Inactive [A] Trojan.gen.2 & trojan.zeroaccess!

Status
Not open for further replies.
L

LABJ

Posts: 35   +0
Good evening!
I'm having a real issue with getting rid of TROJAN.GEN.2 & TROJAN.ZEROACCESS Rookit! off of my desktop. Please help me! This virus is making ads pop up immediately on my screen, my network connection (internet) is down, my antivirus is not avail to run... Im currently running on safe mode trying to run malware and antivirus scans but those doesn't help much... PLEASE HELP ME! Windows XP system

Thank you
Jennifer
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni... Thank you so much for replying.. I haven't started the process yet but I just wanted to state that I only have one pc (infected).. If I'm not able to post the logs once the scan is completed.. I can only reply to you on my android phone... My pc internet is down due to the virus... Is it ok that I remain on Safe mOde (networking... I have access to the internet and able to run antivirus) or should I return to normal mode (I can't access the internet nor run my Norton antiV)
 
Malwarebyte AntiV.. Scan Results

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: JAII [administrator]

Protection: Disabled

3/29/2012 9:24:15 PM
mbam-log-2012-03-29 (21-24-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322783
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
C:\WINDOWS\system32\ATSWPDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbidf2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CdaD10BA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DVDVRRdr_xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\earthlinksafeconnectagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hotspotshieldservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LUsbKbd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvcomser.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyncusbserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NxFsMon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdlndtdl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnarp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SunkFilt39.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcwrsssdk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SWNC8U20.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmcomm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Xyz777s.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)
 
GMER.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-29 21:54:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200826AS rev.3.03
Running: 92bfqyml.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxldypog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 PE file @ sector 390716865

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 1848

---- EOF - GMER 1.0.15 ----
 
DDS Attach.txt log

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 21:56:48 on 2012-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.494 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302294965281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{C4E78A90-4060-4034-813C-905D5F65EF2D} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
S0 ujpcjh;ujpcjh;c:\windows\system32\drivers\ggav.sys --> c:\windows\system32\drivers\ggav.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-19 820856]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-29 652360]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120327.002\IDSXpx86.sys [2012-3-27 356280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-29 20464]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120327.025\naveng.sys [2012-3-27 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120327.025\navex15.sys [2012-3-27 1576312]
.
=============== Created Last 30 ================
.
2012-03-30 01:23:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 01:23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 23:10:18 -------- d-----w- c:\documents and settings\administrator\application data\Tific
2012-03-29 23:10:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Symantec
2012-03-29 04:26:43 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2012-03-29 02:03:42 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2012-03-29 02:03:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-28 22:20:44 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-03-28 22:20:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-28 22:13:11 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-03-28 22:12:43 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-03-28 22:05:49 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-28 03:22:19 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-03-28 02:29:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 01:20:43 -------- d-----w- c:\documents and settings\all users\CrypKey
2012-03-27 00:37:59 -------- d-----w- C:\Log
2012-03-27 00:37:35 27648 ----a-r- c:\windows\Setup_ck.exe
2012-03-27 00:37:35 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2012-03-27 00:37:35 18432 ----a-w- c:\windows\Setup_ck.dll
2012-03-27 00:37:35 165888 ----a-w- c:\windows\Ckconfig.exe
2012-03-27 00:37:35 122880 ----a-w- c:\windows\system32\Crypserv.exe
2012-03-27 00:37:35 11776 ----a-w- c:\windows\Ckrfresh.exe
2012-03-27 00:37:22 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2012-03-27 00:37:22 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2012-03-27 00:37:20 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2012-03-26 14:31:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
.
==================== Find3M ====================
.
2012-02-27 00:02:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 00:02:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:57:51.35 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2011 4:01:35 PM
System Uptime: 3/29/2012 9:41:52 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 152.067 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.115 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_Help
5 Card Slingo from HP Media Center (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destination Component
DeviceDiscovery
DISCover
DocMgr
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
Google Toolbar for Internet Explorer
GPBaseService
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 10.0
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Manager 1.0
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 10.0
HP Multimedia Keyboard Software
HP Officejet J4500 Series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart Essential 2.5
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareAlert
InstantShareDevices
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
J4500
Java Auto Updater
Java(TM) 6 Update 31
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Money 2005
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Norton Security Suite
OCR Software by I.R.I.S. 10.0
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
PS2
PSPrinters08
PSSWCORE
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shooting Stars Pool from HP Media Center (remove only)
Shop for HP Supplies
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
SmartWebPrintingOC
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Stellar Phoenix Windows Data Recovery
Super Granny from HP Media Center (remove only)
TeamViewer 7
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe from HP Media Center (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/29/2012 9:54:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/28/2012 8:19:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/28/2012 8:17:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
3/28/2012 8:15:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/28/2012 6:13:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 eeCtrl Fips NetworkX SRTSPX SymIRON SYMTDI
3/28/2012 6:12:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/27/2012 11:10:23 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/27/2012 11:09:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
3/27/2012 11:09:30 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/27/2012 10:29:56 PM, error: Service Control Manager [7023] - The Atinevxx service terminated with the following error: The specified module could not be found.
3/26/2012 11:55:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
.. I'm done... Just a little uncertainty...

I'm done with all the required processes from malware to dds.. I've read and responded to all steps.. I'm not sure if the pc is clear from all malware and viruses?



