Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[URGENT] Google redirects fixed, now BSODs


  • This topic is locked This topic is locked
16 replies to this topic

#1 YuukoAmamiya

YuukoAmamiya

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 March 2012 - 10:11 PM

Hi, I recently stumbled upon the Google redirect malware/virus earlier today when my computer suddenly decided to reboot on its own. Luckily I seem to be able to resolve that problem using a tdss fix from symantec. However, ever since that fix, my laptop now decides to simply crash on me with a blue screen of death (BSOD) every 15-30 minutes after start up. I've also noticed that my computer startup via normal boot takes quite a while now compared to yesterday and thus leads me to believe that something deadly is still sitting on my computer. However, the BSOD currently prevents me from running a full virus scan or anti-malware/spyware scan unless I'm in safe mode.

So the problem is, I'm a complete beginner when it comes to dealing with BSODs and thus would like some serious help resolving this issue. As this is the only computer that is available to me and a few others whom share it with me, and because I have a lot of work files on here that are non-transferable due to size and a lack of external drive space, reformatting is out of the question and of course, this problem needs to resolved ASAP.

Here are the specs of my computer:
Brand: ASUS
Model: N53jf-XE1
Windows 7, 64-bit

The laptop is barely a year old so I don't think it's a hardware issue.

And here is the other problems regarding the BSOD:
kdcom.dll seemed be the file listed with error codes:
0x109 CRITICAL_STRUCTURE_CORRUPTION
parameter 4: 0x01


DDS LOG
----------------------------------
----------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Yuuko Amamiya at 22:05:13 on 2012-03-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3884.2229 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = astroburn-search.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Yuuko Amamiya\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
uRun: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 71.242.0.12 68.237.161.12
TCP: Interfaces\{5CE27D57-DA68-4A29-B9D7-38B955CCA12C} : DhcpNameServer = 71.242.0.12 68.237.161.12
TCP: Interfaces\{A47647E1-C686-442F-BD11-9E0D47E2000A} : DhcpNameServer = 71.242.0.12 68.237.161.12
TCP: Interfaces\{A61CD5C7-3D4F-477B-B77D-5246215A3C2C} : DhcpNameServer = 10.181.0.136 10.181.0.135 128.220.2.7 128.220.2.82
TCP: Interfaces\{A61CD5C7-3D4F-477B-B77D-5246215A3C2C}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134
TCP: Interfaces\{C17400A7-1138-4220-880D-787714C41E51} : DhcpNameServer = 71.242.0.12 68.237.161.12
TCP: Interfaces\{DD23D13E-AAAF-46D8-A8A3-5AFD27CBAF76} : DhcpNameServer = 71.242.0.12 68.237.161.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yuuko Amamiya\AppData\Roaming\Mozilla\Firefox\Profiles\hsvj5q8b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Yuuko Amamiya\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\system32\drivers\FixTDSS.sys --> C:\Windows\system32\drivers\FixTDSS.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-10-13 1832072]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 135664]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-11 8192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-23 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-09 02:38:53 388096 ----a-r- C:\Users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 02:38:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-09 01:58:27 -------- d-----w- C:\Users\Yuuko Amamiya\AppData\Roaming\Systweak
2012-03-08 23:02:27 17984 ----a-w- C:\Windows\System32\kdcomBACKUP.dll
2012-03-08 23:02:27 17984 ----a-w- C:\Windows\System32\kdcom.dll
2012-03-08 19:33:59 -------- d-----w- C:\Users\Yuuko Amamiya\AppData\Roaming\FixTDSS
2012-03-08 19:33:58 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys
2012-03-08 07:41:09 20480 ----a-w- C:\Windows\svchost.exe
2012-03-02 04:21:51 40960 ----a-r- C:\Users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-03-02 04:21:51 40960 ----a-r- C:\Users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-02-21 17:44:16 -------- d-----w- C:\ProgramData\Astroburn Lite
2012-02-13 02:09:55 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-02-12 04:54:55 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2012-02-12 04:54:55 151552 ----a-w- C:\Windows\KMService.exe
.
==================== Find3M ====================
.
2012-03-08 20:30:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 22:06:51.84 ===============

EDIT: I have ran Malwarebyte's Anti-Malware and results had 0 infected files found.

Attached Files


Edited by YuukoAmamiya, 08 March 2012 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 09 March 2012 - 08:10 PM

Hi,

Please do the following:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 10 March 2012 - 08:37 AM

Thanks for the reply. Please find the 2 logs requested below as well as the MBR.dat attachment

I would also like to note that during the aswMBR scan, my Symantec Antivirus flagged a number of the Avast definitions as trojans and quarantined them. What should I do with these?

TDSSKiller log:

