Jump to content

crisw

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Seems to be better! ComboFix 12-03-10.02 - Nikki 03/10/2012 13:38:44.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1364 [GMT -8:00] Running from: c:\users\Nikki\Downloads\ComboFix.exe Command switches used :: c:\users\Nikki\Downloads\cfscript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_aevocnsf . . ((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))) . . 2012-03-10 21:50 . 2012-03-10 21:50 -------- d-----w- c:\users\KaetyBug\AppData\Local\temp 2012-03-10 16:15 . 2012-03-10 16:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-10 00:37 . 2010-11-11 19:59 252712 ----a-w- c:\windows\ETDUninst.dll 2012-03-09 19:21 . 2012-03-09 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-09 19:21 . 2012-03-09 19:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-03-06 16:08 . 2012-03-06 16:08 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2012-03-06 16:08 . 2012-03-06 16:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-06 16:08 . 2012-03-06 16:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-06 16:08 . 2012-03-06 16:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-03-06 16:08 . 2012-03-06 16:08 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe 2012-03-06 15:48 . 2012-03-06 15:48 -------- d-----w- c:\users\Nikki\AppData\Roaming\Malwarebytes 2012-03-06 15:48 . 2012-03-09 15:20 -------- d-----w- c:\programdata\Malwarebytes 2012-03-06 15:48 . 2012-03-09 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-06 15:48 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-05 04:02 . 2012-03-05 04:02 -------- d-----w- c:\programdata\ATI 2012-03-05 03:56 . 2012-03-05 04:01 -------- d-----w- c:\program files\ATI Technologies 2012-02-15 17:41 . 2012-02-15 17:41 48464 ----a-w- c:\windows\system32\drivers\aevocnsf.sys 2012-02-15 05:26 . 2012-02-15 05:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-15 00:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 00:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 00:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 00:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 00:51 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 00:50 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 00:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 00:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 20:55 . 2012-02-11 17:34 -------- dc-h--w- c:\programdata\{D8EAEB0B-7E66-400B-9DCD-5E815A852728} 2012-02-10 20:54 . 2012-02-10 20:54 -------- d-----w- c:\users\Nikki\AppData\Local\PackageAware 2012-02-10 01:20 . 2012-02-10 01:20 -------- d-----w- c:\program files (x86)\Chimpoo_3a . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\CA36.tmp 2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F7.tmp 2012-01-08 02:18 . 2012-01-08 02:18 0 ---ha-w- c:\users\Nikki\AppData\Local\BITA884.tmp . . ((((((((((((((((((((((((((((( SnapShot@2012-03-10_19.09.34 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-03-10 19:27 38648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-10 19:27 53446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-20 23:10 . 2012-03-10 19:24 4966 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-08-01 04:59 . 2012-03-10 19:27 9946 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2820138118-1891196870-2981794189-1001_UserData.bin + 2012-03-10 21:52 . 2012-03-10 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-10 19:07 . 2012-03-10 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-10 19:07 . 2012-03-10 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-10 21:52 . 2012-03-10 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-03-10 21:51 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-10 19:06 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-14 17:34 . 2012-03-10 21:51 1405296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-06-14 17:34 . 2012-03-10 19:06 1405296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-01 05:02 . 2012-03-10 21:51 2887852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-8192.dat - 2011-08-01 05:02 . 2012-03-10 19:06 2887852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-8192.dat - 2012-03-01 22:18 . 2012-03-10 19:06 4236548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-4096.dat + 2012-03-01 22:18 . 2012-03-10 21:51 4236548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-14 39408] "MusicManager"="c:\users\Nikki\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-08-02 77824] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-05 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008] S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-14 138360] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001Core.job - c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001UA.job - c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "combofix"="c:\combofix\CF20155.3XE" [2010-11-21 345088] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-10 14:06:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-10 22:06 ComboFix2.txt 2012-03-10 19:16 . Pre-Run: 248,931,295,232 bytes free Post-Run: 248,656,441,344 bytes free . - - End Of File - - 289C5FB95749F722280B89BF94ED2744