Thank you so much, Broni!:):grinthumb
 
tdsskiller log

22:12:12.0437 1752 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:12:12.0828 1752 ============================================================
22:12:12.0828 1752 Current date / time: 2012/03/29 22:12:12.0828
22:12:12.0828 1752 SystemInfo:
22:12:12.0828 1752
22:12:12.0828 1752 OS Version: 5.1.2600 ServicePack: 3.0
22:12:12.0828 1752 Product type: Workstation
22:12:12.0828 1752 ComputerName: JAII
22:12:12.0828 1752 UserName: Administrator
22:12:12.0828 1752 Windows directory: C:\WINDOWS
22:12:12.0828 1752 System windows directory: C:\WINDOWS
22:12:12.0828 1752 Processor architecture: Intel x86
22:12:12.0828 1752 Number of processors: 1
22:12:12.0828 1752 Page size: 0x1000
22:12:12.0828 1752 Boot type: Safe boot with network
22:12:12.0828 1752 ============================================================
22:12:16.0718 1752 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:12:16.0781 1752 \Device\Harddisk0\DR0:
22:12:16.0781 1752 MBR used
22:12:16.0781 1752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
22:12:16.0781 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1639862A
22:12:16.0843 1752 Initialize success
22:12:16.0843 1752 ============================================================
22:12:23.0546 0332 ============================================================
22:12:23.0546 0332 Scan started
22:12:23.0546 0332 Mode: Manual;
22:12:23.0546 0332 ============================================================
22:12:25.0812 0332 Abiosdsk - ok
22:12:25.0890 0332 abp480n5 - ok
22:12:25.0937 0332 acedrv05 - ok
22:12:26.0046 0332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:12:26.0046 0332 ACPI - ok
22:12:26.0109 0332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:12:26.0109 0332 ACPIEC - ok
22:12:26.0156 0332 adpu160m - ok
22:12:26.0265 0332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:12:26.0265 0332 aec - ok
22:12:26.0375 0332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:12:26.0375 0332 AFD - ok
22:12:26.0406 0332 Aha154x - ok
22:12:26.0437 0332 aic78u2 - ok
22:12:26.0484 0332 aic78xx - ok
22:12:26.0656 0332 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:12:26.0859 0332 ALCXWDM - ok
22:12:26.0937 0332 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:12:26.0937 0332 Alerter - ok
22:12:27.0000 0332 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:12:27.0000 0332 ALG - ok
22:12:27.0046 0332 AliIde - ok
22:12:27.0109 0332 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:12:27.0109 0332 AmdK8 - ok
22:12:27.0156 0332 amsint - ok
22:12:27.0312 0332 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:12:27.0312 0332 Apple Mobile Device - ok
22:12:27.0375 0332 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:12:27.0390 0332 AppMgmt - ok
22:12:27.0484 0332 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
22:12:27.0484 0332 aracpi - ok
22:12:27.0546 0332 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
22:12:27.0546 0332 arhidfltr - ok
22:12:27.0609 0332 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
22:12:27.0609 0332 arkbcfltr - ok
22:12:27.0671 0332 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
22:12:27.0671 0332 armoucfltr - ok
22:12:27.0750 0332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:12:27.0750 0332 Arp1394 - ok
22:12:27.0781 0332 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
22:12:27.0781 0332 ARPolicy - ok
22:12:27.0859 0332 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
22:12:27.0859 0332 ARSVC - ok
22:12:28.0000 0332 asc - ok
22:12:28.0062 0332 asc3350p - ok
22:12:28.0125 0332 asc3550 - ok
22:12:28.0281 0332 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:12:28.0281 0332 aspnet_state - ok
22:12:28.0390 0332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:12:28.0390 0332 AsyncMac - ok
22:12:28.0468 0332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:12:28.0468 0332 atapi - ok
22:12:28.0515 0332 Atdisk - ok
22:12:28.0625 0332 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
22:12:28.0640 0332 Ati HotKey Poller - ok
22:12:28.0750 0332 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:12:28.0796 0332 ati2mtag - ok
22:12:28.0859 0332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:12:28.0859 0332 Atmarpc - ok
22:12:28.0937 0332 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:12:28.0937 0332 AudioSrv - ok
22:12:29.0015 0332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:12:29.0015 0332 audstub - ok
22:12:29.0078 0332 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
22:12:29.0078 0332 bb-run - ok
22:12:29.0171 0332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:12:29.0171 0332 Beep - ok
22:12:29.0546 0332 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
22:12:29.0578 0332 BHDrvx86 - ok
22:12:29.0765 0332 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:12:29.0765 0332 BITS - ok
22:12:29.0953 0332 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:12:29.0953 0332 Bonjour Service - ok
22:12:30.0031 0332 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:12:30.0031 0332 Browser - ok
22:12:30.0140 0332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:12:30.0140 0332 cbidf2k - ok
22:12:30.0218 0332 cd20xrnt - ok
22:12:30.0312 0332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:12:30.0312 0332 Cdaudio - ok
22:12:30.0390 0332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:12:30.0390 0332 Cdfs - ok
22:12:30.0468 0332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:12:30.0468 0332 Cdrom - ok
22:12:30.0500 0332 Changer - ok
22:12:30.0562 0332 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:12:30.0562 0332 CiSvc - ok
22:12:30.0609 0332 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:12:30.0609 0332 ClipSrv - ok
22:12:30.0687 0332 CmdIde - ok
22:12:30.0718 0332 COMSysApp - ok
22:12:30.0781 0332 Cpqarray - ok
22:12:30.0812 0332 Crypkey License - ok
22:12:30.0875 0332 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:12:30.0875 0332 CryptSvc - ok
22:12:30.0906 0332 dac2w2k - ok
22:12:30.0968 0332 dac960nt - ok
22:12:31.0046 0332 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:12:31.0046 0332 DcomLaunch - ok
22:12:31.0140 0332 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:12:31.0140 0332 Dhcp - ok
22:12:31.0234 0332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:12:31.0234 0332 Disk - ok
22:12:31.0343 0332 dmadmin - ok
22:12:31.0421 0332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:12:31.0437 0332 dmboot - ok
22:12:31.0578 0332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:12:31.0593 0332 dmio - ok
22:12:31.0640 0332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:12:31.0640 0332 dmload - ok
22:12:31.0718 0332 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:12:31.0718 0332 dmserver - ok
22:12:31.0828 0332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:12:31.0828 0332 DMusic - ok
22:12:31.0906 0332 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:12:31.0906 0332 Dnscache - ok
22:12:32.0062 0332 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:12:32.0078 0332 Dot3svc - ok
22:12:32.0125 0332 dpti2o - ok
22:12:32.0203 0332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:12:32.0203 0332 drmkaud - ok
22:12:32.0265 0332 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:12:32.0265 0332 EapHost - ok
22:12:32.0562 0332 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:12:32.0562 0332 eeCtrl - ok
22:12:32.0750 0332 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
22:12:32.0750 0332 ehRecvr - ok
22:12:32.0796 0332 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:12:32.0796 0332 ehSched - ok
22:12:33.0000 0332 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:12:33.0000 0332 EraserUtilRebootDrv - ok
22:12:33.0250 0332 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:12:33.0250 0332 ERSvc - ok
22:12:33.0359 0332 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:12:33.0359 0332 Eventlog - ok
22:12:33.0421 0332 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:12:33.0421 0332 EventSystem - ok
22:12:33.0546 0332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:12:33.0546 0332 Fastfat - ok
22:12:33.0640 0332 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:12:33.0656 0332 FastUserSwitchingCompatibility - ok
22:12:33.0734 0332 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:12:33.0734 0332 Fax - ok
22:12:33.0859 0332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:12:33.0859 0332 Fdc - ok
22:12:33.0906 0332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:12:33.0906 0332 Fips - ok
22:12:33.0968 0332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:12:33.0968 0332 Flpydisk - ok
22:12:34.0015 0332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:12:34.0015 0332 FltMgr - ok
22:12:34.0078 0332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:12:34.0078 0332 Fs_Rec - ok
22:12:34.0109 0332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:12:34.0125 0332 Ftdisk - ok
22:12:34.0156 0332 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
22:12:34.0156 0332 ftsata2 - ok
22:12:34.0234 0332 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:12:34.0234 0332 GEARAspiWDM - ok
22:12:34.0312 0332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:12:34.0312 0332 Gpc - ok
22:12:34.0437 0332 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:12:34.0437 0332 helpsvc - ok
22:12:34.0515 0332 HidServ - ok
22:12:34.0625 0332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:12:34.0625 0332 HidUsb - ok
22:12:34.0718 0332 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:12:34.0734 0332 hkmsvc - ok
22:12:34.0796 0332 hpn - ok
22:12:34.0984 0332 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:12:34.0984 0332 hpqcxs08 - ok
22:12:35.0046 0332 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:12:35.0046 0332 hpqddsvc - ok
22:12:35.0250 0332 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:12:35.0250 0332 HPZid412 - ok
22:12:35.0296 0332 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:12:35.0296 0332 HPZipr12 - ok
22:12:35.0390 0332 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:12:35.0390 0332 HPZius12 - ok
22:12:35.0515 0332 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:12:35.0515 0332 HSFHWBS2 - ok
22:12:35.0625 0332 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:12:35.0656 0332 HSF_DP - ok
22:12:35.0781 0332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:12:35.0796 0332 HTTP - ok
22:12:35.0875 0332 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:12:35.0875 0332 HTTPFilter - ok
22:12:35.0953 0332 i2omgmt - ok
22:12:36.0000 0332 i2omp - ok
22:12:36.0078 0332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:12:36.0078 0332 i8042prt - ok
22:12:36.0187 0332 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:12:36.0187 0332 iaStor - ok
22:12:36.0359 0332 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:12:36.0375 0332 IDriverT - ok