18:37:44.0636 5920 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:37:45.0194 5920 ============================================================
18:37:45.0194 5920 Current date / time: 2012/03/09 18:37:45.0194
18:37:45.0194 5920 SystemInfo:
18:37:45.0194 5920
18:37:45.0194 5920 OS Version: 6.1.7600 ServicePack: 0.0
18:37:45.0194 5920 Product type: Workstation
18:37:45.0194 5920 ComputerName: YUUKOAMAMIYA-PC
18:37:45.0195 5920 UserName: Yuuko Amamiya
18:37:45.0195 5920 Windows directory: C:\Windows
18:37:45.0195 5920 System windows directory: C:\Windows
18:37:45.0195 5920 Running under WOW64
18:37:45.0195 5920 Processor architecture: Intel x64
18:37:45.0195 5920 Number of processors: 4
18:37:45.0195 5920 Page size: 0x1000
18:37:45.0195 5920 Boot type: Normal boot
18:37:45.0195 5920 ============================================================
18:37:46.0148 5920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:46.0155 5920 \Device\Harddisk0\DR0:
18:37:46.0155 5920 MBR used
18:37:46.0155 5920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:37:46.0173 5920 Initialize success
18:37:46.0173 5920 ============================================================
18:37:52.0586 4660 ============================================================
18:37:52.0586 4660 Scan started
18:37:52.0586 4660 Mode: Manual; SigCheck; TDLFS;
18:37:52.0586 4660 ============================================================
18:37:54.0339 4660 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:37:54.0552 4660 1394ohci - ok
18:37:54.0612 4660 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:37:54.0639 4660 ACPI - ok
18:37:54.0682 4660 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:37:54.0812 4660 AcpiPmi - ok
18:37:54.0857 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:37:54.0936 4660 adp94xx - ok
18:37:54.0968 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:37:55.0036 4660 adpahci - ok
18:37:55.0093 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:37:55.0172 4660 adpu320 - ok
18:37:55.0251 4660 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:37:55.0473 4660 AFD - ok
18:37:55.0506 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:37:55.0563 4660 agp440 - ok
18:37:55.0623 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:37:55.0681 4660 aliide - ok
18:37:55.0733 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:37:55.0804 4660 amdide - ok
18:37:55.0854 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:37:55.0943 4660 AmdK8 - ok
18:37:55.0963 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:37:56.0002 4660 AmdPPM - ok
18:37:56.0036 4660 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:37:56.0064 4660 amdsata - ok
18:37:56.0093 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:37:56.0173 4660 amdsbs - ok
18:37:56.0220 4660 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:37:56.0244 4660 amdxata - ok
18:37:56.0281 4660 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:37:56.0438 4660 AppID - ok
18:37:56.0481 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:37:56.0540 4660 arc - ok
18:37:56.0574 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:37:56.0689 4660 arcsas - ok
18:37:56.0765 4660 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:37:56.0947 4660 ASMMAP64 - ok
18:37:56.0983 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:37:57.0052 4660 AsyncMac - ok
18:37:57.0099 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:37:57.0124 4660 atapi - ok
18:37:57.0182 4660 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
18:37:57.0343 4660 athr - ok
18:37:57.0391 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:37:57.0510 4660 b06bdrv - ok
18:37:57.0531 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:37:57.0594 4660 b57nd60a - ok
18:37:57.0627 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:37:57.0683 4660 Beep - ok
18:37:57.0781 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:37:57.0824 4660 blbdrive - ok
18:37:57.0862 4660 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:37:57.0930 4660 bowser - ok
18:37:57.0955 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:37:58.0047 4660 BrFiltLo - ok
18:37:58.0063 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:37:58.0163 4660 BrFiltUp - ok
18:37:58.0191 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:37:58.0259 4660 Brserid - ok
18:37:58.0283 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:37:58.0383 4660 BrSerWdm - ok
18:37:58.0403 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:37:58.0503 4660 BrUsbMdm - ok
18:37:58.0520 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:37:58.0598 4660 BrUsbSer - ok
18:37:58.0619 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:37:58.0718 4660 BTHMODEM - ok
18:37:58.0764 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:37:58.0849 4660 cdfs - ok
18:37:58.0898 4660 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:37:58.0934 4660 cdrom - ok
18:37:58.0986 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:37:59.0024 4660 circlass - ok
18:37:59.0059 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:37:59.0093 4660 CLFS - ok
18:37:59.0116 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:37:59.0146 4660 CmBatt - ok
18:37:59.0163 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:37:59.0224 4660 cmdide - ok
18:37:59.0271 4660 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:37:59.0328 4660 CNG - ok
18:37:59.0356 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:37:59.0375 4660 Compbatt - ok
18:37:59.0403 4660 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:37:59.0435 4660 CompositeBus - ok
18:37:59.0454 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:37:59.0502 4660 crcdisk - ok
18:37:59.0571 4660 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:37:59.0640 4660 DfsC - ok
18:37:59.0692 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:37:59.0750 4660 discache - ok
18:37:59.0783 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:37:59.0802 4660 Disk - ok
18:37:59.0853 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:37:59.0889 4660 drmkaud - ok
18:37:59.0929 4660 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
18:37:59.0987 4660 DXGKrnl - ok
18:38:00.0068 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:38:00.0300 4660 ebdrv - ok
18:38:00.0411 4660 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:38:00.0458 4660 eeCtrl - ok
18:38:00.0558 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:38:00.0611 4660 elxstor - ok
18:38:00.0671 4660 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:38:00.0749 4660 EraserUtilRebootDrv - ok
18:38:00.0787 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:38:00.0831 4660 ErrDev - ok
18:38:00.0865 4660 ETD (b73181411523d264ad7bec35b84716ab) C:\Windows\system32\DRIVERS\ETD.sys
18:38:00.0909 4660 ETD - ok
18:38:00.0938 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:01.0017 4660 exfat - ok
18:38:01.0041 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:01.0117 4660 fastfat - ok
18:38:01.0151 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:38:01.0243 4660 fdc - ok
18:38:01.0277 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:01.0295 4660 FileInfo - ok
18:38:01.0319 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:01.0387 4660 Filetrace - ok
18:38:01.0430 4660 FixTDSS (00940c5e43282206994659d16b4ac412) C:\Windows\system32\drivers\FixTDSS.sys
18:38:01.0444 4660 FixTDSS - ok
18:38:01.0479 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:01.0516 4660 flpydisk - ok
18:38:01.0542 4660 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:38:01.0567 4660 FltMgr - ok
18:38:01.0607 4660 FLxHCIc (480e31b064e6f7b4eaab8b00437298b6) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:38:01.0664 4660 FLxHCIc - ok
18:38:01.0681 4660 FLxHCIh (e9cf4c5a0c31197351f89a1df4522b96) C:\Windows\system32\DRIVERS\FLxHCIh.sys
18:38:01.0721 4660 FLxHCIh - ok
18:38:01.0749 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:01.0802 4660 FsDepends - ok
18:38:01.0847 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:01.0864 4660 Fs_Rec - ok
18:38:01.0904 4660 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:01.0931 4660 fvevol - ok
18:38:01.0948 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:38:02.0007 4660 gagp30kx - ok
18:38:02.0051 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:38:02.0067 4660 GEARAspiWDM - ok
18:38:02.0113 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:02.0166 4660 hcw85cir - ok
18:38:02.0191 4660 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:38:02.0242 4660 HdAudAddService - ok
18:38:02.0271 4660 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:38:02.0308 4660 HDAudBus - ok
18:38:02.0338 4660 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:38:02.0355 4660 HECIx64 - ok
18:38:02.0377 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:38:02.0416 4660 HidBatt - ok
18:38:02.0436 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:38:02.0480 4660 HidBth - ok
18:38:02.0498 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:38:02.0552 4660 HidIr - ok
18:38:02.0588 4660 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:02.0620 4660 HidUsb - ok
18:38:02.0656 4660 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:38:02.0708 4660 HpSAMD - ok
18:38:02.0766 4660 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:38:02.0857 4660 HTTP - ok
18:38:02.0872 4660 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:38:02.0888 4660 hwpolicy - ok
18:38:02.0917 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:38:02.0939 4660 i8042prt - ok
18:38:02.0984 4660 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:38:03.0007 4660 iaStor - ok
18:38:03.0029 4660 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:38:03.0101 4660 iaStorV - ok
18:38:03.0321 4660 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:38:03.0762 4660 igfx - ok
18:38:03.0800 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:38:03.0879 4660 iirsp - ok
18:38:03.0948 4660 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:38:03.0999 4660 Impcd - ok
18:38:04.0086 4660 IntcAzAudAddService (e02a55f45edb35641cb470a2cd56e74e) C:\Windows\system32\drivers\RTKVHD64.sys
18:38:04.0183 4660 IntcAzAudAddService - ok
18:38:04.0206 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:38:04.0258 4660 intelide - ok
18:38:04.0306 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:38:04.0344 4660 intelppm - ok
18:38:04.0378 4660 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:38:04.0446 4660 IpFilterDriver - ok
18:38:04.0495 4660 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:38:04.0540 4660 IPMIDRV - ok
18:38:04.0581 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:38:04.0650 4660 IPNAT - ok
18:38:04.0693 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:38:04.0784 4660 IRENUM - ok
18:38:04.0806 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:38:04.0836 4660 isapnp - ok
18:38:04.0870 4660 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:38:04.0932 4660 iScsiPrt - ok
18:38:04.0974 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:38:04.0992 4660 kbdclass - ok
18:38:05.0009 4660 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:38:05.0048 4660 kbdhid - ok
18:38:05.0074 4660 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:38:05.0088 4660 kbfiltr - ok
18:38:05.0128 4660 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:38:05.0147 4660 KSecDD - ok
18:38:05.0165 4660 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:38:05.0186 4660 KSecPkg - ok
18:38:05.0202 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:38:05.0265 4660 ksthunk - ok
18:38:05.0306 4660 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:38:05.0322 4660 L1C - ok
18:38:05.0365 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:38:05.0424 4660 lltdio - ok
18:38:05.0462 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:38:05.0522 4660 LSI_FC - ok
18:38:05.0562 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:38:05.0618 4660 LSI_SAS - ok
18:38:05.0655 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:38:05.0707 4660 LSI_SAS2 - ok
18:38:05.0752 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:38:05.0804 4660 LSI_SCSI - ok
18:38:05.0853 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:38:05.0923 4660 luafv - ok
18:38:05.0950 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:38:06.0003 4660 megasas - ok
18:38:06.0042 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:38:06.0078 4660 MegaSR - ok
18:38:06.0128 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:38:06.0201 4660 Modem - ok
18:38:06.0220 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:38:06.0256 4660 monitor - ok
18:38:06.0281 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:38:06.0299 4660 mouclass - ok
18:38:06.0327 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:38:06.0372 4660 mouhid - ok
18:38:06.0395 4660 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:38:06.0416 4660 mountmgr - ok
18:38:06.0439 4660 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:38:06.0518 4660 mpio - ok
18:38:06.0560 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:38:06.0623 4660 mpsdrv - ok
18:38:06.0660 4660 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:38:06.0702 4660 MRxDAV - ok
18:38:06.0729 4660 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:38:06.0773 4660 mrxsmb - ok
18:38:06.0798 4660 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:38:06.0832 4660 mrxsmb10 - ok
18:38:06.0855 4660 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:38:06.0885 4660 mrxsmb20 - ok
18:38:06.0908 4660 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:38:06.0928 4660 msahci - ok
18:38:06.0954 4660 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:38:07.0036 4660 msdsm - ok
18:38:07.0077 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:38:07.0167 4660 Msfs - ok
18:38:07.0246 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:38:07.0338 4660 mshidkmdf - ok
18:38:07.0439 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:38:07.0458 4660 msisadrv - ok
18:38:07.0499 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:38:07.0562 4660 MSKSSRV - ok
18:38:07.0631 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:38:07.0706 4660 MSPCLOCK - ok
