Jump to content

Trojan Downloader Activity 2 Detected


Recommended Posts

Hello my first time posting here. My Symantec Endpoint Protection small business Edition version: 12.0.1001.95. has

detected Sid: 23090 Trojan Downloader Activity 2 detected.

I have done a full scan with the symantec and malware but nothing came up and it still keeps popping up.

This is the log from maleware, I hope this helps. Thank you for your help.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7802

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/26/2011 10:54:43 AM

mbam-log-2011-09-26 (10-54-43).txt

Scan type: Quick scan

Objects scanned: 167972

Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Thank you for your help. But what does trojan downloader activity 2 detected mean?

Here are the two logs.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7812

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/27/2011 10:40:08 PM

mbam-log-2011-09-27 (22-40-08).txt

Scan type: Quick scan

Objects scanned: 168414

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 22:41:28 on 2011-09-27

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2288 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

uSearch Bar = Preserve

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: TorrentSeek Toolbar: {6bcb43af-a20f-4996-8860-48f511a222db} - c:\program files\torrentseek\tbTorr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -

mRun: [<NO NAME>]

dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{091BFC2A-E4C2-48AF-86DC-E38B8B6E0E1A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 NetAccelerator;NetAccelerator_Service;c:\program files\bondisk.com\bondisk(normal)\NetAccelerator.exe [2011-9-19 147456]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-10 1775344]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-26 105592]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2009-5-20 552960]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S2 Bondisk Update Service;Bondisk Update Service;c:\program files\bondisk.com\bondisk(normal)\BonUpdate.exe [2011-5-30 1003008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\qdown(normal)\QAutoUP.exe [2011-5-30 1003008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-26 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-25 1343400]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S4 SuperDownService;SuperDown Download Service;c:\program files\superdown\SuperDownService.exe [2011-9-1 150528]

S4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-8-27 1337432]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-17 06:15:40 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05:14 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-09-17 06:01:23 -------- d-----w- c:\programdata\Battle.net

2011-09-14 18:38:19 -------- d-----w- c:\program files\ESET

2011-09-07 22:07:42 -------- d-----w- c:\users\main\appdata\local\Microsoft Games

2011-09-04 21:04:20 0 ----a-w- c:\windows\system32\0.45552337830943324.exe

2011-09-04 18:16:39 0 ----a-w- c:\windows\system32\0.2141507338584564.exe

2011-09-04 16:03:25 0 ----a-w- c:\windows\system32\0.9316687117997196.exe

2011-09-04 05:27:34 -------- d-----w- c:\users\main\appdata\roaming\Malwarebytes

2011-09-04 05:27:29 -------- d-----w- c:\programdata\Malwarebytes

2011-09-04 05:27:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-04 05:27:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-04 03:00:10 0 ----a-w- c:\windows\system32\0.27306740916380956.exe

2011-09-03 18:11:14 0 ----a-w- c:\windows\system32\0.2143360744844789.exe

2011-09-03 02:45:50 0 ----a-w- c:\windows\system32\0.20350332604267252.exe

2011-09-02 05:45:18 -------- d-----w- c:\program files\YouTube Downloader Toolbar

2011-09-02 05:45:18 -------- d-----w- c:\program files\common files\Spigot

2011-09-02 05:45:18 -------- d-----w- c:\program files\Application Updater

2011-09-02 05:45:04 -------- d-----w- c:\programdata\YouTube Downloader

2011-09-02 05:45:01 -------- d-----w- c:\program files\YouTube Downloader

2011-09-02 03:51:23 -------- d-----w- c:\users\main\appdata\local\{EFC50DFA-D5BD-4B1F-8059-E15B5EC8AA4D}

2011-09-02 03:51:12 -------- d-----w- c:\users\main\appdata\local\{D2AA0168-D285-43BB-BE91-8766B0D01F42}

2011-09-02 03:51:11 -------- d-----w- c:\users\main\appdata\local\{6EEAD518-BD84-4A16-AFC4-FA06371ADA3C}