22:12:36.0718 0332 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSxpx86.sys
22:12:36.0734 0332 IDSxpx86 - ok
22:12:37.0000 0332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:12:37.0000 0332 Imapi - ok
22:12:37.0093 0332 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:12:37.0093 0332 ImapiService - ok
22:12:37.0250 0332 ini910u - ok
22:12:37.0375 0332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:12:37.0375 0332 IntelIde - ok
22:12:37.0437 0332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:12:37.0453 0332 intelppm - ok
22:12:37.0515 0332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:12:37.0515 0332 Ip6Fw - ok
22:12:37.0562 0332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:12:37.0562 0332 IpFilterDriver - ok
22:12:37.0625 0332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:12:37.0625 0332 IpInIp - ok
22:12:37.0687 0332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:12:37.0687 0332 IpNat - ok
22:12:37.0812 0332 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
22:12:37.0843 0332 iPod Service - ok
22:12:38.0062 0332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:12:38.0062 0332 IPSec - ok
22:12:38.0125 0332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:12:38.0125 0332 IRENUM - ok
22:12:38.0218 0332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:12:38.0218 0332 isapnp - ok
22:12:38.0406 0332 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:12:38.0406 0332 JavaQuickStarterService - ok
22:12:38.0453 0332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:12:38.0453 0332 Kbdclass - ok
22:12:38.0500 0332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:12:38.0515 0332 kmixer - ok
22:12:38.0593 0332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:12:38.0593 0332 KSecDD - ok
22:12:38.0671 0332 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:12:38.0671 0332 lanmanserver - ok
22:12:38.0750 0332 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:12:38.0765 0332 lanmanworkstation - ok
22:12:38.0843 0332 lbrtfdc - ok
22:12:39.0078 0332 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:12:39.0078 0332 LightScribeService - ok
22:12:39.0265 0332 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:12:39.0265 0332 LmHosts - ok
22:12:39.0390 0332 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:12:39.0390 0332 MBAMProtector - ok
22:12:39.0515 0332 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:12:39.0531 0332 MBAMService - ok
22:12:39.0687 0332 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:12:39.0687 0332 McrdSvc - ok
22:12:39.0875 0332 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:12:39.0875 0332 MDM - ok
22:12:40.0062 0332 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:12:40.0062 0332 mdmxsdk - ok
22:12:40.0156 0332 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:12:40.0156 0332 Messenger - ok
22:12:40.0234 0332 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:12:40.0234 0332 MHN - ok
22:12:40.0343 0332 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:12:40.0343 0332 MHNDRV - ok
22:12:40.0390 0332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:12:40.0406 0332 mnmdd - ok
22:12:40.0515 0332 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:12:40.0515 0332 mnmsrvc - ok
22:12:40.0593 0332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:12:40.0593 0332 Modem - ok
22:12:40.0671 0332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:12:40.0671 0332 Mouclass - ok
22:12:40.0718 0332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:12:40.0718 0332 MountMgr - ok
22:12:40.0765 0332 mraid35x - ok
22:12:40.0796 0332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:12:40.0812 0332 MRxDAV - ok
22:12:40.0859 0332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:12:40.0875 0332 MRxSmb - ok
22:12:40.0921 0332 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:12:40.0921 0332 MSDTC - ok
22:12:41.0062 0332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:12:41.0062 0332 Msfs - ok
22:12:41.0109 0332 MSIServer - ok
22:12:41.0281 0332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:12:41.0281 0332 MSKSSRV - ok
22:12:41.0375 0332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:12:41.0375 0332 MSPCLOCK - ok
22:12:41.0406 0332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:12:41.0406 0332 MSPQM - ok
22:12:41.0468 0332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:12:41.0468 0332 mssmbios - ok
22:12:41.0562 0332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:12:41.0562 0332 Mup - ok
22:12:41.0718 0332 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
22:12:41.0734 0332 N360 - ok
22:12:41.0921 0332 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:12:41.0921 0332 napagent - ok
22:12:42.0234 0332 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVENG.SYS
22:12:42.0234 0332 NAVENG - ok
22:12:42.0312 0332 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVEX15.SYS
22:12:42.0375 0332 NAVEX15 - ok
22:12:42.0640 0332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:12:42.0640 0332 NDIS - ok
22:12:42.0750 0332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:12:42.0750 0332 NdisTapi - ok
22:12:42.0859 0332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:12:42.0859 0332 Ndisuio - ok
22:12:42.0906 0332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:12:42.0906 0332 NdisWan - ok
22:12:42.0984 0332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:12:42.0984 0332 NDProxy - ok
22:12:43.0062 0332 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
22:12:43.0062 0332 Net Driver HPZ12 - ok
22:12:43.0140 0332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:12:43.0140 0332 NetBIOS - ok
22:12:43.0187 0332 NetBT (ea29cc8b9469b1a3921a796a608dbd03) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:12:43.0187 0332 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: ea29cc8b9469b1a3921a796a608dbd03, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
22:12:43.0187 0332 NetBT ( Virus.Win32.ZAccess.k ) - infected
22:12:43.0187 0332 NetBT - detected Virus.Win32.ZAccess.k (0)
22:12:43.0250 0332 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:12:43.0250 0332 NetDDE - ok
22:12:43.0281 0332 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:12:43.0281 0332 NetDDEdsdm - ok
22:12:43.0375 0332 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:12:43.0375 0332 Netlogon - ok
22:12:43.0453 0332 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:12:43.0453 0332 Netman - ok
22:12:43.0515 0332 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
22:12:43.0515 0332 NetworkX - ok
22:12:43.0625 0332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:12:43.0625 0332 NIC1394 - ok
22:12:43.0765 0332 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:12:43.0781 0332 Nla - ok
22:12:43.0906 0332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:12:43.0906 0332 Npfs - ok
22:12:43.0984 0332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:12:44.0000 0332 Ntfs - ok
22:12:44.0078 0332 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:12:44.0078 0332 NtLmSsp - ok
22:12:44.0156 0332 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:12:44.0171 0332 NtmsSvc - ok
22:12:44.0265 0332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:12:44.0265 0332 Null - ok
22:12:44.0312 0332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:12:44.0312 0332 NwlnkFlt - ok
22:12:44.0359 0332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:12:44.0359 0332 NwlnkFwd - ok
22:12:44.0437 0332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:12:44.0453 0332 ohci1394 - ok
22:12:44.0765 0332 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:12:44.0765 0332 ose - ok
22:12:45.0000 0332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:12:45.0031 0332 Parport - ok
22:12:45.0093 0332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:12:45.0109 0332 PartMgr - ok
22:12:45.0218 0332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:12:45.0218 0332 ParVdm - ok
22:12:45.0312 0332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:12:45.0312 0332 PCI - ok
22:12:45.0359 0332 PCIDump - ok
22:12:45.0406 0332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:12:45.0421 0332 PCIIde - ok
22:12:45.0468 0332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:12:45.0468 0332 Pcmcia - ok
22:12:45.0671 0332 PDCOMP - ok
22:12:45.0718 0332 PDFRAME - ok
22:12:45.0765 0332 PDRELI - ok
22:12:45.0796 0332 PDRFRAME - ok
22:12:45.0843 0332 perc2 - ok
22:12:45.0875 0332 perc2hib - ok
22:12:46.0015 0332 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:12:46.0031 0332 PlugPlay - ok
22:12:46.0109 0332 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
22:12:46.0109 0332 Pml Driver HPZ12 - ok
22:12:46.0187 0332 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:12:46.0187 0332 PolicyAgent - ok
22:12:46.0296 0332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:12:46.0328 0332 PptpMiniport - ok
22:12:46.0390 0332 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:12:46.0390 0332 Processor - ok
22:12:46.0468 0332 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:12:46.0468 0332 ProtectedStorage - ok
22:12:46.0625 0332 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
22:12:46.0640 0332 Ps2 - ok
22:12:46.0734 0332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:12:46.0734 0332 PSched - ok
22:12:46.0781 0332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:12:46.0781 0332 Ptilink - ok
22:12:46.0843 0332 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:12:46.0843 0332 PxHelp20 - ok
22:12:46.0890 0332 ql1080 - ok
22:12:46.0937 0332 Ql10wnt - ok
22:12:46.0968 0332 ql12160 - ok
22:12:47.0015 0332 ql1240 - ok
22:12:47.0046 0332 ql1280 - ok
22:12:47.0109 0332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:12:47.0109 0332 RasAcd - ok
22:12:47.0156 0332 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:12:47.0156 0332 RasAuto - ok
22:12:47.0234 0332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:12:47.0234 0332 Rasl2tp - ok
22:12:47.0312 0332 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:12:47.0328 0332 RasMan - ok
22:12:47.0437 0332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:12:47.0437 0332 RasPppoe - ok
22:12:47.0484 0332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:12:47.0484 0332 Raspti - ok
22:12:47.0546 0332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:12:47.0562 0332 Rdbss - ok
22:12:47.0593 0332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:12:47.0593 0332 RDPCDD - ok
22:12:47.0671 0332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:12:47.0687 0332 rdpdr - ok
22:12:47.0765 0332 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:12:47.0765 0332 RDPWD - ok
22:12:47.0828 0332 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:12:47.0828 0332 RDSessMgr - ok