18:38:07.0744 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:38:07.0806 4660 MSPQM - ok
18:38:07.0841 4660 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:38:07.0865 4660 MsRPC - ok
18:38:07.0895 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:38:07.0913 4660 mssmbios - ok
18:38:07.0941 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:38:07.0996 4660 MSTEE - ok
18:38:08.0021 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:38:08.0058 4660 MTConfig - ok
18:38:08.0094 4660 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:38:08.0108 4660 MTsensor - ok
18:38:08.0134 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:38:08.0158 4660 Mup - ok
18:38:08.0221 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:38:08.0266 4660 NativeWifiP - ok
18:38:08.0532 4660 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120309.002\ENG64.SYS
18:38:08.0552 4660 NAVENG - ok
18:38:08.0667 4660 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120309.002\EX64.SYS
18:38:08.0749 4660 NAVEX15 - ok
18:38:08.0847 4660 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:38:08.0916 4660 NDIS - ok
18:38:08.0946 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:38:09.0015 4660 NdisCap - ok
18:38:09.0051 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:38:09.0121 4660 NdisTapi - ok
18:38:09.0158 4660 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:38:09.0218 4660 Ndisuio - ok
18:38:09.0243 4660 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:38:09.0305 4660 NdisWan - ok
18:38:09.0331 4660 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:38:09.0394 4660 NDProxy - ok
18:38:09.0413 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:38:09.0474 4660 NetBIOS - ok
18:38:09.0497 4660 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:38:09.0573 4660 NetBT - ok
18:38:09.0611 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:38:09.0666 4660 nfrd960 - ok
18:38:09.0713 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:38:09.0771 4660 Npfs - ok
18:38:09.0797 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:38:09.0855 4660 nsiproxy - ok
18:38:09.0899 4660 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:38:09.0970 4660 Ntfs - ok
18:38:09.0988 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:38:10.0051 4660 Null - ok
18:38:10.0322 4660 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:38:10.0739 4660 nvlddmkm - ok
18:38:10.0765 4660 nvpciflt (91aa115e6bd2104d79cadd8b1cbaeb4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
18:38:10.0805 4660 nvpciflt - ok
18:38:10.0856 4660 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:38:10.0897 4660 nvraid - ok
18:38:10.0924 4660 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:38:10.0992 4660 nvstor - ok
18:38:11.0031 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:38:11.0100 4660 nv_agp - ok
18:38:11.0143 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:38:11.0184 4660 ohci1394 - ok
18:38:11.0233 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:38:11.0270 4660 Parport - ok
18:38:11.0292 4660 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:38:11.0310 4660 partmgr - ok
18:38:11.0331 4660 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:38:11.0352 4660 pci - ok
18:38:11.0373 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:38:11.0390 4660 pciide - ok
18:38:11.0410 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:38:11.0472 4660 pcmcia - ok
18:38:11.0512 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:38:11.0531 4660 pcw - ok
18:38:11.0571 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:38:11.0653 4660 PEAUTH - ok
18:38:11.0711 4660 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:38:11.0784 4660 PptpMiniport - ok
18:38:11.0806 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:38:11.0836 4660 Processor - ok
18:38:11.0862 4660 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:38:11.0936 4660 Psched - ok
18:38:11.0982 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:38:12.0156 4660 ql2300 - ok
18:38:12.0179 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:38:12.0237 4660 ql40xx - ok
18:38:12.0281 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:38:12.0336 4660 QWAVEdrv - ok
18:38:12.0357 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:38:12.0424 4660 RasAcd - ok
18:38:12.0466 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:38:12.0527 4660 RasAgileVpn - ok
18:38:12.0548 4660 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:38:12.0609 4660 Rasl2tp - ok
18:38:12.0645 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:38:12.0709 4660 RasPppoe - ok
18:38:12.0738 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:38:12.0801 4660 RasSstp - ok
18:38:12.0827 4660 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:38:12.0900 4660 rdbss - ok
18:38:12.0922 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:38:12.0965 4660 rdpbus - ok
18:38:12.0989 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:38:13.0051 4660 RDPCDD - ok
18:38:13.0110 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:38:13.0174 4660 RDPENCDD - ok
18:38:13.0194 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:38:13.0252 4660 RDPREFMP - ok
18:38:13.0294 4660 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:38:13.0367 4660 RDPWD - ok
18:38:13.0401 4660 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:38:13.0423 4660 rdyboost - ok
18:38:13.0459 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:38:13.0522 4660 rspndr - ok
18:38:13.0551 4660 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:38:13.0624 4660 sbp2port - ok
18:38:13.0671 4660 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:38:13.0740 4660 scfilter - ok
18:38:13.0803 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:38:13.0868 4660 secdrv - ok
18:38:13.0904 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:38:13.0935 4660 Serenum - ok
18:38:13.0970 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:38:14.0009 4660 Serial - ok
18:38:14.0060 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:38:14.0136 4660 sermouse - ok
18:38:14.0174 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:38:14.0208 4660 sffdisk - ok
18:38:14.0237 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:38:14.0264 4660 sffp_mmc - ok
18:38:14.0292 4660 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:38:14.0329 4660 sffp_sd - ok
18:38:14.0358 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:38:14.0396 4660 sfloppy - ok
18:38:14.0449 4660 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:38:14.0491 4660 SiSGbeLH - ok
18:38:14.0524 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:38:14.0550 4660 SiSRaid2 - ok
18:38:14.0590 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:38:14.0639 4660 SiSRaid4 - ok
18:38:14.0676 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:38:14.0802 4660 Smb - ok
18:38:14.0889 4660 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:38:14.0976 4660 SNP2UVC - ok
18:38:15.0009 4660 speedfan - ok
18:38:15.0032 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:38:15.0050 4660 spldr - ok
18:38:15.0087 4660 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
18:38:15.0112 4660 SRTSP - ok
18:38:15.0141 4660 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
18:38:15.0181 4660 SRTSPL - ok
18:38:15.0206 4660 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
18:38:15.0220 4660 SRTSPX - ok
18:38:15.0246 4660 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
18:38:15.0296 4660 srv - ok
18:38:15.0323 4660 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
18:38:15.0358 4660 srv2 - ok
18:38:15.0383 4660 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
18:38:15.0418 4660 srvnet - ok
18:38:15.0473 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:38:15.0536 4660 stexstor - ok
18:38:15.0577 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:38:15.0597 4660 swenum - ok
18:38:15.0646 4660 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:38:15.0674 4660 SymEvent - ok
18:38:15.0756 4660 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
18:38:15.0839 4660 Tcpip - ok
18:38:15.0888 4660 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
18:38:15.0939 4660 TCPIP6 - ok
18:38:15.0964 4660 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:38:16.0021 4660 tcpipreg - ok
18:38:16.0091 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:38:16.0167 4660 TDPIPE - ok
18:38:16.0204 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:38:16.0267 4660 TDTCP - ok
18:38:16.0294 4660 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:38:16.0345 4660 tdx - ok
18:38:16.0368 4660 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
18:38:16.0408 4660 Teefer2 - ok
18:38:16.0462 4660 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:38:16.0484 4660 TermDD - ok
18:38:16.0524 4660 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:38:16.0591 4660 tssecsrv - ok
18:38:16.0647 4660 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:38:16.0709 4660 tunnel - ok
18:38:16.0774 4660 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
18:38:16.0791 4660 TurboB - ok
18:38:16.0823 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:38:16.0876 4660 uagp35 - ok
18:38:16.0936 4660 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:38:17.0026 4660 udfs - ok
18:38:17.0062 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:38:17.0114 4660 uliagpkx - ok
18:38:17.0183 4660 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:38:17.0223 4660 umbus - ok
18:38:17.0259 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:38:17.0299 4660 UmPass - ok
18:38:17.0365 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:38:17.0413 4660 USBAAPL64 - ok
18:38:17.0432 4660 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:38:17.0466 4660 usbccgp - ok
18:38:17.0492 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:38:17.0539 4660 usbcir - ok
18:38:17.0559 4660 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:38:17.0599 4660 usbehci - ok
18:38:17.0637 4660 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:38:17.0683 4660 usbhub - ok
18:38:17.0701 4660 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:38:17.0762 4660 usbohci - ok
18:38:17.0807 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:38:17.0872 4660 usbprint - ok
18:38:17.0921 4660 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:38:17.0968 4660 usbscan - ok
18:38:17.0985 4660 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:38:18.0019 4660 USBSTOR - ok
18:38:18.0041 4660 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:38:18.0067 4660 usbuhci - ok
18:38:18.0091 4660 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
18:38:18.0135 4660 usbvideo - ok
18:38:18.0173 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:38:18.0190 4660 vdrvroot - ok
18:38:18.0211 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:38:18.0241 4660 vga - ok
18:38:18.0266 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:38:18.0326 4660 VgaSave - ok
18:38:18.0349 4660 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:38:18.0418 4660 vhdmp - ok
18:38:18.0462 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:38:18.0519 4660 viaide - ok
18:38:18.0545 4660 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:38:18.0567 4660 volmgr - ok
18:38:18.0592 4660 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:38:18.0618 4660 volmgrx - ok
18:38:18.0647 4660 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:38:18.0671 4660 volsnap - ok
18:38:18.0695 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:38:18.0754 4660 vsmraid - ok
18:38:18.0796 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:38:18.0832 4660 vwifibus - ok
18:38:18.0856 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:38:18.0892 4660 vwififlt - ok
18:38:18.0912 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:38:18.0941 4660 WacomPen - ok
18:38:18.0978 4660 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:19.0038 4660 WANARP - ok
18:38:19.0055 4660 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:19.0105 4660 Wanarpv6 - ok
18:38:19.0151 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:38:19.0209 4660 Wd - ok
18:38:19.0260 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:38:19.0311 4660 Wdf01000 - ok
18:38:19.0347 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:38:19.0397 4660 WfpLwf - ok
18:38:19.0437 4660 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:38:19.0504 4660 WimFltr - ok
18:38:19.0539 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:38:19.0597 4660 WIMMount - ok
18:38:19.0687 4660 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:38:19.0720 4660 WinUsb - ok
18:38:19.0772 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:38:19.0810 4660 WmiAcpi - ok
18:38:19.0848 4660 WPS (37725ebe2f8972809903a10599c365a2) C:\Windows\system32\drivers\wpsdrvnt.sys
18:38:19.0893 4660 WPS - ok
18:38:19.0949 4660 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
18:38:20.0023 4660 WpsHelper - ok
18:38:20.0060 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:38:20.0133 4660 ws2ifsl - ok
18:38:20.0161 4660 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:38:20.0224 4660 WudfPf - ok
18:38:20.0249 4660 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:38:20.0318 4660 WUDFRd - ok
18:38:20.0376 4660 X6va003 - ok
18:38:20.0403 4660 X6va005 - ok
18:38:20.0424 4660 X6va006 - ok
18:38:20.0460 4660 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
18:38:20.0489 4660 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:38:20.0675 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:38:20.0675 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:38:20.0682 4660 Boot (0x1200) (e91eb97ee303fb9c11e4f504bd566f69) \Device\Harddisk0\DR0\Partition0
18:38:20.0684 4660 \Device\Harddisk0\DR0\Partition0 - ok
18:38:20.0685 4660 ============================================================
18:38:20.0685 4660 Scan finished
18:38:20.0685 4660 ============================================================
18:38:20.0709 4740 Detected object count: 1
18:38:20.0709 4740 Actual detected object count: 1
18:38:27.0609 4740 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:38:27.0609 4740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:38:29.0507 2760 Deinitialize success