2011-09-01 17:59:50 0 ----a-w- c:\windows\system32\0.6142422367986187.exe

2011-08-31 06:31:07 0 ----a-w- c:\windows\system32\0.0233003980302956.exe

2011-08-29 23:13:24 -------- d-----w- c:\program files\Verizon

2011-08-29 22:36:07 -------- d-----w- c:\users\main\appdata\local\Google

2011-08-29 22:35:49 -------- d-----w- c:\users\main\appdata\local\Apps

2011-08-29 22:35:48 -------- d-----w- c:\users\main\appdata\local\Deployment

2011-08-29 22:23:32 -------- d-----w- c:\windows\pss

2011-08-29 22:04:07 -------- d-----w- c:\users\main\appdata\local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2011-09-24 16:36:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 06:17:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17:28 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05:39 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 06:19:24 411368 ----a-w- c:\windows\system32\deploytk.dll

2011-08-26 05:23:18 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x878004C0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x878078a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x87807730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }

1 ntkrnlpa!IofCallDriver[0x82C6F52A] -> \Device\Harddisk0\DR0[0x87595030]

3 CLASSPNP[0x8CBB159E] -> ntkrnlpa!IofCallDriver[0x82C6F52A] -> [0x87895A18]

\Driver\iaStorV[0x8779FD58] -> IRP_MJ_CREATE -> 0x878004C0

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 22:42:23.27 ===============

Thanks again for your help.

Link to post
Share on other sites

  • Staff

Anyone who is not entropyall, please start your own topic to receive assistance.

entropyall,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Here are the logs.

22:55:05.0705 5036 TDSS rootkit removing tool 2.6.3.0 Oct 1 2011 13:14:27

22:55:06.0272 5036 ============================================================

22:55:06.0273 5036 Current date / time: 2011/10/02 22:55:06.0272

22:55:06.0273 5036 SystemInfo:

22:55:06.0273 5036

22:55:06.0273 5036 OS Version: 6.1.7601 ServicePack: 1.0

22:55:06.0273 5036 Product type: Workstation

22:55:06.0273 5036 ComputerName: MAIN-PC

22:55:06.0273 5036 UserName: Main

22:55:06.0273 5036 Windows directory: C:\Windows

22:55:06.0273 5036 System windows directory: C:\Windows

22:55:06.0273 5036 Processor architecture: Intel x86

22:55:06.0273 5036 Number of processors: 4

22:55:06.0273 5036 Page size: 0x1000

22:55:06.0273 5036 Boot type: Normal boot

22:55:06.0273 5036 ============================================================

22:55:08.0387 5036 Initialize success

22:55:12.0580 2352 ============================================================

22:55:12.0580 2352 Scan started

22:55:12.0580 2352 Mode: Manual;

22:55:12.0580 2352 ============================================================

22:55:13.0471 2352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:55:13.0474 2352 1394ohci - ok

22:55:13.0518 2352 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:55:13.0522 2352 ACPI - ok

22:55:13.0554 2352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:55:13.0563 2352 AcpiPmi - ok

22:55:13.0605 2352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:55:13.0622 2352 adp94xx - ok

22:55:13.0645 2352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:55:13.0662 2352 adpahci - ok

22:55:13.0673 2352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:55:13.0683 2352 adpu320 - ok

22:55:13.0734 2352 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:55:13.0738 2352 AFD - ok

22:55:13.0770 2352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:55:13.0781 2352 agp440 - ok

22:55:13.0808 2352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:55:13.0828 2352 aic78xx - ok

22:55:13.0869 2352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:55:13.0878 2352 aliide - ok

22:55:13.0914 2352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:55:13.0924 2352 amdagp - ok

22:55:13.0937 2352 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:55:13.0947 2352 amdide - ok

22:55:13.0962 2352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:55:13.0972 2352 AmdK8 - ok

22:55:14.0163 2352 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

22:55:14.0320 2352 amdkmdag - ok

22:55:14.0405 2352 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

22:55:14.0409 2352 amdkmdap - ok

22:55:14.0464 2352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:55:14.0473 2352 AmdPPM - ok