22:12:47.0906 0332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:12:47.0906 0332 redbook - ok
22:12:48.0000 0332 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:12:48.0015 0332 RemoteAccess - ok
22:12:48.0078 0332 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:12:48.0078 0332 RemoteRegistry - ok
22:12:48.0156 0332 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:12:48.0156 0332 RpcLocator - ok
22:12:48.0250 0332 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:12:48.0250 0332 RpcSs - ok
22:12:48.0328 0332 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:12:48.0328 0332 RSVP - ok
22:12:48.0437 0332 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:12:48.0437 0332 RTL8023xp - ok
22:12:48.0515 0332 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:12:48.0515 0332 rtl8139 - ok
22:12:48.0562 0332 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:12:48.0562 0332 SamSs - ok
22:12:48.0640 0332 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:12:48.0640 0332 SCardSvr - ok
22:12:48.0687 0332 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:12:48.0718 0332 Schedule - ok
22:12:48.0828 0332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:12:48.0828 0332 Secdrv - ok
22:12:48.0890 0332 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:12:48.0890 0332 seclogon - ok
22:12:48.0921 0332 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:12:48.0937 0332 SENS - ok
22:12:49.0062 0332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:12:49.0062 0332 Serial - ok
22:12:49.0109 0332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:12:49.0109 0332 Sfloppy - ok
22:12:49.0203 0332 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:12:49.0218 0332 SharedAccess - ok
22:12:49.0296 0332 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:12:49.0296 0332 ShellHWDetection - ok
22:12:49.0359 0332 Simbad - ok
22:12:49.0406 0332 Sparrow - ok
22:12:49.0468 0332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:12:49.0468 0332 splitter - ok
22:12:49.0593 0332 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:12:49.0593 0332 Spooler - ok
22:12:49.0718 0332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:12:49.0718 0332 sr - ok
22:12:49.0796 0332 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:12:49.0796 0332 srservice - ok
22:12:49.0906 0332 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
22:12:49.0937 0332 SRTSP - ok
22:12:50.0000 0332 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
22:12:50.0000 0332 SRTSPX - ok
22:12:50.0093 0332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:12:50.0093 0332 Srv - ok
22:12:50.0171 0332 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:12:50.0171 0332 SSDPSRV - ok
22:12:50.0250 0332 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:12:50.0250 0332 stisvc - ok
22:12:50.0343 0332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:12:50.0343 0332 swenum - ok
22:12:50.0390 0332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:12:50.0390 0332 swmidi - ok
22:12:50.0437 0332 SwPrv - ok
22:12:50.0500 0332 symc810 - ok
22:12:50.0531 0332 symc8xx - ok
22:12:50.0625 0332 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
22:12:50.0625 0332 SymDS - ok
22:12:50.0703 0332 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
22:12:50.0718 0332 SymEFA - ok
22:12:50.0812 0332 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:12:50.0843 0332 SymEvent - ok
22:12:50.0968 0332 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
22:12:50.0968 0332 SymIRON - ok
22:12:51.0062 0332 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
22:12:51.0078 0332 SYMTDI - ok
22:12:51.0109 0332 sym_hi - ok
22:12:51.0140 0332 sym_u3 - ok
22:12:51.0218 0332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:12:51.0218 0332 sysaudio - ok
22:12:51.0281 0332 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:12:51.0296 0332 SysmonLog - ok
22:12:51.0359 0332 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:12:51.0359 0332 TapiSrv - ok
22:12:51.0453 0332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:12:51.0453 0332 Tcpip - ok
22:12:51.0515 0332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:12:51.0515 0332 TDPIPE - ok
22:12:51.0578 0332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:12:51.0578 0332 TDTCP - ok
22:12:51.0640 0332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:12:51.0640 0332 TermDD - ok
22:12:51.0718 0332 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:12:51.0734 0332 TermService - ok
22:12:51.0843 0332 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:12:51.0843 0332 Themes - ok
22:12:51.0937 0332 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:12:51.0937 0332 TlntSvr - ok
22:12:51.0984 0332 TosIde - ok
22:12:52.0078 0332 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:12:52.0078 0332 TrkWks - ok
22:12:52.0156 0332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:12:52.0156 0332 Udfs - ok
22:12:52.0187 0332 ujpcjh - ok
22:12:52.0218 0332 ultra - ok
22:12:52.0281 0332 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
22:12:52.0281 0332 UMWdf - ok
22:12:52.0343 0332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:12:52.0359 0332 Update - ok
22:12:52.0734 0332 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:12:52.0750 0332 upnphost - ok
22:12:52.0843 0332 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:12:52.0843 0332 UPS - ok
22:12:53.0140 0332 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:12:53.0140 0332 usbaudio - ok
22:12:53.0234 0332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:12:53.0234 0332 usbccgp - ok
22:12:53.0328 0332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:12:53.0328 0332 usbehci - ok
22:12:53.0359 0332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:12:53.0359 0332 usbhub - ok
22:12:53.0375 0332 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:12:53.0390 0332 usbohci - ok
22:12:53.0453 0332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:12:53.0453 0332 usbprint - ok
22:12:53.0500 0332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:12:53.0500 0332 usbscan - ok
22:12:53.0578 0332 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:12:53.0578 0332 usbstor - ok
22:12:53.0656 0332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:12:53.0656 0332 usbuhci - ok
22:12:53.0718 0332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:12:53.0718 0332 VgaSave - ok
22:12:53.0750 0332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:12:53.0765 0332 ViaIde - ok
22:12:53.0812 0332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:12:53.0812 0332 VolSnap - ok
22:12:53.0906 0332 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:12:53.0906 0332 VSS - ok
22:12:53.0968 0332 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:12:53.0968 0332 W32Time - ok
22:12:54.0093 0332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:12:54.0093 0332 Wanarp - ok
22:12:54.0125 0332 WDICA - ok
22:12:54.0187 0332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:12:54.0203 0332 wdmaud - ok
22:12:54.0250 0332 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:12:54.0250 0332 WebClient - ok
22:12:54.0343 0332 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:12:54.0359 0332 winachsf - ok
22:12:54.0640 0332 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:12:54.0640 0332 winmgmt - ok
22:12:54.0734 0332 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
22:12:54.0734 0332 WmdmPmSN - ok
22:12:54.0828 0332 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:12:54.0843 0332 Wmi - ok
22:12:54.0968 0332 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:12:54.0968 0332 WmiApSrv - ok
22:12:55.0031 0332 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:12:55.0031 0332 wuauserv - ok
22:12:55.0125 0332 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:12:55.0140 0332 WZCSVC - ok
22:12:55.0187 0332 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:12:55.0187 0332 xmlprov - ok
22:12:55.0281 0332 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
22:12:55.0328 0332 \Device\Harddisk0\DR0 - ok
22:12:55.0359 0332 Boot (0x1200) (d06af46b36c165e23698ab088ea76500) \Device\Harddisk0\DR0\Partition0
22:12:55.0359 0332 \Device\Harddisk0\DR0\Partition0 - ok
22:12:55.0390 0332 Boot (0x1200) (2aa93d102a4fda4da17780d18899bfa1) \Device\Harddisk0\DR0\Partition1
22:12:55.0390 0332 \Device\Harddisk0\DR0\Partition1 - ok
22:12:55.0406 0332 ============================================================
22:12:55.0406 0332 Scan finished
22:12:55.0406 0332 ============================================================
22:12:55.0453 0832 Detected object count: 1
22:12:55.0453 0832 Actual detected object count: 1
22:13:20.0265 0832 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\@ - copied to quarantine
22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\cfg.ini - copied to quarantine
22:13:20.0296 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\Desktop.ini - copied to quarantine
22:13:20.0312 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\L\aqaeidou - copied to quarantine
22:13:20.0312 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\oemid - copied to quarantine
22:13:20.0328 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000001.@ - copied to quarantine
22:13:20.0390 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000002.@ - copied to quarantine
22:13:20.0406 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000004.@ - copied to quarantine
22:13:20.0437 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000000.@ - copied to quarantine
22:13:20.0437 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000004.@ - copied to quarantine
22:13:20.0453 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000032.@ - copied to quarantine
22:13:20.0468 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\version - copied to quarantine
22:13:21.0828 0832 Backup copy found, using it..
22:13:21.0843 0832 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3179965643 - will be deleted on reboot
22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\@ - will be deleted on reboot
22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\cfg.ini - will be deleted on reboot
22:13:23.0921 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\Desktop.ini - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\oemid - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000001.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000002.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\00000004.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000000.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000004.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\U\80000032.@ - will be deleted on reboot
22:13:23.0937 0832 C:\WINDOWS\$NtUninstallKB31089$\3555371675\version - will be deleted on reboot
22:13:23.0937 0832 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:13:54.0296 1200 Deinitialize success
 