-----------------------------------

aswMBR log:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 22:34:16
-----------------------------
22:34:16.483 OS Version: Windows x64 6.1.7600
22:34:16.483 Number of processors: 4 586 0x2505
22:34:16.485 ComputerName: YUUKOAMAMIYA-PC UserName: Yuuko Amamiya
22:34:19.467 Initialize success
22:42:53.753 AVAST engine defs: 12030900
22:44:32.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:44:32.810 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:44:32.839 Disk 0 MBR read successfully
22:44:32.844 Disk 0 MBR scan
22:44:32.852 Disk 0 Windows 7 default MBR code
22:44:32.857 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
22:44:32.880 Disk 0 scanning C:\Windows\system32\drivers
22:44:44.167 Service scanning
22:45:08.352 Modules scanning
22:45:08.365 Disk 0 trace - called modules:
22:45:08.402 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:45:08.409 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa5060]
22:45:08.417 3 CLASSPNP.SYS[fffff880011b743f] -> nt!IofCallDriver -> [0xfffffa8004ce3d20]
22:45:08.424 5 ACPI.sys[fffff88000f73781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ce2050]
22:45:09.748 AVAST engine scan C:\Windows
22:45:13.739 AVAST engine scan C:\Windows\system32
22:49:03.650 AVAST engine scan C:\Windows\system32\drivers
22:49:31.908 AVAST engine scan C:\Users\Yuuko Amamiya
23:51:25.425 AVAST engine scan C:\ProgramData
23:53:04.349 Scan finished successfully
08:34:09.024 Disk 0 MBR has been saved successfully to "C:\Users\Yuuko Amamiya\Desktop\Logs\MBR.dat"
08:34:09.039 The log file has been saved successfully to "C:\Users\Yuuko Amamiya\Desktop\Logs\aswMBR_avast.txt"
08:34:42.377 Disk 0 MBR has been saved successfully to "C:\Users\Yuuko Amamiya\Desktop\MBR.dat"
08:34:42.393 The log file has been saved successfully to "C:\Users\Yuuko Amamiya\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   545bytes   0 downloads

Edited by YuukoAmamiya, 10 March 2012 - 08:38 AM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 10 March 2012 - 08:45 AM

Hi

Re-run TDSSKiller

  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Deleteis selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 10 March 2012 - 09:44 AM

When Combofix rebooted my computer, I got an error message saying:
C:\Windows\System32\GfxUI.exe "A device attached to the system is not functioning"
Will rebooting my computer fix this?

TDSSKiller log:

09:12:17.0420 2652 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
09:12:17.0779 2652 ============================================================
09:12:17.0779 2652 Current date / time: 2012/03/10 09:12:17.0779
09:12:17.0779 2652 SystemInfo:
09:12:17.0779 2652
09:12:17.0779 2652 OS Version: 6.1.7600 ServicePack: 0.0
09:12:17.0779 2652 Product type: Workstation
09:12:17.0779 2652 ComputerName: YUUKOAMAMIYA-PC
09:12:17.0779 2652 UserName: Yuuko Amamiya
09:12:17.0779 2652 Windows directory: C:\Windows
09:12:17.0779 2652 System windows directory: C:\Windows
09:12:17.0779 2652 Running under WOW64
09:12:17.0779 2652 Processor architecture: Intel x64
09:12:17.0779 2652 Number of processors: 4
09:12:17.0779 2652 Page size: 0x1000
09:12:17.0779 2652 Boot type: Normal boot
09:12:17.0779 2652 ============================================================
09:12:18.0450 2652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:12:18.0466 2652 \Device\Harddisk0\DR0:
09:12:18.0466 2652 MBR used
09:12:18.0466 2652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:12:18.0481 2652 Initialize success
09:12:18.0481 2652 ============================================================
09:12:32.0952 3056 ============================================================
09:12:32.0952 3056 Scan started
09:12:32.0952 3056 Mode: Manual; SigCheck; TDLFS;
09:12:32.0952 3056 ============================================================
09:12:33.0654 3056 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:12:33.0826 3056 1394ohci - ok
09:12:33.0873 3056 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:12:33.0904 3056 ACPI - ok
09:12:33.0935 3056 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:12:33.0997 3056 AcpiPmi - ok
09:12:34.0060 3056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:12:34.0107 3056 adp94xx - ok
09:12:34.0153 3056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:12:34.0216 3056 adpahci - ok
09:12:34.0263 3056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:12:34.0294 3056 adpu320 - ok
09:12:34.0356 3056 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
09:12:34.0606 3056 AFD - ok
09:12:34.0653 3056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:12:34.0684 3056 agp440 - ok
09:12:34.0715 3056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:12:34.0746 3056 aliide - ok
09:12:34.0762 3056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:12:34.0793 3056 amdide - ok
09:12:34.0824 3056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:12:34.0855 3056 AmdK8 - ok
09:12:34.0871 3056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:12:34.0965 3056 AmdPPM - ok
09:12:34.0996 3056 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
09:12:35.0027 3056 amdsata - ok
09:12:35.0058 3056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:12:35.0105 3056 amdsbs - ok
09:12:35.0121 3056 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
09:12:35.0136 3056 amdxata - ok
09:12:35.0167 3056 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:12:35.0277 3056 AppID - ok
09:12:35.0308 3056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:12:35.0339 3056 arc - ok
09:12:35.0370 3056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:12:35.0386 3056 arcsas - ok
09:12:35.0479 3056 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:12:35.0604 3056 ASMMAP64 - ok
09:12:35.0620 3056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:12:35.0760 3056 AsyncMac - ok
09:12:35.0776 3056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:12:35.0791 3056 atapi - ok
09:12:35.0854 3056 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
09:12:36.0010 3056 athr - ok
09:12:36.0072 3056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:12:36.0244 3056 b06bdrv - ok
09:12:36.0275 3056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:12:36.0322 3056 b57nd60a - ok
09:12:36.0337 3056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:12:36.0415 3056 Beep - ok
09:12:36.0462 3056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:12:36.0509 3056 blbdrive - ok
09:12:36.0525 3056 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
09:12:36.0649 3056 bowser - ok
09:12:36.0681 3056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:12:36.0712 3056 BrFiltLo - ok
09:12:36.0743 3056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:12:36.0790 3056 BrFiltUp - ok
09:12:36.0837 3056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:12:36.0977 3056 Brserid - ok
09:12:36.0993 3056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:12:37.0086 3056 BrSerWdm - ok
09:12:37.0117 3056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:12:37.0195 3056 BrUsbMdm - ok
09:12:37.0227 3056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:12:37.0258 3056 BrUsbSer - ok
09:12:37.0289 3056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:12:37.0398 3056 BTHMODEM - ok
09:12:37.0461 3056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:12:37.0585 3056 cdfs - ok
09:12:37.0617 3056 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:12:37.0679 3056 cdrom - ok
09:12:37.0710 3056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:12:37.0757 3056 circlass - ok
09:12:37.0788 3056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:12:37.0835 3056 CLFS - ok
09:12:37.0851 3056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:12:37.0882 3056 CmBatt - ok
09:12:37.0897 3056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:12:37.0929 3056 cmdide - ok
09:12:37.0960 3056 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:12:37.0991 3056 CNG - ok
09:12:38.0022 3056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:12:38.0038 3056 Compbatt - ok
09:12:38.0069 3056 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:12:38.0116 3056 CompositeBus - ok
09:12:38.0131 3056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:12:38.0147 3056 crcdisk - ok
09:12:38.0194 3056 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
09:12:38.0256 3056 DfsC - ok
09:12:38.0272 3056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:12:38.0334 3056 discache - ok
09:12:38.0365 3056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:12:38.0381 3056 Disk - ok
09:12:38.0428 3056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:12:38.0459 3056 drmkaud - ok
09:12:38.0506 3056 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
09:12:38.0584 3056 DXGKrnl - ok
09:12:38.0677 3056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:12:38.0833 3056 ebdrv - ok
09:12:38.0958 3056 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:12:39.0005 3056 eeCtrl - ok
09:12:39.0099 3056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:12:39.0161 3056 elxstor - ok
09:12:39.0223 3056 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:12:39.0255 3056 EraserUtilRebootDrv - ok
09:12:39.0286 3056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:12:39.0317 3056 ErrDev - ok
09:12:39.0364 3056 ETD (b73181411523d264ad7bec35b84716ab) C:\Windows\system32\DRIVERS\ETD.sys
09:12:39.0411 3056 ETD - ok
09:12:39.0442 3056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:12:39.0535 3056 exfat - ok
09:12:39.0567 3056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:12:39.0629 3056 fastfat - ok
09:12:39.0676 3056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:12:39.0723 3056 fdc - ok
09:12:39.0754 3056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:12:39.0769 3056 FileInfo - ok
09:12:39.0785 3056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:12:39.0847 3056 Filetrace - ok
09:12:39.0894 3056 FixTDSS (00940c5e43282206994659d16b4ac412) C:\Windows\system32\drivers\FixTDSS.sys
09:12:39.0910 3056 FixTDSS - ok
09:12:39.0941 3056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:12:39.0972 3056 flpydisk - ok
09:12:39.0988 3056 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:12:40.0019 3056 FltMgr - ok
09:12:40.0050 3056 FLxHCIc (480e31b064e6f7b4eaab8b00437298b6) C:\Windows\system32\DRIVERS\FLxHCIc.sys
09:12:40.0144 3056 FLxHCIc - ok
09:12:40.0159 3056 FLxHCIh (e9cf4c5a0c31197351f89a1df4522b96) C:\Windows\system32\DRIVERS\FLxHCIh.sys
09:12:40.0222 3056 FLxHCIh - ok
09:12:40.0237 3056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:12:40.0269 3056 FsDepends - ok
09:12:40.0284 3056 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:12:40.0300 3056 Fs_Rec - ok
09:12:40.0331 3056 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
09:12:40.0347 3056 fvevol - ok
09:12:40.0362 3056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:12:40.0393 3056 gagp30kx - ok
09:12:40.0425 3056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:12:40.0440 3056 GEARAspiWDM - ok
09:12:40.0487 3056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:12:40.0549 3056 hcw85cir - ok
09:12:40.0565 3056 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:12:40.0627 3056 HdAudAddService - ok
09:12:40.0659 3056 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:12:40.0705 3056 HDAudBus - ok
09:12:40.0737 3056 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:12:40.0752 3056 HECIx64 - ok
09:12:40.0783 3056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:12:40.0830 3056 HidBatt - ok
09:12:40.0846 3056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:12:40.0955 3056 HidBth - ok
09:12:40.0971 3056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:12:41.0017 3056 HidIr - ok
09:12:41.0049 3056 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:12:41.0095 3056 HidUsb - ok
09:12:41.0127 3056 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:12:41.0158 3056 HpSAMD - ok
09:12:41.0189 3056 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:12:41.0298 3056 HTTP - ok
09:12:41.0314 3056 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:12:41.0329 3056 hwpolicy - ok
09:12:41.0361 3056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:12:41.0392 3056 i8042prt - ok
09:12:41.0439 3056 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
09:12:41.0454 3056 iaStor - ok
09:12:41.0501 3056 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
09:12:41.0563 3056 iaStorV - ok
09:12:41.0751 3056 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:12:42.0109 3056 igfx - ok
09:12:42.0141 3056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:12:42.0156 3056 iirsp - ok
09:12:42.0203 3056 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
09:12:42.0265 3056 Impcd - ok
09:12:42.0343 3056 IntcAzAudAddService (e02a55f45edb35641cb470a2cd56e74e) C:\Windows\system32\drivers\RTKVHD64.sys
09:12:42.0484 3056 IntcAzAudAddService - ok
09:12:42.0515 3056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:12:42.0531 3056 intelide - ok
09:12:42.0546 3056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:12:42.0577 3056 intelppm - ok
09:12:42.0624 3056 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:12:42.0687 3056 IpFilterDriver - ok
09:12:42.0718 3056 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:12:42.0749 3056 IPMIDRV - ok
09:12:42.0765 3056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:12:42.0843 3056 IPNAT - ok
09:12:42.0889 3056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:12:42.0967 3056 IRENUM - ok
09:12:42.0999 3056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:12:43.0014 3056 isapnp - ok
09:12:43.0045 3056 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:12:43.0092 3056 iScsiPrt - ok
09:12:43.0108 3056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:12:43.0139 3056 kbdclass - ok
09:12:43.0155 3056 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:12:43.0186 3056 kbdhid - ok
09:12:43.0217 3056 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
09:12:43.0248 3056 kbfiltr - ok
09:12:43.0295 3056 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:12:43.0311 3056 KSecDD - ok
09:12:43.0326 3056 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:12:43.0342 3056 KSecPkg - ok
09:12:43.0373 3056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:12:43.0435 3056 ksthunk - ok
09:12:43.0467 3056 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
09:12:43.0498 3056 L1C - ok
09:12:43.0529 3056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:12:43.0607 3056 lltdio - ok
09:12:43.0654 3056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:12:43.0685 3056 LSI_FC - ok
09:12:43.0716 3056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:12:43.0732 3056 LSI_SAS - ok
09:12:43.0747 3056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:12:43.0779 3056 LSI_SAS2 - ok
09:12:43.0794 3056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:12:43.0825 3056 LSI_SCSI - ok
09:12:43.0857 3056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:12:43.0919 3056 luafv - ok
09:12:43.0935 3056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:12:43.0966 3056 megasas - ok
09:12:43.0981 3056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:12:44.0013 3056 MegaSR - ok
09:12:44.0075 3056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:12:44.0153 3056 Modem - ok
09:12:44.0169 3056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:12:44.0215 3056 monitor - ok
09:12:44.0231 3056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:12:44.0262 3056 mouclass - ok
09:12:44.0309 3056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:12:44.0356 3056 mouhid - ok
09:12:44.0371 3056 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:12:44.0387 3056 mountmgr - ok
09:12:44.0418 3056 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:12:44.0449 3056 mpio - ok
09:12:44.0481 3056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:12:44.0590 3056 mpsdrv - ok
09:12:44.0637 3056 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:12:44.0683 3056 MRxDAV - ok
09:12:44.0715 3056 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:12:44.0761 3056 mrxsmb - ok
09:12:44.0777 3056 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:12:44.0808 3056 mrxsmb10 - ok
09:12:44.0839 3056 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:12:44.0871 3056 mrxsmb20 - ok
09:12:44.0886 3056 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:12:44.0902 3056 msahci - ok
09:12:44.0933 3056 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:12:44.0964 3056 msdsm - ok
09:12:44.0980 3056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:12:45.0042 3056 Msfs - ok
09:12:45.0058 3056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:12:45.0136 3056 mshidkmdf - ok
09:12:45.0151 3056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:12:45.0167 3056 msisadrv - ok
09:12:45.0214 3056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:12:45.0276 3056 MSKSSRV - ok
09:12:45.0292 3056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:12:45.0370 3056 MSPCLOCK - ok
09:12:45.0385 3056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:12:45.0463 3056 MSPQM - ok
09:12:45.0479 3056 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:12:45.0510 3056 MsRPC - ok
09:12:45.0526 3056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:12:45.0557 3056 mssmbios - ok
09:12:45.0573 3056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:12:45.0651 3056 MSTEE - ok