22:55:14.0509 2352 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:55:14.0519 2352 amdsata - ok

22:55:14.0541 2352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:55:14.0553 2352 amdsbs - ok

22:55:14.0569 2352 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:55:14.0571 2352 amdxata - ok

22:55:14.0622 2352 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:55:14.0630 2352 AppID - ok

22:55:14.0699 2352 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:55:14.0710 2352 arc - ok

22:55:14.0725 2352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:55:14.0736 2352 arcsas - ok

22:55:14.0762 2352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:55:14.0764 2352 AsyncMac - ok

22:55:14.0800 2352 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:55:14.0802 2352 atapi - ok

22:55:15.0005 2352 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

22:55:15.0047 2352 atikmdag - ok

22:55:15.0157 2352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:55:15.0181 2352 b06bdrv - ok

22:55:15.0245 2352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:55:15.0259 2352 b57nd60x - ok

22:55:15.0296 2352 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:55:15.0297 2352 Beep - ok

22:55:15.0322 2352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:55:15.0323 2352 blbdrive - ok

22:55:15.0367 2352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:55:15.0368 2352 bowser - ok

22:55:15.0396 2352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:55:15.0404 2352 BrFiltLo - ok

22:55:15.0423 2352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:55:15.0430 2352 BrFiltUp - ok

22:55:15.0455 2352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:55:15.0472 2352 Brserid - ok

22:55:15.0481 2352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:55:15.0488 2352 BrSerWdm - ok

22:55:15.0496 2352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:55:15.0502 2352 BrUsbMdm - ok

22:55:15.0510 2352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:55:15.0516 2352 BrUsbSer - ok

22:55:15.0525 2352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:55:15.0532 2352 BTHMODEM - ok

22:55:15.0584 2352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:55:15.0592 2352 cdfs - ok

22:55:15.0626 2352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

22:55:15.0628 2352 cdrom - ok

22:55:15.0678 2352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:55:15.0708 2352 circlass - ok

22:55:15.0830 2352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:55:15.0833 2352 CLFS - ok

22:55:15.0904 2352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:55:15.0913 2352 CmBatt - ok

22:55:15.0939 2352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:55:15.0948 2352 cmdide - ok

22:55:16.0009 2352 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

22:55:16.0015 2352 CNG - ok

22:55:16.0032 2352 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:55:16.0042 2352 Compbatt - ok

22:55:16.0095 2352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:55:16.0097 2352 CompositeBus - ok

22:55:16.0120 2352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:55:16.0129 2352 crcdisk - ok

22:55:16.0179 2352 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

22:55:16.0184 2352 CSC - ok

22:55:16.0233 2352 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

22:55:16.0235 2352 DfsC - ok

22:55:16.0266 2352 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:55:16.0267 2352 discache - ok

22:55:16.0287 2352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:55:16.0289 2352 Disk - ok

22:55:16.0329 2352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:55:16.0337 2352 drmkaud - ok

22:55:16.0375 2352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:55:16.0397 2352 DXGKrnl - ok

22:55:16.0454 2352 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

22:55:16.0458 2352 e1express - ok

22:55:16.0545 2352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:55:16.0663 2352 ebdrv - ok

22:55:16.0771 2352 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:55:16.0788 2352 eeCtrl - ok

22:55:17.0150 2352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:55:17.0176 2352 elxstor - ok

22:55:17.0271 2352 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:55:17.0281 2352 EraserUtilRebootDrv - ok

22:55:17.0473 2352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:55:17.0481 2352 ErrDev - ok

22:55:17.0620 2352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:55:17.0632 2352 exfat - ok

22:55:17.0694 2352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:55:17.0706 2352 fastfat - ok

22:55:17.0734 2352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:55:17.0743 2352 fdc - ok

22:55:17.0760 2352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:55:17.0762 2352 FileInfo - ok

22:55:17.0773 2352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:55:17.0783 2352 Filetrace - ok

22:55:17.0792 2352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:55:17.0801 2352 flpydisk - ok

22:55:17.0825 2352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:55:17.0828 2352 FltMgr - ok