Re-run TDSSKiller

0 threats were found.. All Clear:grinthumb


23:07:52.0156 1960 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:07:52.0437 1960 ============================================================
23:07:52.0437 1960 Current date / time: 2012/03/29 23:07:52.0437
23:07:52.0437 1960 SystemInfo:
23:07:52.0437 1960
23:07:52.0437 1960 OS Version: 5.1.2600 ServicePack: 3.0
23:07:52.0437 1960 Product type: Workstation
23:07:52.0437 1960 ComputerName: JAII
23:07:52.0437 1960 UserName: Administrator
23:07:52.0437 1960 Windows directory: C:\WINDOWS
23:07:52.0437 1960 System windows directory: C:\WINDOWS
23:07:52.0437 1960 Processor architecture: Intel x86
23:07:52.0437 1960 Number of processors: 1
23:07:52.0437 1960 Page size: 0x1000
23:07:52.0437 1960 Boot type: Safe boot with network
23:07:52.0437 1960 ============================================================
23:07:52.0937 1960 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:07:53.0000 1960 \Device\Harddisk0\DR0:
23:07:53.0000 1960 MBR used
23:07:53.0000 1960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
23:07:53.0000 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1639862A
23:07:53.0015 1960 Initialize success
23:07:53.0015 1960 ============================================================
23:07:54.0250 0248 ============================================================
23:07:54.0250 0248 Scan started
23:07:54.0250 0248 Mode: Manual;
23:07:54.0250 0248 ============================================================
23:07:54.0812 0248 Abiosdsk - ok
23:07:54.0843 0248 abp480n5 - ok
23:07:54.0875 0248 acedrv05 - ok
23:07:54.0953 0248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:07:54.0953 0248 ACPI - ok
23:07:55.0031 0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:07:55.0031 0248 ACPIEC - ok
23:07:55.0218 0248 adpu160m - ok
23:07:55.0343 0248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:07:55.0343 0248 aec - ok
23:07:55.0406 0248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:07:55.0406 0248 AFD - ok
23:07:55.0437 0248 Aha154x - ok
23:07:55.0500 0248 aic78u2 - ok
23:07:55.0546 0248 aic78xx - ok
23:07:55.0734 0248 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:07:55.0750 0248 ALCXWDM - ok
23:07:55.0796 0248 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:07:55.0796 0248 Alerter - ok
23:07:55.0843 0248 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:07:55.0843 0248 ALG - ok
23:07:55.0890 0248 AliIde - ok
23:07:55.0953 0248 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:07:55.0953 0248 AmdK8 - ok
23:07:56.0000 0248 amsint - ok
23:07:56.0109 0248 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:07:56.0109 0248 Apple Mobile Device - ok
23:07:56.0281 0248 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:07:56.0281 0248 AppMgmt - ok
23:07:56.0421 0248 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
23:07:56.0421 0248 aracpi - ok
23:07:56.0484 0248 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
23:07:56.0484 0248 arhidfltr - ok
23:07:56.0578 0248 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
23:07:56.0578 0248 arkbcfltr - ok
23:07:56.0593 0248 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
23:07:56.0593 0248 armoucfltr - ok
23:07:56.0687 0248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:07:56.0687 0248 Arp1394 - ok
23:07:56.0734 0248 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
23:07:56.0734 0248 ARPolicy - ok
23:07:56.0781 0248 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
23:07:56.0781 0248 ARSVC - ok
23:07:56.0843 0248 asc - ok
23:07:56.0875 0248 asc3350p - ok
23:07:56.0906 0248 asc3550 - ok
23:07:57.0078 0248 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:07:57.0078 0248 aspnet_state - ok
23:07:57.0140 0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:57.0140 0248 AsyncMac - ok
23:07:57.0187 0248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:57.0187 0248 atapi - ok
23:07:57.0234 0248 Atdisk - ok
23:07:57.0312 0248 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
23:07:57.0312 0248 Ati HotKey Poller - ok
23:07:57.0421 0248 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:07:57.0421 0248 ati2mtag - ok
23:07:57.0515 0248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:07:57.0515 0248 Atmarpc - ok
23:07:57.0578 0248 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:07:57.0578 0248 AudioSrv - ok
23:07:57.0687 0248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:57.0687 0248 audstub - ok
23:07:57.0765 0248 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
23:07:57.0765 0248 bb-run - ok
23:07:57.0859 0248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:07:57.0859 0248 Beep - ok
23:07:58.0218 0248 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
23:07:58.0218 0248 BHDrvx86 - ok
23:07:58.0421 0248 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:07:58.0421 0248 BITS - ok
23:07:58.0578 0248 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:07:58.0593 0248 Bonjour Service - ok
23:07:58.0781 0248 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:07:58.0781 0248 Browser - ok
23:07:58.0890 0248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:58.0890 0248 cbidf2k - ok
23:07:58.0953 0248 cd20xrnt - ok
23:07:59.0031 0248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:59.0031 0248 Cdaudio - ok
23:07:59.0125 0248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:59.0125 0248 Cdfs - ok
23:07:59.0171 0248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:59.0171 0248 Cdrom - ok
23:07:59.0203 0248 Changer - ok
23:07:59.0281 0248 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:07:59.0281 0248 CiSvc - ok
23:07:59.0328 0248 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:07:59.0328 0248 ClipSrv - ok
23:07:59.0359 0248 CmdIde - ok
23:07:59.0406 0248 COMSysApp - ok
23:07:59.0468 0248 Cpqarray - ok
23:07:59.0484 0248 Crypkey License - ok
23:07:59.0546 0248 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:07:59.0546 0248 CryptSvc - ok
23:07:59.0578 0248 dac2w2k - ok
23:07:59.0609 0248 dac960nt - ok
23:07:59.0718 0248 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:07:59.0718 0248 DcomLaunch - ok
23:07:59.0796 0248 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:07:59.0796 0248 Dhcp - ok
23:07:59.0843 0248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:59.0843 0248 Disk - ok
23:07:59.0890 0248 dmadmin - ok
23:07:59.0968 0248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:07:59.0968 0248 dmboot - ok
23:08:00.0000 0248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:08:00.0015 0248 dmio - ok
23:08:00.0062 0248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:08:00.0062 0248 dmload - ok
23:08:00.0140 0248 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:08:00.0140 0248 dmserver - ok
23:08:00.0203 0248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:08:00.0203 0248 DMusic - ok
23:08:00.0296 0248 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:08:00.0296 0248 Dnscache - ok
23:08:00.0359 0248 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:08:00.0359 0248 Dot3svc - ok
23:08:00.0406 0248 dpti2o - ok
23:08:00.0500 0248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:08:00.0500 0248 drmkaud - ok
23:08:00.0546 0248 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:08:00.0546 0248 EapHost - ok
23:08:00.0734 0248 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:08:00.0750 0248 eeCtrl - ok
23:08:00.0937 0248 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
23:08:00.0937 0248 ehRecvr - ok
23:08:00.0968 0248 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
23:08:00.0968 0248 ehSched - ok
23:08:01.0156 0248 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:08:01.0156 0248 EraserUtilRebootDrv - ok
23:08:01.0281 0248 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:08:01.0281 0248 ERSvc - ok
23:08:01.0343 0248 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:08:01.0343 0248 Eventlog - ok
23:08:01.0390 0248 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:08:01.0390 0248 EventSystem - ok
23:08:01.0515 0248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:08:01.0515 0248 Fastfat - ok
23:08:01.0609 0248 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:08:01.0609 0248 FastUserSwitchingCompatibility - ok
23:08:01.0703 0248 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
23:08:01.0703 0248 Fax - ok
23:08:01.0875 0248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:08:01.0890 0248 Fdc - ok
23:08:01.0937 0248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:08:01.0937 0248 Fips - ok
23:08:02.0000 0248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:08:02.0000 0248 Flpydisk - ok
23:08:02.0046 0248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:08:02.0046 0248 FltMgr - ok
23:08:02.0093 0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:08:02.0093 0248 Fs_Rec - ok
23:08:02.0125 0248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:08:02.0125 0248 Ftdisk - ok
23:08:02.0187 0248 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
23:08:02.0187 0248 ftsata2 - ok
23:08:02.0250 0248 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:08:02.0250 0248 GEARAspiWDM - ok
23:08:02.0328 0248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:08:02.0328 0248 Gpc - ok
23:08:02.0437 0248 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:08:02.0437 0248 helpsvc - ok
23:08:02.0531 0248 HidServ - ok
23:08:02.0640 0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:08:02.0640 0248 HidUsb - ok
23:08:02.0687 0248 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:08:02.0687 0248 hkmsvc - ok
23:08:02.0750 0248 hpn - ok
23:08:02.0953 0248 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:08:02.0953 0248 hpqcxs08 - ok
23:08:03.0000 0248 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:08:03.0000 0248 hpqddsvc - ok
23:08:03.0234 0248 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:08:03.0234 0248 HPZid412 - ok
23:08:03.0281 0248 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:08:03.0281 0248 HPZipr12 - ok