  2. ComboFix 12-03-10.02 - Nikki 03/10/2012 10:51:20.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1306 [GMT -8:00] Running from: c:\users\Nikki\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))))) . . 2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\KaetyBug\AppData\Local\temp 2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\Camden and Keirsten\AppData\Local\temp 2012-03-10 16:15 . 2012-03-10 16:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-10 00:37 . 2010-11-11 19:59 252712 ----a-w- c:\windows\ETDUninst.dll 2012-03-09 19:21 . 2012-03-09 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-09 19:21 . 2012-03-09 19:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-03-06 16:08 . 2012-03-06 16:08 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2012-03-06 16:08 . 2012-03-06 16:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-06 16:08 . 2012-03-06 16:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-06 16:08 . 2012-03-06 16:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-03-06 16:08 . 2012-03-06 16:08 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe 2012-03-06 15:48 . 2012-03-06 15:48 -------- d-----w- c:\users\Nikki\AppData\Roaming\Malwarebytes 2012-03-06 15:48 . 2012-03-09 15:20 -------- d-----w- c:\programdata\Malwarebytes 2012-03-06 15:48 . 2012-03-09 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-06 15:48 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-05 04:02 . 2012-03-05 04:02 -------- d-----w- c:\programdata\ATI 2012-03-05 03:56 . 2012-03-05 04:01 -------- d-----w- c:\program files\ATI Technologies 2012-02-15 17:41 . 2012-02-15 17:41 48464 ----a-w- c:\windows\system32\drivers\aevocnsf.sys 2012-02-15 05:26 . 2012-02-15 05:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-15 00:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 00:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 00:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 00:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 00:51 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 00:50 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 00:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 00:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 20:55 . 2012-02-11 17:34 -------- dc-h--w- c:\programdata\{D8EAEB0B-7E66-400B-9DCD-5E815A852728} 2012-02-10 20:54 . 2012-02-10 20:54 -------- d-----w- c:\users\Nikki\AppData\Local\PackageAware 2012-02-10 01:20 . 2012-02-10 01:20 -------- d-----w- c:\program files (x86)\Chimpoo_3a . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\CA36.tmp 2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F7.tmp 2012-01-08 02:18 . 2012-01-08 02:18 0 ---ha-w- c:\users\Nikki\AppData\Local\BITA884.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-14 39408] "MusicManager"="c:\users\Nikki\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-08-02 77824] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 aevocnsf;aevocnsf;c:\windows\system32\drivers\aevocnsf.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-05 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008] S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-14 138360] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001Core.job - c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001UA.job - c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-10 11:16:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-10 19:16 . Pre-Run: 249,316,507,648 bytes free Post-Run: 248,856,104,960 bytes free . - - End Of File - - 6DB679831247E66237E46441A2AC7E9F
  3. Hi Elise! Thanks for your help! 08:13:52.0674 2436 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 08:13:54.0679 2436 ============================================================ 08:13:54.0679 2436 Current date / time: 2012/03/10 08:13:54.0679 08:13:54.0680 2436 SystemInfo: 08:13:54.0680 2436 08:13:54.0680 2436 OS Version: 6.1.7601 ServicePack: 1.0 08:13:54.0680 2436 Product type: Workstation 08:13:54.0680 2436 ComputerName: NIKKI-PC 08:13:54.0681 2436 UserName: Nikki 08:13:54.0681 2436 Windows directory: C:\windows 08:13:54.0681 2436 System windows directory: C:\windows 08:13:54.0681 2436 Running under WOW64 08:13:54.0681 2436 Processor architecture: Intel x64 08:13:54.0681 2436 Number of processors: 2 08:13:54.0681 2436 Page size: 0x1000 08:13:54.0681 2436 Boot type: Normal boot 08:13:54.0681 2436 ============================================================ 08:13:57.0636 2436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:13:57.0648 2436 \Device\Harddisk0\DR0: 08:13:57.0665 