22:55:17.0845 2352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:55:17.0854 2352 FsDepends - ok

22:55:17.0888 2352 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys

22:55:17.0897 2352 fssfltr - ok

22:55:17.0908 2352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:55:17.0910 2352 Fs_Rec - ok

22:55:17.0943 2352 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:55:17.0946 2352 fvevol - ok

22:55:17.0968 2352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:55:17.0977 2352 gagp30kx - ok

22:55:18.0028 2352 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys

22:55:18.0034 2352 hcw18bda - ok

22:55:18.0044 2352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:55:18.0054 2352 hcw85cir - ok

22:55:18.0104 2352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

22:55:18.0108 2352 HdAudAddService - ok

22:55:18.0162 2352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:55:18.0165 2352 HDAudBus - ok

22:55:18.0770 2352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:55:18.0785 2352 HidBatt - ok

22:55:18.0875 2352 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:55:18.0885 2352 HidBth - ok

22:55:18.0939 2352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:55:18.0948 2352 HidIr - ok

22:55:18.0991 2352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

22:55:18.0993 2352 HidUsb - ok

22:55:19.0021 2352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:55:19.0031 2352 HpSAMD - ok

22:55:19.0087 2352 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:55:19.0101 2352 HTTP - ok

22:55:19.0120 2352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:55:19.0122 2352 hwpolicy - ok

22:55:19.0156 2352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

22:55:19.0166 2352 i8042prt - ok

22:55:19.0189 2352 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:55:19.0192 2352 iaStorV - ok

22:55:19.0379 2352 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:55:19.0387 2352 iirsp - ok

22:55:19.0556 2352 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

22:55:19.0625 2352 IntcAzAudAddService - ok

22:55:19.0673 2352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:55:19.0682 2352 intelide - ok

22:55:19.0720 2352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:55:19.0721 2352 intelppm - ok

22:55:19.0746 2352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:55:19.0761 2352 IpFilterDriver - ok

22:55:19.0799 2352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:55:19.0809 2352 IPMIDRV - ok

22:55:19.0819 2352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:55:19.0830 2352 IPNAT - ok

22:55:19.0849 2352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:55:19.0857 2352 IRENUM - ok

22:55:19.0888 2352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:55:19.0899 2352 isapnp - ok

22:55:19.0939 2352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:55:19.0972 2352 iScsiPrt - ok

22:55:20.0008 2352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

22:55:20.0009 2352 kbdclass - ok

22:55:20.0042 2352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

22:55:20.0044 2352 kbdhid - ok

22:55:20.0079 2352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

22:55:20.0081 2352 KSecDD - ok

22:55:20.0108 2352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

22:55:20.0109 2352 KSecPkg - ok

22:55:20.0160 2352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:55:20.0162 2352 lltdio - ok

22:55:20.0206 2352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:55:20.0214 2352 LSI_FC - ok

22:55:20.0223 2352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:55:20.0231 2352 LSI_SAS - ok

22:55:20.0241 2352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:55:20.0248 2352 LSI_SAS2 - ok

22:55:20.0257 2352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:55:20.0265 2352 LSI_SCSI - ok

22:55:20.0281 2352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:55:20.0283 2352 luafv - ok

22:55:20.0307 2352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:55:20.0315 2352 megasas - ok

22:55:20.0325 2352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:55:20.0337 2352 MegaSR - ok

22:55:20.0375 2352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:55:20.0383 2352 Modem - ok

22:55:20.0417 2352 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:55:20.0419 2352 monitor - ok

22:55:20.0451 2352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

22:55:20.0452 2352 mouclass - ok

22:55:20.0482 2352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:55:20.0483 2352 mouhid - ok

22:55:20.0512 2352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:55:20.0514 2352 mountmgr - ok

22:55:20.0547 2352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:55:20.0557 2352 mpio - ok

22:55:20.0577 2352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:55:20.0578 2352 mpsdrv - ok

22:55:20.0614 2352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:55:20.0622 2352 MRxDAV - ok