23:08:03.0343 0248 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:08:03.0343 0248 HPZius12 - ok
23:08:03.0437 0248 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:08:03.0437 0248 HSFHWBS2 - ok
23:08:03.0500 0248 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:08:03.0515 0248 HSF_DP - ok
23:08:03.0593 0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:08:03.0593 0248 HTTP - ok
23:08:03.0687 0248 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:08:03.0687 0248 HTTPFilter - ok
23:08:03.0765 0248 i2omgmt - ok
23:08:03.0796 0248 i2omp - ok
23:08:03.0875 0248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:08:03.0875 0248 i8042prt - ok
23:08:03.0968 0248 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:08:03.0984 0248 iaStor - ok
23:08:04.0140 0248 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:08:04.0140 0248 IDriverT - ok
23:08:04.0468 0248 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSxpx86.sys
23:08:04.0468 0248 IDSxpx86 - ok
23:08:04.0703 0248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:08:04.0703 0248 Imapi - ok
23:08:04.0796 0248 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:08:04.0796 0248 ImapiService - ok
23:08:04.0953 0248 ini910u - ok
23:08:05.0062 0248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:08:05.0078 0248 IntelIde - ok
23:08:05.0125 0248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:08:05.0125 0248 intelppm - ok
23:08:05.0171 0248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:08:05.0171 0248 Ip6Fw - ok
23:08:05.0218 0248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:08:05.0218 0248 IpFilterDriver - ok
23:08:05.0281 0248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:08:05.0281 0248 IpInIp - ok
23:08:05.0343 0248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:08:05.0343 0248 IpNat - ok
23:08:05.0468 0248 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
23:08:05.0484 0248 iPod Service - ok
23:08:05.0671 0248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:08:05.0671 0248 IPSec - ok
23:08:05.0734 0248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:08:05.0734 0248 IRENUM - ok
23:08:05.0828 0248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:08:05.0828 0248 isapnp - ok
23:08:06.0015 0248 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:08:06.0015 0248 JavaQuickStarterService - ok
23:08:06.0046 0248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:08:06.0046 0248 Kbdclass - ok
23:08:06.0109 0248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:08:06.0109 0248 kmixer - ok
23:08:06.0171 0248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:08:06.0171 0248 KSecDD - ok
23:08:06.0265 0248 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:08:06.0265 0248 lanmanserver - ok
23:08:06.0343 0248 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:08:06.0343 0248 lanmanworkstation - ok
23:08:06.0421 0248 lbrtfdc - ok
23:08:06.0640 0248 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:08:06.0640 0248 LightScribeService - ok
23:08:06.0734 0248 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:08:06.0734 0248 LmHosts - ok
23:08:06.0843 0248 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:08:06.0843 0248 MBAMProtector - ok
23:08:06.0953 0248 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:08:06.0953 0248 MBAMService - ok
23:08:07.0125 0248 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
23:08:07.0125 0248 McrdSvc - ok
23:08:07.0312 0248 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:08:07.0312 0248 MDM - ok
23:08:07.0484 0248 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:08:07.0484 0248 mdmxsdk - ok
23:08:07.0578 0248 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:08:07.0578 0248 Messenger - ok
23:08:07.0671 0248 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
23:08:07.0671 0248 MHN - ok
23:08:07.0796 0248 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:08:07.0796 0248 MHNDRV - ok
23:08:07.0859 0248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:08:07.0859 0248 mnmdd - ok
23:08:07.0953 0248 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:08:07.0953 0248 mnmsrvc - ok
23:08:08.0015 0248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:08:08.0015 0248 Modem - ok
23:08:08.0046 0248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:08:08.0046 0248 Mouclass - ok
23:08:08.0093 0248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:08:08.0093 0248 MountMgr - ok
23:08:08.0125 0248 mraid35x - ok
23:08:08.0171 0248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:08:08.0171 0248 MRxDAV - ok
23:08:08.0265 0248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:08:08.0265 0248 MRxSmb - ok
23:08:08.0328 0248 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:08:08.0328 0248 MSDTC - ok
23:08:08.0437 0248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:08:08.0437 0248 Msfs - ok
23:08:08.0500 0248 MSIServer - ok
23:08:08.0578 0248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:08:08.0578 0248 MSKSSRV - ok
23:08:08.0625 0248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:08:08.0625 0248 MSPCLOCK - ok
23:08:08.0656 0248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:08:08.0656 0248 MSPQM - ok
23:08:08.0718 0248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:08:08.0734 0248 mssmbios - ok
23:08:08.0796 0248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:08:08.0796 0248 Mup - ok
23:08:08.0953 0248 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
23:08:08.0953 0248 N360 - ok
23:08:09.0140 0248 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:08:09.0140 0248 napagent - ok
23:08:09.0468 0248 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVENG.SYS
23:08:09.0468 0248 NAVENG - ok
23:08:09.0562 0248 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.025\NAVEX15.SYS
23:08:09.0562 0248 NAVEX15 - ok
23:08:09.0812 0248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:08:09.0812 0248 NDIS - ok
23:08:09.0890 0248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:08:09.0890 0248 NdisTapi - ok
23:08:09.0953 0248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:08:09.0953 0248 Ndisuio - ok
23:08:10.0015 0248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:08:10.0015 0248 NdisWan - ok
23:08:10.0093 0248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:08:10.0093 0248 NDProxy - ok
23:08:10.0171 0248 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
23:08:10.0171 0248 Net Driver HPZ12 - ok
23:08:10.0265 0248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:08:10.0265 0248 NetBIOS - ok
23:08:10.0359 0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:08:10.0359 0248 NetBT - ok
23:08:10.0421 0248 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:08:10.0421 0248 NetDDE - ok
23:08:10.0453 0248 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:08:10.0453 0248 NetDDEdsdm - ok
23:08:10.0500 0248 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:10.0515 0248 Netlogon - ok
23:08:10.0562 0248 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:08:10.0578 0248 Netman - ok
23:08:10.0625 0248 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
23:08:10.0625 0248 NetworkX - ok
23:08:10.0718 0248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:08:10.0718 0248 NIC1394 - ok
23:08:10.0812 0248 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:08:10.0812 0248 Nla - ok
23:08:10.0859 0248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:08:10.0859 0248 Npfs - ok
23:08:10.0906 0248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:08:10.0921 0248 Ntfs - ok
23:08:10.0984 0248 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:10.0984 0248 NtLmSsp - ok
23:08:11.0062 0248 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:08:11.0062 0248 NtmsSvc - ok
23:08:11.0171 0248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:08:11.0171 0248 Null - ok
23:08:11.0218 0248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:08:11.0218 0248 NwlnkFlt - ok
23:08:11.0265 0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:08:11.0265 0248 NwlnkFwd - ok
23:08:11.0343 0248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:08:11.0343 0248 ohci1394 - ok
23:08:11.0531 0248 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:11.0531 0248 ose - ok
23:08:11.0765 0248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:08:11.0765 0248 Parport - ok
23:08:11.0812 0248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:08:11.0812 0248 PartMgr - ok
23:08:11.0906 0248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:08:11.0906 0248 ParVdm - ok
23:08:11.0937 0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:08:11.0937 0248 PCI - ok
23:08:11.0968 0248 PCIDump - ok
23:08:12.0015 0248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:08:12.0015 0248 PCIIde - ok
23:08:12.0046 0248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:08:12.0046 0248 Pcmcia - ok
23:08:12.0093 0248 PDCOMP - ok
23:08:12.0140 0248 PDFRAME - ok
23:08:12.0171 0248 PDRELI - ok
23:08:12.0203 0248 PDRFRAME - ok
23:08:12.0250 0248 perc2 - ok
23:08:12.0281 0248 perc2hib - ok
23:08:12.0421 0248 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:08:12.0421 0248 PlugPlay - ok
23:08:12.0500 0248 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
23:08:12.0500 0248 Pml Driver HPZ12 - ok
23:08:12.0578 0248 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:12.0578 0248 PolicyAgent - ok
23:08:12.0703 0248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:08:12.0703 0248 PptpMiniport - ok
23:08:12.0750 0248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:08:12.0750 0248 Processor - ok
23:08:12.0812 0248 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:12.0812 0248 ProtectedStorage - ok
23:08:12.0906 0248 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
23:08:12.0906 0248 Ps2 - ok
23:08:12.0968 0248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:08:12.0968 0248 PSched - ok
23:08:13.0015 0248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:08:13.0031 0248 Ptilink - ok