09:12:45.0666 3056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:12:45.0713 3056 MTConfig - ok
09:12:45.0744 3056 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
09:12:45.0760 3056 MTsensor - ok
09:12:45.0775 3056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:12:45.0791 3056 Mup - ok
09:12:45.0838 3056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:12:45.0900 3056 NativeWifiP - ok
09:12:46.0025 3056 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120309.034\ENG64.SYS
09:12:46.0041 3056 NAVENG - ok
09:12:46.0119 3056 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120309.034\EX64.SYS
09:12:46.0165 3056 NAVEX15 - ok
09:12:46.0431 3056 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:12:46.0509 3056 NDIS - ok
09:12:46.0540 3056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:12:46.0602 3056 NdisCap - ok
09:12:46.0633 3056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:12:46.0711 3056 NdisTapi - ok
09:12:46.0743 3056 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:12:46.0805 3056 Ndisuio - ok
09:12:46.0836 3056 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:12:46.0899 3056 NdisWan - ok
09:12:46.0930 3056 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:12:46.0992 3056 NDProxy - ok
09:12:47.0008 3056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:12:47.0070 3056 NetBIOS - ok
09:12:47.0086 3056 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:12:47.0179 3056 NetBT - ok
09:12:47.0211 3056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:12:47.0242 3056 nfrd960 - ok
09:12:47.0273 3056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:12:47.0335 3056 Npfs - ok
09:12:47.0351 3056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:12:47.0429 3056 nsiproxy - ok
09:12:47.0476 3056 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
09:12:47.0538 3056 Ntfs - ok
09:12:47.0554 3056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:12:47.0616 3056 Null - ok
09:12:47.0866 3056 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:12:48.0334 3056 nvlddmkm - ok
09:12:48.0381 3056 nvpciflt (91aa115e6bd2104d79cadd8b1cbaeb4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
09:12:48.0381 3056 nvpciflt - ok
09:12:48.0427 3056 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
09:12:48.0459 3056 nvraid - ok
09:12:48.0490 3056 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
09:12:48.0537 3056 nvstor - ok
09:12:48.0583 3056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:12:48.0599 3056 nv_agp - ok
09:12:48.0630 3056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:12:48.0661 3056 ohci1394 - ok
09:12:48.0708 3056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:12:48.0755 3056 Parport - ok
09:12:48.0771 3056 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:12:48.0786 3056 partmgr - ok
09:12:48.0802 3056 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:12:48.0833 3056 pci - ok
09:12:48.0849 3056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:12:48.0864 3056 pciide - ok
09:12:48.0895 3056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:12:48.0927 3056 pcmcia - ok
09:12:48.0942 3056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:12:48.0958 3056 pcw - ok
09:12:48.0989 3056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:12:49.0083 3056 PEAUTH - ok
09:12:49.0145 3056 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:12:49.0223 3056 PptpMiniport - ok
09:12:49.0239 3056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:12:49.0270 3056 Processor - ok
09:12:49.0301 3056 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:12:49.0379 3056 Psched - ok
09:12:49.0441 3056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:12:49.0551 3056 ql2300 - ok
09:12:49.0597 3056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:12:49.0613 3056 ql40xx - ok
09:12:49.0644 3056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:12:49.0691 3056 QWAVEdrv - ok
09:12:49.0722 3056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:12:49.0785 3056 RasAcd - ok
09:12:49.0831 3056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:12:49.0894 3056 RasAgileVpn - ok
09:12:49.0925 3056 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:12:50.0003 3056 Rasl2tp - ok
09:12:50.0034 3056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:12:50.0097 3056 RasPppoe - ok
09:12:50.0128 3056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:12:50.0190 3056 RasSstp - ok
09:12:50.0237 3056 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:12:50.0299 3056 rdbss - ok
09:12:50.0315 3056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:12:50.0346 3056 rdpbus - ok
09:12:50.0377 3056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:12:50.0440 3056 RDPCDD - ok
09:12:50.0471 3056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:12:50.0533 3056 RDPENCDD - ok
09:12:50.0565 3056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:12:50.0627 3056 RDPREFMP - ok
09:12:50.0643 3056 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:12:50.0721 3056 RDPWD - ok
09:12:50.0767 3056 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
09:12:50.0799 3056 rdyboost - ok
09:12:50.0845 3056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:12:50.0908 3056 rspndr - ok
09:12:50.0939 3056 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:12:50.0970 3056 sbp2port - ok
09:12:50.0986 3056 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:12:51.0048 3056 scfilter - ok
09:12:51.0079 3056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:12:51.0142 3056 secdrv - ok
09:12:51.0173 3056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:12:51.0204 3056 Serenum - ok
09:12:51.0235 3056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:12:51.0282 3056 Serial - ok
09:12:51.0329 3056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:12:51.0376 3056 sermouse - ok
09:12:51.0391 3056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:12:51.0438 3056 sffdisk - ok
09:12:51.0454 3056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:12:51.0485 3056 sffp_mmc - ok
09:12:51.0516 3056 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:12:51.0563 3056 sffp_sd - ok
09:12:51.0579 3056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:12:51.0625 3056 sfloppy - ok
09:12:51.0657 3056 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
09:12:51.0703 3056 SiSGbeLH - ok
09:12:51.0719 3056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:12:51.0735 3056 SiSRaid2 - ok
09:12:51.0750 3056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:12:51.0781 3056 SiSRaid4 - ok
09:12:51.0813 3056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:12:51.0875 3056 Smb - ok
09:12:51.0953 3056 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
09:12:52.0047 3056 SNP2UVC - ok
09:12:52.0093 3056 speedfan - ok
09:12:52.0109 3056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:12:52.0125 3056 spldr - ok
09:12:52.0187 3056 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
09:12:52.0218 3056 SRTSP - ok
09:12:52.0234 3056 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
09:12:52.0281 3056 SRTSPL - ok
09:12:52.0312 3056 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
09:12:52.0327 3056 SRTSPX - ok
09:12:52.0359 3056 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
09:12:52.0405 3056 srv - ok
09:12:52.0437 3056 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
09:12:52.0468 3056 srv2 - ok
09:12:52.0499 3056 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
09:12:52.0530 3056 srvnet - ok
09:12:52.0577 3056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:12:52.0608 3056 stexstor - ok
09:12:52.0639 3056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:12:52.0655 3056 swenum - ok
09:12:52.0717 3056 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:12:52.0749 3056 SymEvent - ok
09:12:52.0795 3056 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
09:12:52.0873 3056 Tcpip - ok
09:12:52.0920 3056 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
09:12:52.0967 3056 TCPIP6 - ok
09:12:52.0983 3056 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:12:53.0061 3056 tcpipreg - ok
09:12:53.0076 3056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:12:53.0139 3056 TDPIPE - ok
09:12:53.0170 3056 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:12:53.0217 3056 TDTCP - ok
09:12:53.0232 3056 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:12:53.0295 3056 tdx - ok
09:12:53.0326 3056 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
09:12:53.0341 3056 Teefer2 - ok
09:12:53.0357 3056 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:12:53.0373 3056 TermDD - ok
09:12:53.0419 3056 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:12:53.0482 3056 tssecsrv - ok
09:12:53.0529 3056 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:12:53.0622 3056 tunnel - ok
09:12:53.0653 3056 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
09:12:53.0669 3056 TurboB - ok
09:12:53.0685 3056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:12:53.0716 3056 uagp35 - ok
09:12:53.0763 3056 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:12:53.0856 3056 udfs - ok
09:12:53.0903 3056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:12:53.0919 3056 uliagpkx - ok
09:12:53.0950 3056 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:12:53.0981 3056 umbus - ok
09:12:53.0997 3056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:12:54.0044 3056 UmPass - ok
09:12:54.0090 3056 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:12:54.0137 3056 USBAAPL64 - ok
09:12:54.0168 3056 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
09:12:54.0200 3056 usbccgp - ok
09:12:54.0231 3056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:12:54.0278 3056 usbcir - ok
09:12:54.0309 3056 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
09:12:54.0356 3056 usbehci - ok
09:12:54.0449 3056 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
09:12:54.0512 3056 usbhub - ok
09:12:54.0543 3056 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:12:54.0621 3056 usbohci - ok
09:12:54.0683 3056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:12:54.0714 3056 usbprint - ok
09:12:54.0761 3056 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:12:54.0824 3056 usbscan - ok
09:12:54.0886 3056 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:12:54.0917 3056 USBSTOR - ok
09:12:54.0980 3056 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:12:55.0042 3056 usbuhci - ok
09:12:55.0073 3056 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
09:12:55.0136 3056 usbvideo - ok
09:12:55.0276 3056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:12:55.0292 3056 vdrvroot - ok
09:12:55.0338 3056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:12:55.0370 3056 vga - ok
09:12:55.0494 3056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:12:55.0572 3056 VgaSave - ok
09:12:55.0650 3056 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:12:55.0697 3056 vhdmp - ok
09:12:55.0791 3056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:12:55.0822 3056 viaide - ok
09:12:55.0853 3056 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:12:55.0869 3056 volmgr - ok
09:12:55.0931 3056 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:12:55.0962 3056 volmgrx - ok
09:12:55.0994 3056 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:12:56.0025 3056 volsnap - ok
09:12:56.0056 3056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:12:56.0087 3056 vsmraid - ok
09:12:56.0134 3056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:12:56.0165 3056 vwifibus - ok
09:12:56.0196 3056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:12:56.0243 3056 vwififlt - ok
09:12:56.0259 3056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:12:56.0290 3056 WacomPen - ok
09:12:56.0321 3056 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:12:56.0399 3056 WANARP - ok
09:12:56.0446 3056 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:12:56.0508 3056 Wanarpv6 - ok
09:12:56.0540 3056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:12:56.0555 3056 Wd - ok
09:12:56.0586 3056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:12:56.0618 3056 Wdf01000 - ok
09:12:56.0649 3056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:12:56.0696 3056 WfpLwf - ok
09:12:56.0742 3056 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
09:12:56.0774 3056 WimFltr - ok
09:12:56.0789 3056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:12:56.0820 3056 WIMMount - ok
09:12:56.0914 3056 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:12:56.0961 3056 WinUsb - ok
09:12:57.0008 3056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:12:57.0054 3056 WmiAcpi - ok
09:12:57.0101 3056 WPS (37725ebe2f8972809903a10599c365a2) C:\Windows\system32\drivers\wpsdrvnt.sys
09:12:57.0117 3056 WPS - ok
09:12:57.0148 3056 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
09:12:57.0195 3056 WpsHelper - ok
09:12:57.0210 3056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:12:57.0288 3056 ws2ifsl - ok
09:12:57.0304 3056 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:12:57.0366 3056 WudfPf - ok
09:12:57.0398 3056 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:12:57.0476 3056 WUDFRd - ok
09:12:57.0538 3056 X6va003 - ok
09:12:57.0569 3056 X6va005 - ok
09:12:57.0600 3056 X6va006 - ok
09:12:57.0632 3056 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
09:12:57.0647 3056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:12:57.0819 3056 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:12:57.0819 3056 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:12:57.0819 3056 Boot (0x1200) (e91eb97ee303fb9c11e4f504bd566f69) \Device\Harddisk0\DR0\Partition0
09:12:57.0819 3056 \Device\Harddisk0\DR0\Partition0 - ok
09:12:57.0819 3056 ============================================================
09:12:57.0819 3056 Scan finished
09:12:57.0819 3056 ============================================================
09:12:57.0866 4604 Detected object count: 1
09:12:57.0866 4604 Actual detected object count: 1
09:13:02.0577 4604 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:13:03.0060 4604 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:13:03.0092 4604 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:13:03.0107 4604 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:13:03.0170 4604 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:13:03.0185 4604 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:13:03.0201 4604 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:13:03.0201 4604 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:13:03.0201 4604 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:13:03.0216 4604 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:13:03.0216 4604 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:13:03.0232 4604 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:13:03.0232 4604 \Device\Harddisk0\DR0\TDLFS - deleted
09:13:03.0232 4604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
09:13:46.0744 1216 Deinitialize success