22:55:20.0680 2352 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:55:20.0682 2352 mrxsmb - ok

22:55:20.0710 2352 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:55:20.0714 2352 mrxsmb10 - ok

22:55:20.0726 2352 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:55:20.0728 2352 mrxsmb20 - ok

22:55:20.0755 2352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:55:20.0762 2352 msahci - ok

22:55:20.0807 2352 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:55:20.0816 2352 msdsm - ok

22:55:20.0877 2352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:55:20.0879 2352 Msfs - ok

22:55:20.0916 2352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:55:20.0923 2352 mshidkmdf - ok

22:55:20.0943 2352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:55:20.0945 2352 msisadrv - ok

22:55:20.0988 2352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:55:20.0994 2352 MSKSSRV - ok

22:55:21.0003 2352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:55:21.0008 2352 MSPCLOCK - ok

22:55:21.0017 2352 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:55:21.0022 2352 MSPQM - ok

22:55:21.0032 2352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:55:21.0034 2352 MsRPC - ok

22:55:21.0052 2352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:55:21.0053 2352 mssmbios - ok

22:55:21.0063 2352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:55:21.0068 2352 MSTEE - ok

22:55:21.0089 2352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:55:21.0096 2352 MTConfig - ok

22:55:21.0105 2352 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:55:21.0106 2352 Mup - ok

22:55:21.0152 2352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:55:21.0155 2352 NativeWifiP - ok

22:55:21.0496 2352 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111002.004\NAVENG.SYS

22:55:21.0498 2352 NAVENG - ok

22:55:21.0641 2352 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111002.004\NAVEX15.SYS

22:55:21.0693 2352 NAVEX15 - ok

22:55:21.0946 2352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:55:21.0968 2352 NDIS - ok

22:55:22.0054 2352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:55:22.0064 2352 NdisCap - ok

22:55:22.0121 2352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:55:22.0123 2352 NdisTapi - ok

22:55:22.0163 2352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:55:22.0164 2352 Ndisuio - ok

22:55:22.0198 2352 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:55:22.0200 2352 NdisWan - ok

22:55:22.0247 2352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:55:22.0248 2352 NDProxy - ok

22:55:22.0325 2352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:55:22.0326 2352 NetBIOS - ok

22:55:22.0355 2352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:55:22.0357 2352 NetBT - ok

22:55:22.0422 2352 netr73 (bc1522f7871fd0ce25b164a83dd09dad) C:\Windows\system32\DRIVERS\netr73.sys

22:55:22.0429 2352 netr73 - ok

22:55:22.0478 2352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:55:22.0487 2352 nfrd960 - ok

22:55:22.0517 2352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:55:22.0518 2352 Npfs - ok

22:55:22.0531 2352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:55:22.0533 2352 nsiproxy - ok

22:55:22.0580 2352 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:55:22.0626 2352 Ntfs - ok

22:55:22.0636 2352 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:55:22.0637 2352 Null - ok

22:55:22.0677 2352 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:55:22.0686 2352 nvraid - ok

22:55:22.0709 2352 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:55:22.0719 2352 nvstor - ok

22:55:22.0738 2352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:55:22.0747 2352 nv_agp - ok

22:55:22.0776 2352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:55:22.0784 2352 ohci1394 - ok

22:55:22.0828 2352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:55:22.0836 2352 Parport - ok

22:55:22.0867 2352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:55:22.0869 2352 partmgr - ok

22:55:22.0889 2352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:55:22.0896 2352 Parvdm - ok

22:55:22.0925 2352 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:55:22.0928 2352 pci - ok

22:55:22.0959 2352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

22:55:22.0966 2352 pciide - ok

22:55:23.0000 2352 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:55:23.0014 2352 pcmcia - ok

22:55:23.0036 2352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:55:23.0037 2352 pcw - ok

22:55:23.0063 2352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:55:23.0076 2352 PEAUTH - ok

22:55:23.0155 2352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:55:23.0156 2352 PptpMiniport - ok

22:55:23.0178 2352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:55:23.0187 2352 Processor - ok