23:08:13.0078 0248 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:08:13.0078 0248 PxHelp20 - ok
23:08:13.0125 0248 ql1080 - ok
23:08:13.0156 0248 Ql10wnt - ok
23:08:13.0203 0248 ql12160 - ok
23:08:13.0234 0248 ql1240 - ok
23:08:13.0265 0248 ql1280 - ok
23:08:13.0312 0248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:08:13.0312 0248 RasAcd - ok
23:08:13.0375 0248 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:08:13.0390 0248 RasAuto - ok
23:08:13.0453 0248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:08:13.0453 0248 Rasl2tp - ok
23:08:13.0500 0248 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:08:13.0500 0248 RasMan - ok
23:08:13.0531 0248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:08:13.0531 0248 RasPppoe - ok
23:08:13.0609 0248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:08:13.0609 0248 Raspti - ok
23:08:13.0671 0248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:08:13.0671 0248 Rdbss - ok
23:08:13.0718 0248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:08:13.0718 0248 RDPCDD - ok
23:08:13.0781 0248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:08:13.0796 0248 rdpdr - ok
23:08:13.0875 0248 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:08:13.0875 0248 RDPWD - ok
23:08:13.0921 0248 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:08:13.0937 0248 RDSessMgr - ok
23:08:13.0968 0248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:08:13.0968 0248 redbook - ok
23:08:14.0046 0248 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:08:14.0046 0248 RemoteAccess - ok
23:08:14.0140 0248 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:08:14.0140 0248 RemoteRegistry - ok
23:08:14.0203 0248 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:08:14.0203 0248 RpcLocator - ok
23:08:14.0281 0248 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:08:14.0281 0248 RpcSs - ok
23:08:14.0359 0248 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:08:14.0359 0248 RSVP - ok
23:08:14.0468 0248 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:08:14.0468 0248 RTL8023xp - ok
23:08:14.0531 0248 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:08:14.0531 0248 rtl8139 - ok
23:08:14.0593 0248 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:08:14.0593 0248 SamSs - ok
23:08:14.0671 0248 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:08:14.0671 0248 SCardSvr - ok
23:08:14.0734 0248 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:08:14.0750 0248 Schedule - ok
23:08:14.0859 0248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:08:14.0859 0248 Secdrv - ok
23:08:14.0937 0248 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:08:14.0937 0248 seclogon - ok
23:08:14.0968 0248 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:08:14.0968 0248 SENS - ok
23:08:15.0093 0248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:08:15.0093 0248 Serial - ok
23:08:15.0140 0248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:08:15.0140 0248 Sfloppy - ok
23:08:15.0218 0248 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:08:15.0218 0248 SharedAccess - ok
23:08:15.0296 0248 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:08:15.0312 0248 ShellHWDetection - ok
23:08:15.0390 0248 Simbad - ok
23:08:15.0437 0248 Sparrow - ok
23:08:15.0500 0248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:08:15.0500 0248 splitter - ok
23:08:15.0562 0248 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:08:15.0578 0248 Spooler - ok
23:08:15.0656 0248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:08:15.0656 0248 sr - ok
23:08:15.0718 0248 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:08:15.0718 0248 srservice - ok
23:08:15.0875 0248 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
23:08:15.0890 0248 SRTSP - ok
23:08:15.0953 0248 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
23:08:15.0953 0248 SRTSPX - ok
23:08:16.0046 0248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:08:16.0046 0248 Srv - ok
23:08:16.0109 0248 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:08:16.0125 0248 SSDPSRV - ok
23:08:16.0187 0248 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:08:16.0187 0248 stisvc - ok
23:08:16.0265 0248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:08:16.0265 0248 swenum - ok
23:08:16.0312 0248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:08:16.0312 0248 swmidi - ok
23:08:16.0359 0248 SwPrv - ok
23:08:16.0421 0248 symc810 - ok
23:08:16.0453 0248 symc8xx - ok
23:08:16.0546 0248 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
23:08:16.0546 0248 SymDS - ok
23:08:16.0625 0248 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
23:08:16.0625 0248 SymEFA - ok
23:08:16.0703 0248 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:08:16.0703 0248 SymEvent - ok
23:08:16.0750 0248 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
23:08:16.0750 0248 SymIRON - ok
23:08:16.0843 0248 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
23:08:16.0859 0248 SYMTDI - ok
23:08:16.0906 0248 sym_hi - ok
23:08:16.0937 0248 sym_u3 - ok
23:08:17.0015 0248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:08:17.0015 0248 sysaudio - ok
23:08:17.0062 0248 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:08:17.0078 0248 SysmonLog - ok
23:08:17.0140 0248 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:08:17.0140 0248 TapiSrv - ok
23:08:17.0265 0248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:08:17.0281 0248 Tcpip - ok
23:08:17.0343 0248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:08:17.0343 0248 TDPIPE - ok
23:08:17.0390 0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:08:17.0390 0248 TDTCP - ok
23:08:17.0453 0248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:08:17.0453 0248 TermDD - ok
23:08:17.0546 0248 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:08:17.0546 0248 TermService - ok
23:08:17.0625 0248 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:08:17.0625 0248 Themes - ok
23:08:17.0703 0248 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:08:17.0703 0248 TlntSvr - ok
23:08:17.0750 0248 TosIde - ok
23:08:17.0828 0248 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:08:17.0828 0248 TrkWks - ok
23:08:17.0906 0248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:08:17.0921 0248 Udfs - ok
23:08:17.0968 0248 ujpcjh - ok
23:08:18.0000 0248 ultra - ok
23:08:18.0046 0248 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
23:08:18.0046 0248 UMWdf - ok
23:08:18.0125 0248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:08:18.0140 0248 Update - ok
23:08:18.0218 0248 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:08:18.0218 0248 upnphost - ok
23:08:18.0265 0248 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:08:18.0265 0248 UPS - ok
23:08:18.0375 0248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:08:18.0375 0248 usbaudio - ok
23:08:18.0437 0248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:08:18.0437 0248 usbccgp - ok
23:08:18.0500 0248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:08:18.0500 0248 usbehci - ok
23:08:18.0578 0248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:08:18.0578 0248 usbhub - ok
23:08:18.0625 0248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:08:18.0625 0248 usbohci - ok
23:08:18.0687 0248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:08:18.0687 0248 usbprint - ok
23:08:18.0734 0248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:08:18.0734 0248 usbscan - ok
23:08:18.0781 0248 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:08:18.0781 0248 usbstor - ok
23:08:18.0843 0248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:08:18.0843 0248 usbuhci - ok
23:08:18.0906 0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:08:18.0906 0248 VgaSave - ok
23:08:18.0953 0248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:08:18.0953 0248 ViaIde - ok
23:08:18.0984 0248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:08:18.0984 0248 VolSnap - ok
23:08:19.0046 0248 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:08:19.0046 0248 VSS - ok
23:08:19.0093 0248 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:08:19.0109 0248 W32Time - ok
23:08:19.0234 0248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:08:19.0234 0248 Wanarp - ok
23:08:19.0265 0248 WDICA - ok
23:08:19.0312 0248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:08:19.0312 0248 wdmaud - ok
23:08:19.0390 0248 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:08:19.0390 0248 WebClient - ok
23:08:19.0484 0248 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:08:19.0484 0248 winachsf - ok
23:08:19.0625 0248 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:08:19.0625 0248 winmgmt - ok
23:08:19.0734 0248 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
23:08:19.0734 0248 WmdmPmSN - ok
23:08:19.0812 0248 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:08:19.0812 0248 Wmi - ok
23:08:19.0953 0248 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:08:19.0953 0248 WmiApSrv - ok
23:08:20.0000 0248 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:08:20.0015 0248 wuauserv - ok
23:08:20.0109 0248 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:08:20.0125 0248 WZCSVC - ok
23:08:20.0171 0248 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:08:20.0171 0248 xmlprov - ok
23:08:20.0250 0248 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
23:08:20.0296 0248 \Device\Harddisk0\DR0 - ok
23:08:20.0328 0248 Boot (0x1200) (d06af46b36c165e23698ab088ea76500) \Device\Harddisk0\DR0\Partition0
23:08:20.0328 0248 \Device\Harddisk0\DR0\Partition0 - ok
23:08:20.0343 0248 Boot (0x1200) (2aa93d102a4fda4da17780d18899bfa1) \Device\Harddisk0\DR0\Partition1
23:08:20.0343 0248 \Device\Harddisk0\DR0\Partition1 - ok
23:08:20.0343 0248 ============================================================
23:08:20.0343 0248 Scan finished
23:08:20.0343 0248 ============================================================
23:08:20.0406 0240 Detected object count: 0
23:08:20.0406 0240 Actual detected object count: 0
 