2436 MBR used 08:13:57.0665 2436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800 08:13:57.0715 2436 Initialize success 08:13:57.0715 2436 ============================================================ 08:14:19.0060 0484 ============================================================ 08:14:19.0060 0484 Scan started 08:14:19.0061 0484 Mode: Manual; 08:14:19.0061 0484 ============================================================ 08:14:20.0047 0484 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 08:14:20.0055 0484 1394ohci - ok 08:14:20.0161 0484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 08:14:20.0167 0484 ACPI - ok 08:14:20.0279 0484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 08:14:20.0282 0484 AcpiPmi - ok 08:14:20.0417 0484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 08:14:20.0432 0484 adp94xx - ok 08:14:20.0561 0484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 08:14:20.0577 0484 adpahci - ok 08:14:20.0695 0484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 08:14:20.0702 0484 adpu320 - ok 08:14:20.0893 0484 aevocnsf (a412d2fd7c0e1b50a7845fa083894223) C:\windows\system32\drivers\aevocnsf.sys 08:14:20.0899 0484 aevocnsf - ok 08:14:21.0034 0484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 08:14:21.0045 0484 AFD - ok 08:14:21.0159 0484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 08:14:21.0163 0484 agp440 - ok 08:14:21.0288 0484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 08:14:21.0292 0484 aliide - ok 08:14:21.0417 0484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 08:14:21.0422 0484 amdide - ok 08:14:21.0527 0484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 08:14:21.0536 0484 AmdK8 - ok 08:14:21.0887 0484 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys 08:14:22.0078 0484 amdkmdag - ok 08:14:22.0205 0484 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys 08:14:22.0211 0484 amdkmdap - ok 08:14:22.0320 0484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 08:14:22.0324 0484 AmdPPM - ok 08:14:22.0414 0484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 08:14:22.0418 0484 amdsata - ok 08:14:22.0518 0484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 08:14:22.0527 0484 amdsbs - ok 08:14:22.0649 0484 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 08:14:22.0652 0484 amdxata - ok 08:14:22.0756 0484 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys 08:14:22.0759 0484 amd_sata - ok 08:14:22.0866 0484 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys 08:14:22.0870 0484 amd_xata - ok 08:14:23.0018 0484 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 08:14:23.0023 0484 AppID - ok 08:14:23.0208 0484 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 08:14:23.0213 0484 arc - ok 08:14:23.0355 0484 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 08:14:23.0359 0484 arcsas - ok 08:14:23.0458 0484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 08:14:23.0463 0484 AsyncMac - ok 08:14:23.0566 0484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 08:14:23.0571 0484 atapi - ok 08:14:23.0798 0484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 08:14:23.0813 0484 b06bdrv - ok 08:14:23.0937 0484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 08:14:23.0944 0484 b57nd60a - ok 08:14:24.0051 0484 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 08:14:24.0056 0484 Beep - ok 08:14:24.0301 0484 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys 08:14:24.0323 0484 BHDrvx64 - ok 08:14:24.0432 0484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 08:14:24.0436 0484 blbdrive - ok 08:14:24.0543 0484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 08:14:24.0548 0484 bowser - ok 08:14:24.0645 0484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 08:14:24.0649 0484 BrFiltLo - ok 08:14:24.0749 0484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 08:14:24.0755 0484 BrFiltUp - ok 08:14:24.0912 0484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 08:14:24.0930 0484 Brserid - ok 08:14:25.0034 0484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 08:14:25.0038 0484 BrSerWdm - ok 08:14:25.0134 0484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 08:14:25.0139 0484 BrUsbMdm - ok 08:14:25.0245 0484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 08:14:25.0248 0484 BrUsbSer - ok 08:14:25.0348 0484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 08:14:25.0353 0484 BTHMODEM - ok 08:14:25.0467 0484 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 08:14:25.0472 0484 cdfs - ok 08:14:25.0576 0484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 08:14:25.0583 0484 cdrom - ok 08:14:25.0687 0484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 08:14:25.0690 0484 circlass - ok 08:14:25.0823 0484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 08:14:25.0832 0484 CLFS - ok 08:14:25.0997 0484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 