22:55:23.0219 2352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:55:23.0221 2352 Psched - ok

22:55:23.0274 2352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:55:23.0325 2352 ql2300 - ok

22:55:23.0346 2352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:55:23.0402 2352 ql40xx - ok

22:55:23.0429 2352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:55:23.0438 2352 QWAVEdrv - ok

22:55:23.0457 2352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:55:23.0466 2352 RasAcd - ok

22:55:23.0503 2352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:55:23.0505 2352 RasAgileVpn - ok

22:55:23.0528 2352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:55:23.0529 2352 Rasl2tp - ok

22:55:23.0552 2352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:55:23.0554 2352 RasPppoe - ok

22:55:23.0566 2352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:55:23.0568 2352 RasSstp - ok

22:55:23.0607 2352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:55:23.0610 2352 rdbss - ok

22:55:23.0676 2352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:55:23.0678 2352 rdpbus - ok

22:55:23.0701 2352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:55:23.0702 2352 RDPCDD - ok

22:55:23.0736 2352 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

22:55:23.0751 2352 RDPDR - ok

22:55:23.0802 2352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:55:23.0804 2352 RDPENCDD - ok

22:55:23.0827 2352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:55:23.0828 2352 RDPREFMP - ok

22:55:23.0891 2352 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

22:55:23.0898 2352 RdpVideoMiniport - ok

22:55:23.0924 2352 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

22:55:23.0934 2352 RDPWD - ok

22:55:23.0975 2352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:55:23.0978 2352 rdyboost - ok

22:55:24.0047 2352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:55:24.0049 2352 rspndr - ok

22:55:24.0079 2352 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

22:55:24.0085 2352 s3cap - ok

22:55:24.0121 2352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:55:24.0130 2352 sbp2port - ok

22:55:24.0175 2352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:55:24.0182 2352 scfilter - ok

22:55:24.0239 2352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:55:24.0240 2352 secdrv - ok

22:55:24.0321 2352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:55:24.0329 2352 Serenum - ok

22:55:24.0367 2352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:55:24.0377 2352 Serial - ok

22:55:24.0418 2352 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:55:24.0427 2352 sermouse - ok

22:55:24.0476 2352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:55:24.0483 2352 sffdisk - ok

22:55:24.0498 2352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:55:24.0505 2352 sffp_mmc - ok

22:55:24.0516 2352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:55:24.0522 2352 sffp_sd - ok

22:55:24.0544 2352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:55:24.0551 2352 sfloppy - ok

22:55:24.0588 2352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:55:24.0596 2352 sisagp - ok

22:55:24.0609 2352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:55:24.0617 2352 SiSRaid2 - ok

22:55:24.0626 2352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:55:24.0634 2352 SiSRaid4 - ok

22:55:24.0654 2352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:55:24.0662 2352 Smb - ok

22:55:24.0777 2352 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

22:55:24.0792 2352 SPBBCDrv - ok

22:55:24.0869 2352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:55:24.0871 2352 spldr - ok

22:55:24.0958 2352 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys

22:55:24.0958 2352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

22:55:24.0960 2352 sptd ( LockedFile.Multi.Generic ) - warning

22:55:24.0961 2352 sptd - detected LockedFile.Multi.Generic (1)

22:55:25.0022 2352 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS

22:55:25.0027 2352 SRTSP - ok

22:55:25.0089 2352 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS

22:55:25.0106 2352 SRTSPL - ok

22:55:25.0132 2352 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS

22:55:25.0133 2352 SRTSPX - ok

22:55:25.0168 2352 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:55:25.0172 2352 srv - ok

22:55:25.0188 2352 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:55:25.0192 2352 srv2 - ok

22:55:25.0213 2352 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:55:25.0214 2352 srvnet - ok

22:55:25.0271 2352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:55:25.0279 2352 stexstor - ok

22:55:25.0320 2352 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

22:55:25.0322 2352 storflt - ok

22:55:25.0369 2352 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

22:55:25.0376 2352 storvsc - ok

22:55:25.0434 2352 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:55:25.0436 2352 swenum - ok

