:09.109 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:22:20.500 Service scanning
    23:22:44.906 Modules scanning
    23:22:52.015 Disk 0 trace - called modules:
    23:22:52.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    23:22:52.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863109c0]
    23:22:52.031 3 CLASSPNP.SYS[f76c3fd7] -> nt!IofCallDriver -> \Device\0000006f[0x863df030]
    23:22:52.031 5 ACPI.sys[f761a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863d0940]
    23:22:52.390 AVAST engine scan C:\WINDOWS
    23:23:09.093 AVAST engine scan C:\WINDOWS\system32
    23:25:37.937 AVAST engine scan C:\WINDOWS\system32\drivers
    23:25:57.656 AVAST engine scan C:\Documents and Settings\Administrator
    23:27:36.312 AVAST engine scan C:\Documents and Settings\All Users
    23:28:37.187 Scan finished successfully
    23:28:52.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    23:28:52.578 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  21. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    Bootkit Rmvr

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00
    Boot sector MD5 is: 04bb945744f67e09eac699dea7655d04

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  22. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  23. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    bootkit log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00
    Boot sector MD5 is: 04bb945744f67e09eac699dea7655d04

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  24. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    You posted it already.
    Proceed with Combofix.
  25. LABJ

    LABJ Newcomer, in training Topic Starter Posts: 35

    ok... Currently in the process.. (replying from phone)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.