08:14:26.0001 0484 CmBatt - ok 08:14:26.0114 0484 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 08:14:26.0119 0484 cmdide - ok 08:14:26.0229 0484 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 08:14:26.0241 0484 CNG - ok 08:14:26.0388 0484 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys 08:14:26.0413 0484 CnxtHdAudService - ok 08:14:26.0522 0484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 08:14:26.0525 0484 Compbatt - ok 08:14:26.0623 0484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 08:14:26.0627 0484 CompositeBus - ok 08:14:26.0747 0484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 08:14:26.0750 0484 crcdisk - ok 08:14:26.0921 0484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 08:14:26.0926 0484 DfsC - ok 08:14:27.0049 0484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 08:14:27.0053 0484 discache - ok 08:14:27.0215 0484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 08:14:27.0219 0484 Disk - ok 08:14:27.0338 0484 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 08:14:27.0341 0484 drmkaud - ok 08:14:27.0452 0484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 08:14:27.0467 0484 DXGKrnl - ok 08:14:27.0636 0484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 08:14:27.0694 0484 ebdrv - ok 08:14:27.0816 0484 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 08:14:27.0827 0484 eeCtrl - ok 08:14:28.0102 0484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 08:14:28.0114 0484 elxstor - ok 08:14:28.0314 0484 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:14:28.0318 0484 EraserUtilRebootDrv - ok 08:14:28.0515 0484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 08:14:28.0518 0484 ErrDev - ok 08:14:28.0810 0484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 08:14:28.0819 0484 exfat - ok 08:14:29.0083 0484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 08:14:29.0154 0484 fastfat - ok 08:14:29.0349 0484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 08:14:29.0394 0484 fdc - ok 08:14:29.0610 0484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 08:14:29.0614 0484 FileInfo - ok 08:14:29.0903 0484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 08:14:29.0909 0484 Filetrace - ok 08:14:30.0103 0484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 08:14:30.0108 0484 flpydisk - ok 08:14:30.0262 0484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 08:14:30.0271 0484 FltMgr - ok 08:14:30.0487 0484 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 08:14:30.0491 0484 FsDepends - ok 08:14:30.0667 0484 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 08:14:30.0670 0484 Fs_Rec - ok 08:14:31.0006 0484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 08:14:31.0011 0484 fvevol - ok 08:14:31.0201 0484 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys 08:14:31.0204 0484 FwLnk - ok 08:14:31.0319 0484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 08:14:31.0323 0484 gagp30kx - ok 08:14:31.0431 0484 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 08:14:31.0435 0484 GEARAspiWDM - ok 08:14:31.0598 0484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 08:14:31.0603 0484 hcw85cir - ok 08:14:31.0712 0484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 08:14:31.0721 0484 HdAudAddService - ok 08:14:31.0870 0484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 08:14:31.0873 0484 HDAudBus - ok 08:14:31.0965 0484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 08:14:31.0972 0484 HidBatt - ok 08:14:32.0068 0484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 08:14:32.0074 0484 HidBth - ok 08:14:32.0196 0484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 08:14:32.0201 0484 HidIr - ok 08:14:32.0337 0484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 08:14:32.0341 0484 HidUsb - ok 08:14:32.0464 0484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 08:14:32.0469 0484 HpSAMD - ok 08:14:32.0582 0484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 08:14:32.0602 0484 HTTP - ok 08:14:32.0730 0484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 08:14:32.0737 0484 hwpolicy - ok 08:14:32.0850 0484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 08:14:32.0855 0484 i8042prt - ok 08:14:32.0963 0484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 08:14:32.0974 0484 iaStorV - ok 08:14:33.0214 0484 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys 08:14:33.0229 0484 IDSVia64 - ok 08:14:33.0361 0484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 08:14:33.0365 0484 iirsp - ok 08:14:33.0472 0484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 08:14:33.0478 0484 intelide - ok 08:14:33.0586 0484 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 08:14:33.0592 0484 intelppm - ok 08:14:33.0697 0484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 08:14:33.0705 0484 IpFilterDriver - ok 08:14:33.0867 0484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 