22:55:25.0465 2352 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

22:55:25.0478 2352 SymEvent - ok

22:55:25.0490 2352 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

22:55:25.0506 2352 SYMREDRV - ok

22:55:25.0523 2352 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

22:55:25.0526 2352 SYMTDI - ok

22:55:25.0544 2352 Synth3dVsc - ok

22:55:25.0606 2352 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

22:55:25.0644 2352 Tcpip - ok

22:55:25.0691 2352 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

22:55:25.0698 2352 TCPIP6 - ok

22:55:25.0723 2352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:55:25.0724 2352 tcpipreg - ok

22:55:25.0752 2352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:55:25.0759 2352 TDPIPE - ok

22:55:25.0767 2352 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

22:55:25.0774 2352 TDTCP - ok

22:55:25.0795 2352 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:55:25.0796 2352 tdx - ok

22:55:25.0831 2352 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys

22:55:25.0832 2352 Teefer2 - ok

22:55:25.0869 2352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:55:25.0871 2352 TermDD - ok

22:55:25.0947 2352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:55:25.0954 2352 tssecsrv - ok

22:55:26.0008 2352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:55:26.0018 2352 TsUsbFlt - ok

22:55:26.0044 2352 tsusbhub - ok

22:55:26.0112 2352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:55:26.0114 2352 tunnel - ok

22:55:26.0177 2352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:55:26.0188 2352 uagp35 - ok

22:55:26.0232 2352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:55:26.0249 2352 udfs - ok

22:55:26.0308 2352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:55:26.0319 2352 uliagpkx - ok

22:55:26.0378 2352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

22:55:26.0380 2352 umbus - ok

22:55:26.0431 2352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:55:26.0433 2352 UmPass - ok

22:55:26.0485 2352 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

22:55:26.0496 2352 usbaudio - ok

22:55:26.0522 2352 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

22:55:26.0523 2352 usbccgp - ok

22:55:26.0548 2352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:55:26.0559 2352 usbcir - ok

22:55:26.0586 2352 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:55:26.0588 2352 usbehci - ok

22:55:26.0604 2352 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:55:26.0608 2352 usbhub - ok

22:55:26.0629 2352 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

22:55:26.0637 2352 usbohci - ok

22:55:26.0664 2352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:55:26.0671 2352 usbprint - ok

22:55:26.0691 2352 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:55:26.0691 2352 USBSTOR - ok

22:55:26.0735 2352 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:55:26.0737 2352 usbuhci - ok

22:55:26.0770 2352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:55:26.0771 2352 vdrvroot - ok

22:55:26.0796 2352 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:55:26.0806 2352 vga - ok

22:55:26.0827 2352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:55:26.0829 2352 VgaSave - ok

22:55:26.0838 2352 VGPU - ok

22:55:26.0867 2352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:55:26.0879 2352 vhdmp - ok

22:55:26.0927 2352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:55:26.0937 2352 viaagp - ok

22:55:26.0954 2352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:55:26.0961 2352 ViaC7 - ok

22:55:26.0978 2352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:55:26.0986 2352 viaide - ok

22:55:27.0021 2352 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

22:55:27.0024 2352 vmbus - ok

22:55:27.0081 2352 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

22:55:27.0090 2352 VMBusHID - ok

22:55:27.0111 2352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:55:27.0113 2352 volmgr - ok

22:55:27.0146 2352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:55:27.0150 2352 volmgrx - ok

22:55:27.0174 2352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:55:27.0178 2352 volsnap - ok

22:55:27.0202 2352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:55:27.0212 2352 vsmraid - ok

22:55:27.0233 2352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

22:55:27.0235 2352 vwifibus - ok

22:55:27.0255 2352 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:55:27.0257 2352 vwififlt - ok

22:55:27.0328 2352 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys

22:55:27.0402 2352 VX6000 - ok

22:55:27.0486 2352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:55:27.0494 2352 WacomPen - ok

22:55:27.0533 2352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:55:27.0534 2352 WANARP - ok