Good :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
MBR Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 23:19:42
-----------------------------
23:19:42.406 OS Version: Windows 5.1.2600 Service Pack 3
23:19:42.406 Number of processors: 1 586 0x2701
23:19:42.406 ComputerName: JAII UserName:
23:19:44.828 Initialize success
23:21:48.921 AVAST engine defs: 12032901
23:22:08.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:22:08.828 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
23:22:08.859 Disk 0 MBR read successfully
23:22:08.890 Disk 0 MBR scan
23:22:08.921 Disk 0 unknown MBR code
23:22:08.937 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8714 MB offset 63
23:22:08.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182064 MB offset 17848215
23:22:09.000 Disk 0 malicious Win32:MBRoot code @ sector 61 !
23:22:09.031 Disk 0 PE file @ sector 390716865 !
23:22:09.109 Disk 0 scanning C:\WINDOWS\system32\drivers
23:22:20.500 Service scanning
23:22:44.906 Modules scanning
23:22:52.015 Disk 0 trace - called modules:
23:22:52.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:22:52.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863109c0]
23:22:52.031 3 CLASSPNP.SYS[f76c3fd7] -> nt!IofCallDriver -> \Device\0000006f[0x863df030]
23:22:52.031 5 ACPI.sys[f761a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863d0940]
23:22:52.390 AVAST engine scan C:\WINDOWS
23:23:09.093 AVAST engine scan C:\WINDOWS\system32
23:25:37.937 AVAST engine scan C:\WINDOWS\system32\drivers
23:25:57.656 AVAST engine scan C:\Documents and Settings\Administrator
23:27:36.312 AVAST engine scan C:\Documents and Settings\All Users
23:28:37.187 Scan finished successfully
23:28:52.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
23:28:52.578 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
 
Bootkit Rmvr

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00
Boot sector MD5 is: 04bb945744f67e09eac699dea7655d04

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
bootkit log

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00
Boot sector MD5 is: 04bb945744f67e09eac699dea7655d04

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
The MyHouse Doom 2 mod is a masterpiece of creepy map editing
Replies
4
Views
780
loki1944
L
SymBio
Solved I think somebody is remote controling my PC
2 3
Replies
55
Views
15K
akinBabs
akinBabs
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz

Latest posts

Back