08:14:33.0873 0484 IPMIDRV - ok 08:14:34.0000 0484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 08:14:34.0007 0484 IPNAT - ok 08:14:34.0116 0484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 08:14:34.0121 0484 IRENUM - ok 08:14:34.0236 0484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 08:14:34.0240 0484 isapnp - ok 08:14:34.0337 0484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 08:14:34.0347 0484 iScsiPrt - ok 08:14:34.0449 0484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 08:14:34.0454 0484 kbdclass - ok 08:14:34.0560 0484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 08:14:34.0564 0484 kbdhid - ok 08:14:34.0661 0484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 08:14:34.0666 0484 KSecDD - ok 08:14:34.0776 0484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 08:14:34.0783 0484 KSecPkg - ok 08:14:34.0890 0484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 08:14:34.0895 0484 ksthunk - ok 08:14:35.0010 0484 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys 08:14:35.0015 0484 L1C - ok 08:14:35.0171 0484 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 08:14:35.0177 0484 lltdio - ok 08:14:35.0308 0484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 08:14:35.0314 0484 LSI_FC - ok 08:14:35.0410 0484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 08:14:35.0414 0484 LSI_SAS - ok 08:14:35.0523 0484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 08:14:35.0526 0484 LSI_SAS2 - ok 08:14:35.0627 0484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 08:14:35.0633 0484 LSI_SCSI - ok 08:14:35.0754 0484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 08:14:35.0758 0484 luafv - ok 08:14:35.0900 0484 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys 08:14:35.0903 0484 MBAMProtector - ok 08:14:36.0018 0484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 08:14:36.0024 0484 megasas - ok 08:14:36.0148 0484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 08:14:36.0166 0484 MegaSR - ok 08:14:36.0282 0484 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 08:14:36.0287 0484 Modem - ok 08:14:36.0398 0484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 08:14:36.0399 0484 monitor - ok 08:14:36.0512 0484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 08:14:36.0517 0484 mouclass - ok 08:14:36.0630 0484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 08:14:36.0634 0484 mouhid - ok 08:14:36.0737 0484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 08:14:36.0740 0484 mountmgr - ok 08:14:36.0861 0484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 08:14:36.0869 0484 mpio - ok 08:14:36.0962 0484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 08:14:36.0966 0484 mpsdrv - ok 08:14:37.0103 0484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 08:14:37.0109 0484 MRxDAV - ok 08:14:37.0227 0484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 08:14:37.0234 0484 mrxsmb - ok 08:14:37.0328 0484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 08:14:37.0336 0484 mrxsmb10 - ok 08:14:37.0424 0484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 08:14:37.0428 0484 mrxsmb20 - ok 08:14:37.0523 0484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 08:14:37.0528 0484 msahci - ok 08:14:37.0623 0484 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 08:14:37.0630 0484 msdsm - ok 08:14:37.0786 0484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 08:14:37.0790 0484 Msfs - ok 08:14:37.0900 0484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 08:14:37.0902 0484 mshidkmdf - ok 08:14:37.0994 0484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 08:14:37.0998 0484 msisadrv - ok 08:14:38.0119 0484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 08:14:38.0126 0484 MSKSSRV - ok 08:14:38.0254 0484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 08:14:38.0257 0484 MSPCLOCK - ok 08:14:38.0360 0484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 08:14:38.0364 0484 MSPQM - ok 08:14:38.0471 0484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 08:14:38.0485 0484 MsRPC - ok 08:14:38.0587 0484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 08:14:38.0589 0484 mssmbios - ok 08:14:38.0683 0484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 08:14:38.0688 0484 MSTEE - ok 08:14:38.0800 0484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 08:14:38.0806 0484 MTConfig - ok 08:14:38.0952 0484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 08:14:38.0955 0484 Mup - ok 08:14:39.0091 0484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 08:14:39.0098 0484 NativeWifiP - ok 08:14:39.0253 0484 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS 08:14:39.0260 0484 NAVENG - ok 08:14:39.0462 0484 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS 08:14:39.0492 0484 NAVEX15 - ok 08:14:39.0623 0484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 08:14:39.0638 0484 