Combofix Log

ComboFix 12-03-10.01 - Yuuko Amamiya 03/10/2012 9:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3884.2340 [GMT -5:00]
Running from: c:\users\Yuuko Amamiya\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\AsPatch10430001.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 14:13 . 2012-03-10 14:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 02:38 . 2012-03-09 02:38 388096 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 02:38 . 2012-03-09 02:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-09 01:58 . 2012-03-09 02:08 -------- d-----w- c:\users\Yuuko Amamiya\AppData\Roaming\Systweak
2012-03-09 01:39 . 2012-03-09 01:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-03-08 23:02 . 2009-07-14 01:48 17984 ----a-w- c:\windows\system32\kdcomBACKUP.dll
2012-03-08 23:02 . 2009-07-14 01:48 17984 ----a-w- c:\windows\system32\kdcom.dll
2012-03-08 20:30 . 2012-03-08 20:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-08 20:30 . 2012-03-08 20:30 -------- d-----w- c:\program files (x86)\Java
2012-03-08 19:33 . 2012-03-08 19:33 -------- d-----w- c:\users\Yuuko Amamiya\AppData\Roaming\FixTDSS
2012-03-08 19:33 . 2012-03-08 19:33 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-03-02 04:21 . 2012-03-02 04:21 40960 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-03-02 04:21 . 2012-03-02 04:21 40960 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-02-21 17:44 . 2012-02-21 17:44 -------- d-----w- c:\programdata\Astroburn Lite
2012-02-13 02:09 . 2012-03-09 02:12 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-02-12 04:54 . 2012-02-12 04:54 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-02-12 04:54 . 2012-02-12 04:54 151552 ----a-w- c:\windows\KMService.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:30 . 2011-02-12 02:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-29 3727411]
"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2011-08-19 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-10-13 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/23 04:46];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\YUUKO~1\AppData\Local\Temp\0035C11.tmp [x]
R3 X6va005;X6va005;c:\users\YUUKO~1\AppData\Local\Temp\005C66E.tmp [x]
R3 X6va006;X6va006;c:\users\YUUKO~1\AppData\Local\Temp\0064CA.tmp [x]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 13:01]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 13:01]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188327166-719347989-1683958029-1001Core.job
- c:\users\Yuuko Amamiya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 15:32]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188327166-719347989-1683958029-1001UA.job
- c:\users\Yuuko Amamiya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 15:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = astroburn-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 71.242.0.12 68.237.161.12
FF - ProfilePath - c:\users\Yuuko Amamiya\AppData\Roaming\Mozilla\Firefox\Profiles\hsvj5q8b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Bloomberg Keyboard v11.1 - c:\windows\System32\drivers\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\0035C11.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\005C66E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\0064CA.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="mpc-hc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithProgids]
"?mkv_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\open]
"FriendlyAppName"="Media Player Classic"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files (x86)\\Combined Community Codec Pack\\MPC\\mpc-hc.exe\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\windows\SysWOW64\srvany.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\KMService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\blp\API\office tools\bxlartd.exe
c:\blp\API\office tools\bxlaui.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-03-10 09:39:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 14:39
.
Pre-Run: 67,212,058,624 bytes free
Post-Run: 66,944,016,384 bytes free
.
- - End Of File - - 0755FE7416CEAE9A98009244A50A88BA

Edited by YuukoAmamiya, 10 March 2012 - 03:04 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 10 March 2012 - 03:49 PM

Hi

yes, try rebooting and see if that error goes away

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 10 March 2012 - 11:42 PM

Sorry for the delayed reply. ESET Scan took longer than I had expected. The GfxUI.exe error didn't pop up again, but I also noticed that my Proactive threat protection from Symantec is somehow labeled "off" even after restarting and even though in the settings it is enabled. Is it possibly clashing with the AVAST definitions downloaded earlier?