NDIS - ok 08:14:39.0756 0484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 08:14:39.0780 0484 NdisCap - ok 08:14:39.0937 0484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 08:14:39.0942 0484 NdisTapi - ok 08:14:40.0054 0484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 08:14:40.0058 0484 Ndisuio - ok 08:14:40.0164 0484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 08:14:40.0171 0484 NdisWan - ok 08:14:40.0275 0484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 08:14:40.0279 0484 NDProxy - ok 08:14:40.0378 0484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 08:14:40.0381 0484 NetBIOS - ok 08:14:40.0483 0484 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 08:14:40.0489 0484 NetBT - ok 08:14:40.0613 0484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 08:14:40.0618 0484 nfrd960 - ok 08:14:40.0745 0484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 08:14:40.0751 0484 Npfs - ok 08:14:40.0869 0484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 08:14:40.0871 0484 nsiproxy - ok 08:14:40.0948 0484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 08:14:40.0973 0484 Ntfs - ok 08:14:41.0055 0484 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 08:14:41.0059 0484 Null - ok 08:14:41.0159 0484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 08:14:41.0165 0484 nvraid - ok 08:14:41.0275 0484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 08:14:41.0284 0484 nvstor - ok 08:14:41.0384 0484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 08:14:41.0391 0484 nv_agp - ok 08:14:41.0512 0484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 08:14:41.0520 0484 ohci1394 - ok 08:14:41.0661 0484 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 08:14:41.0666 0484 Parport - ok 08:14:41.0778 0484 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 08:14:41.0784 0484 partmgr - ok 08:14:41.0891 0484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 08:14:41.0894 0484 pci - ok 08:14:41.0988 0484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 08:14:41.0992 0484 pciide - ok 08:14:42.0089 0484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 08:14:42.0096 0484 pcmcia - ok 08:14:42.0185 0484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 08:14:42.0189 0484 pcw - ok 08:14:42.0320 0484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 08:14:42.0336 0484 PEAUTH - ok 08:14:42.0486 0484 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 08:14:42.0491 0484 PGEffect - ok 08:14:42.0639 0484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 08:14:42.0643 0484 PptpMiniport - ok 08:14:42.0744 0484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 08:14:42.0749 0484 Processor - ok 08:14:42.0892 0484 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 08:14:42.0896 0484 Psched - ok 08:14:43.0051 0484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 08:14:43.0076 0484 ql2300 - ok 08:14:43.0335 0484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 08:14:43.0340 0484 ql40xx - ok 08:14:43.0443 0484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 08:14:43.0446 0484 QWAVEdrv - ok 08:14:43.0548 0484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 08:14:43.0554 0484 RasAcd - ok 08:14:43.0650 0484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 08:14:43.0654 0484 RasAgileVpn - ok 08:14:43.0804 0484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 08:14:43.0811 0484 Rasl2tp - ok 08:14:43.0919 0484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 08:14:43.0924 0484 RasPppoe - ok 08:14:44.0027 0484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 08:14:44.0031 0484 RasSstp - ok 08:14:44.0123 0484 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 08:14:44.0130 0484 rdbss - ok 08:14:44.0219 0484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 08:14:44.0222 0484 rdpbus - ok 08:14:44.0346 0484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 08:14:44.0349 0484 RDPCDD - ok 08:14:44.0465 0484 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\windows\system32\DRIVERS\rdpdispm.sys 08:14:44.0468 0484 RDPDISPM - ok 08:14:44.0579 0484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 08:14:44.0582 0484 RDPENCDD - ok 08:14:44.0687 0484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 08:14:44.0690 0484 RDPREFMP - ok 08:14:44.0825 0484 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys 08:14:44.0834 0484 RDPWD - ok 08:14:44.0944 0484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 08:14:44.0951 0484 rdyboost - ok 08:14:45.0070 0484 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys 08:14:45.0074 0484 RimUsb - ok 08:14:45.0212 0484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 08:14:45.0217 0484 rspndr - ok 08:14:45.0351 0484 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys 08:14:45.0360 0484 RSUSBSTOR - ok 08:14:45.0491 0484 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 08:14:45.0508 0484 RTL8192Ce - ok 08:14:45.0610 0484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 08:14:45.0619 0484 sbp2port - ok 08:14:45.0753 0484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 08:14:45.0758 0484 scfilter - ok 08:14:45.0895 0484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 08:14:45.0900 0484 secdrv - ok 08:14:46.0027 0484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 08:14:46.0030 0484 Serenum - ok 08:14:46.0141 0484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 08:14:46.0145 0484 Serial - ok 08:14:46.0263 0484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 08:14:46.0269 0484 sermouse - ok 08:14:46.0418 0484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 08:14:46.0421 0484 sffdisk - ok 08:14:46.0530 0484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 08:14:46.0533 0484 sffp_mmc - ok 08:14:46.0663 0484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 08:14:46.0669 0484 sffp_sd - ok 08:14:46.0797 0484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 08:14:46.0802 0484 sfloppy - ok 08:14:46.0943 0484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 08:14:46.0947 0484 SiSRaid2 - ok 08:14:47.0067 0484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 08:14:47.0073 0484 SiSRaid4 - ok 08:14:47.0180 0484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 08:14:47.0188 0484 Smb - ok 08:14:47.0305 0484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 08:14:47.0311 0484 spldr - ok 08:14:47.0486 0484 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS 08:14:47.0508 0484 SRTSP - ok 08:14:47.0636 0484 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS 08:14:47.0641 0484 SRTSPX - ok 08:14:47.0773 0484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 08:14:47.0787 0484 srv - ok 08:14:47.0910 0484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 08:14:47.0919 0484 srv2 - ok 08:14:48.0014 0484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 08:14:48.0022 0484 srvnet - ok 08:14:48.0147 0484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 08:14:48.0151 0484 stexstor - ok 08:14:48.0262 0484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 08:14:48.0265 0484 swenum - ok 08:14:48.0425 0484 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS 08:14:48.0434 0484 SymDS - ok 08:14:48.0594 0484 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS 08:14:48.0608 0484 SymEFA - ok 08:14:48.0720 0484 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 08:14:48.0726 0484 SymEvent - ok 08:14:48.0880 0484 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS 08:14:48.0887 0484 SymIRON - ok 08:14:49.0071 0484 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS 08:14:49.0084 0484 SymNetS - ok 08:14:49.0257 0484 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 08:14:49.0285 0484 Tcpip - ok 08:14:49.0458 0484 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 08:14:49.0478 0484 TCPIP6 - ok 08:14:49.0572 0484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 08:14:49.0575 0484 tcpipreg - ok 08:14:49.0671 0484 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 08:14:49.0675 0484 tdcmdpst - ok 08:14:49.0819 0484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 08:14:49.0823 0484 TDPIPE - ok 08:14:49.0928 0484 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys 08:14:49.0935 0484 TDTCP - ok 08:14:50.0041 0484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 08:14:50.0046 0484 tdx - ok 08:14:50.0148 0484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 08:14:50.0152 0484 TermDD - ok 08:14:50.0329 0484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 08:14:50.0333 0484 tssecsrv - ok 08:14:50.0456 0484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 08:14:50.0461 0484 TsUsbFlt - ok 08:14:50.0557 0484 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 08:14:50.0561 0484 TsUsbGD - ok 08:14:50.0684 0484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 08:14:50.0695 0484 tunnel - ok 08:14:50.0808 0484 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 08:14:50.0813 0484 TVALZ - ok 08:14:50.0887 0484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 08:14:50.0892 0484 uagp35 - ok 08:14:50.0986 0484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 08:14:50.0994 0484 udfs - ok 08:14:51.0115 0484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 08:14:51.0119 0484 uliagpkx - ok 08:14:51.0217 0484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 08:14:51.0221 0484 umbus - ok 08:14:51.0322 0484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 08:14:51.0327 0484 UmPass - ok 08:14:51.0423 0484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 08:14:51.0428 0484 usbccgp - ok 08:14:51.0510 0484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 08:14:51.0515 0484 usbcir - ok 08:14:51.0602 0484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 08:14:51.0606 0484 usbehci - ok 