Below is the MBAM. BSODs seem to have gone away probably due to TDSSkiller but computer still seems slower on start up than it usually does.


-------------------------------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Yuuko Amamiya :: YUUKOAMAMIYA-PC [administrator]

3/10/2012 3:55:36 PM
mbam-log-2012-03-10 (15-55-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210274
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------
ESET Scan

C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\TDSSKiller_Quarantine\10.03.2012_09.12.17\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\10.03.2012_09.12.17\tdlfs0000\tsk0001.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\Users\All Users\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Users\Yuuko Amamiya\Yuuko2\Anime\Office2010\Office2010.iso a variant of Win32/HackKMS.A application
C:\Users\Yuuko Amamiya\Yuuko2\Anime\Office2010\Office2010.rar a variant of Win32/HackKMS.A application
C:\Users\Yuuko Amamiya\Yuuko2\Useful Programs\ACS3MCD1.iso a variant of Win32/Keygen.BR application
C:\Windows\KMService.exe a variant of Win32/HackKMS.A application

Attached Files


Edited by YuukoAmamiya, 10 March 2012 - 11:46 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 10 March 2012 - 11:59 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\YouTube Downloader\ytd_installer.exe 
C:\Users\All Users\YouTube Downloader\ytd_installer.exe 
C:\Users\Yuuko Amamiya\Yuuko2\Anime\Office2010\Office2010.iso 
C:\Users\Yuuko Amamiya\Yuuko2\Anime\Office2010\Office2010.rar 
C:\Users\Yuuko Amamiya\Yuuko2\Useful Programs\ACS3MCD1.iso 
C:\Windows\KMService.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



Please advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 March 2012 - 12:46 AM

ComboFix 12-03-10.01 - Yuuko Amamiya 03/11/2012 0:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3884.1961 [GMT -5:00]
Running from: c:\users\Yuuko Amamiya\Desktop\ComboFix.exe
Command switches used :: c:\users\Yuuko Amamiya\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 05:30 . 2012-03-11 05:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-11 05:30 . 2012-03-11 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 21:03 . 2012-03-10 21:03 -------- d-----w- c:\program files (x86)\ESET
2012-03-10 14:13 . 2012-03-10 14:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 02:38 . 2012-03-09 02:38 388096 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 02:38 . 2012-03-09 02:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-09 01:58 . 2012-03-09 02:08 -------- d-----w- c:\users\Yuuko Amamiya\AppData\Roaming\Systweak
2012-03-09 01:39 . 2012-03-09 01:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-03-08 23:02 . 2009-07-14 01:48 17984 ----a-w- c:\windows\system32\kdcomBACKUP.dll
2012-03-08 23:02 . 2009-07-14 01:48 17984 ----a-w- c:\windows\system32\kdcom.dll
2012-03-08 20:30 . 2012-03-08 20:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-08 20:30 . 2012-03-08 20:30 -------- d-----w- c:\program files (x86)\Java
2012-03-08 19:33 . 2012-03-08 19:33 -------- d-----w- c:\users\Yuuko Amamiya\AppData\Roaming\FixTDSS
2012-03-08 19:33 . 2012-03-08 19:33 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-03-02 04:21 . 2012-03-02 04:21 40960 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-03-02 04:21 . 2012-03-02 04:21 40960 ----a-r- c:\users\Yuuko Amamiya\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-02-21 17:44 . 2012-02-21 17:44 -------- d-----w- c:\programdata\Astroburn Lite
2012-02-13 02:09 . 2012-03-09 02:12 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-02-12 04:54 . 2012-02-12 04:54 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-02-12 04:54 . 2012-02-12 04:54 151552 ----a-w- c:\windows\KMService.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:30 . 2011-02-12 02:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_14.34.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-10 14:27 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-11 05:17 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-23 13:20 . 2012-03-10 20:55 61092 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-01-22 11:41 . 2012-03-10 14:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-22 11:41 . 2012-03-11 05:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-22 11:41 . 2012-03-10 14:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-22 11:41 . 2012-03-11 05:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 05:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-10 14:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-22 19:48 . 2012-03-10 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-22 19:48 . 2012-03-11 05:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-22 19:48 . 2012-03-10 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-22 19:48 . 2012-03-11 05:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-10 14:33 . 2012-03-10 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-11 05:32 . 2012-03-11 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-10 14:33 . 2012-03-10 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-11 05:32 . 2012-03-11 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-11 05:17 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-10 14:27 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-03-10 14:22 626772 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-11 05:11 626772 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-11 05:11 107454 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-10 14:22 107454 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-11 05:30 473352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-10 14:14 473352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-11 05:17 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-10 14:27 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:34 . 2012-03-10 21:05 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-10 14:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-08-17 07:58 . 2012-03-10 14:15 20502072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4188327166-719347989-1683958029-1001-12288.dat
+ 2011-08-17 07:58 . 2012-03-11 05:30 20502072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4188327166-719347989-1683958029-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-29 3727411]
"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2011-08-19 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-10-13 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/23 04:46];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\YUUKO~1\AppData\Local\Temp\0035C11.tmp [x]
R3 X6va005;X6va005;c:\users\YUUKO~1\AppData\Local\Temp\005C66E.tmp [x]
R3 X6va006;X6va006;c:\users\YUUKO~1\AppData\Local\Temp\0064CA.tmp [x]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 13:01]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 13:01]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188327166-719347989-1683958029-1001Core.job
- c:\users\Yuuko Amamiya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 15:32]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188327166-719347989-1683958029-1001UA.job
- c:\users\Yuuko Amamiya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 15:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Yuuko Amamiya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = astroburn-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 71.242.0.12 68.237.161.12
FF - ProfilePath - c:\users\Yuuko Amamiya\AppData\Roaming\Mozilla\Firefox\Profiles\hsvj5q8b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\0035C11.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\005C66E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\YUUKO~1\AppData\Local\Temp\0064CA.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="mpc-hc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithProgids]
"?mkv_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\open]
"FriendlyAppName"="Media Player Classic"
.
[HKEY_USERS\S-1-5-21-4188327166-719347989-1683958029-1001_Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files (x86)\\Combined Community Codec Pack\\MPC\\mpc-hc.exe\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\windows\SysWOW64\srvany.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\KMService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\blp\API\office tools\bxlartd.exe
c:\blp\API\office tools\bxlaui.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-03-11 00:37:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 05:37
ComboFix2.txt 2012-03-10 14:39
.
Pre-Run: 73,740,451,840 bytes free
Post-Run: 73,729,703,936 bytes free
.
- - End Of File - - 18F267A02FFDC6885B82D283E62359E2


Regarding the computer status, it's still slow between the "Starting Windows" screen to the log-on screen and from log-on screen to the desktop. Is there anyway to fix this?
Also, should I delete all the files that were moved to quarantine during this process (e.g. the AVAST definitions that were detected by my symantec antivirus?)

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 11 March 2012 - 09:40 AM

Try a defrag

First open an elevated Command Prompt
  • Go to Start > All Programs > Accessories
  • right click on the Command Prompt and choose “Run as administrator”
  • Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):
  • defrag c: -a (be patient, this can take a while)
  • The resulting analysis will tell you a “Percent file fragmentation” and at the bottom, if you need to defragment the drive or not.
  • To fully defragment your C:\ drive type the following:
  • defrag c: -w
  • Give it time to run (it can take a while, best to leave the computer alone) and then you’re done!



let me know if that helps

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 March 2012 - 09:54 AM

The analysis tells me that there is 0% fragmented space. :\

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 11 March 2012 - 10:06 AM

Try the troubleshooting Feature Go to Start > Control panel > Troubleshooting

System and Security > Check for Performance Issues > click NEXT and allow Win 7 to perform it's function

It will likely locate a number of programs shown to begin at start-up

take a good look through the list and disable those that you don't need to start manually.

Hopefully that will assist your boot time

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 March 2012 - 10:14 AM

It's a little bit better. This aside though, do the logs look good?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:58 AM

Posted 11 March 2012 - 10:20 AM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the TDSSKiller, DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 YuukoAmamiya

YuukoAmamiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 March 2012 - 10:35 AM

Thanks a lot for your help! Computer seems to be running just fine now. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users