08:14:51.0713 0484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 08:14:51.0721 0484 usbhub - ok 08:14:51.0836 0484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 08:14:51.0841 0484 usbohci - ok 08:14:51.0951 0484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 08:14:51.0956 0484 usbprint - ok 08:14:52.0060 0484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 08:14:52.0066 0484 USBSTOR - ok 08:14:52.0163 0484 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 08:14:52.0169 0484 usbuhci - ok 08:14:52.0280 0484 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 08:14:52.0288 0484 usbvideo - ok 08:14:52.0410 0484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 08:14:52.0414 0484 vdrvroot - ok 08:14:52.0529 0484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 08:14:52.0533 0484 vga - ok 08:14:52.0628 0484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 08:14:52.0631 0484 VgaSave - ok 08:14:52.0744 0484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 08:14:52.0749 0484 vhdmp - ok 08:14:52.0857 0484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 08:14:52.0862 0484 viaide - ok 08:14:52.0977 0484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 08:14:52.0982 0484 volmgr - ok 08:14:53.0091 0484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 08:14:53.0099 0484 volmgrx - ok 08:14:53.0218 0484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 08:14:53.0226 0484 volsnap - ok 08:14:53.0328 0484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 08:14:53.0337 0484 vsmraid - ok 08:14:53.0627 0484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 08:14:53.0630 0484 vwifibus - ok 08:14:53.0725 0484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 08:14:53.0729 0484 vwififlt - ok 08:14:53.0867 0484 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 08:14:53.0872 0484 vwifimp - ok 08:14:53.0993 0484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 08:14:54.0000 0484 WacomPen - ok 08:14:54.0115 0484 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 08:14:54.0122 0484 WANARP - ok 08:14:54.0142 0484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 08:14:54.0145 0484 Wanarpv6 - ok 08:14:54.0274 0484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 08:14:54.0278 0484 Wd - ok 08:14:54.0389 0484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 08:14:54.0401 0484 Wdf01000 - ok 08:14:54.0554 0484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 08:14:54.0556 0484 WfpLwf - ok 08:14:54.0660 0484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 08:14:54.0664 0484 WIMMount - ok 08:14:54.0894 0484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 08:14:54.0900 0484 WmiAcpi - ok 08:14:55.0052 0484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 08:14:55.0055 0484 ws2ifsl - ok 08:14:55.0180 0484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 08:14:55.0184 0484 WudfPf - ok 08:14:55.0298 0484 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 08:14:55.0303 0484 WUDFRd - ok 08:14:55.0370 0484 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0 08:14:55.0424 0484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 08:14:55.0425 0484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 08:14:55.0451 0484 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0 08:14:55.0453 0484 \Device\Harddisk0\DR0\Partition0 - ok 08:14:55.0457 0484 ============================================================ 08:14:55.0457 0484 Scan finished 08:14:55.0457 0484 ============================================================ 08:14:55.0488 3292 Detected object count: 1 08:14:55.0488 3292 Actual detected object count: 1 08:15:16.0027 3292 \Device\Harddisk0\DR0\# - copied to quarantine 08:15:16.0029 3292 \Device\Harddisk0\DR0 - copied to quarantine 08:15:16.0654 3292 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 08:15:16.0658 3292 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 08:15:16.0674 3292 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 08:15:16.0689 3292 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 08:15:16.0698 3292 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 08:15:16.0716 3292 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 08:15:16.0752 3292 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 08:15:16.0760 3292 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 08:15:16.0765 3292 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 08:15:16.0771 3292 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 08:15:16.0850 3292 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 08:15:16.0852 3292 \Device\Harddisk0\DR0 - ok 08:15:17.0367 3292 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 08:15:35.0003 3660 Deinitialize success
  4. Need help beating this Trojan. Spybot and Malwarebytes won't touch it. I've attached the DDS logs. Thanks in advance! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.