22:55:27.0540 2352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:55:27.0541 2352 Wanarpv6 - ok

22:55:27.0581 2352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:55:27.0588 2352 Wd - ok

22:55:27.0611 2352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:55:27.0616 2352 Wdf01000 - ok

22:55:27.0663 2352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:55:27.0664 2352 WfpLwf - ok

22:55:27.0696 2352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:55:27.0704 2352 WIMMount - ok

22:55:27.0774 2352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:55:27.0781 2352 WmiAcpi - ok

22:55:27.0834 2352 WPS (c24cfb097547dd4dd9040ec9757f0dca) C:\Windows\system32\drivers\wpsdrvnt.sys

22:55:27.0835 2352 WPS - ok

22:55:27.0870 2352 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys

22:55:27.0873 2352 WpsHelper - ok

22:55:27.0898 2352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:55:27.0907 2352 ws2ifsl - ok

22:55:27.0956 2352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:55:27.0958 2352 WudfPf - ok

22:55:27.0997 2352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:55:27.0999 2352 WUDFRd - ok

22:55:28.0047 2352 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0

22:55:28.0047 2352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected

22:55:28.0047 2352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)

22:55:28.0075 2352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

22:55:28.0081 2352 \Device\Harddisk1\DR1 - ok

22:55:28.0085 2352 MBR (0x1B8) (f1bc9a487fad21118da4d5b596310ba4) \Device\Harddisk2\DR2

22:55:28.0541 2352 \Device\Harddisk2\DR2 - ok

22:55:28.0588 2352 Boot (0x1200) (ef44c3dc26bde6b816689cd3dae4bf3c) \Device\Harddisk0\DR0\Partition0

22:55:28.0589 2352 \Device\Harddisk0\DR0\Partition0 - ok

22:55:30.0134 2352 Boot (0x1200) (bc2a5696faaf1d65c044af5da58d00a4) \Device\Harddisk0\DR0\Partition1

22:55:30.0135 2352 \Device\Harddisk0\DR0\Partition1 - ok

22:55:31.0939 2352 Boot (0x1200) (de48249d6936673e8383cf219da573f3) \Device\Harddisk0\DR0\Partition2

22:55:31.0940 2352 \Device\Harddisk0\DR0\Partition2 - ok

22:55:31.0949 2352 Boot (0x1200) (0b3c485a79e3834cb0bed13b41c8c72c) \Device\Harddisk1\DR1\Partition0

22:55:31.0951 2352 \Device\Harddisk1\DR1\Partition0 - ok

22:55:31.0956 2352 Boot (0x1200) (96d19609c5794a6d8279e362ed2255a5) \Device\Harddisk1\DR1\Partition1

22:55:31.0957 2352 \Device\Harddisk1\DR1\Partition1 - ok

22:55:31.0965 2352 Boot (0x1200) (953c7e761331dea9baabb3a4c17f9cde) \Device\Harddisk1\DR1\Partition2

22:55:31.0966 2352 \Device\Harddisk1\DR1\Partition2 - ok

22:55:31.0974 2352 Boot (0x1200) (f0ef35cb68d515a819dd52bedae682d4) \Device\Harddisk2\DR2\Partition0

22:55:31.0974 2352 \Device\Harddisk2\DR2\Partition0 - ok

22:55:31.0977 2352 ============================================================

22:55:31.0977 2352 Scan finished

22:55:31.0977 2352 ============================================================

22:55:31.0990 3804 Detected object count: 2

22:55:31.0991 3804 Actual detected object count: 2

22:55:50.0299 3804 sptd ( LockedFile.Multi.Generic ) - skipped by user

22:55:50.0299 3804 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

22:55:50.0878 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot

22:55:50.0878 3804 \Device\Harddisk0\DR0 - ok

22:55:50.0963 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure

22:55:58.0643 2684 Deinitialize success

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7851

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/2/2011 11:04:37 PM

mbam-log-2011-10-02 (23-04-37).txt

Scan type: Quick scan

Objects scanned: 169112

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-02.03 - Main 2/2011 Sun 23:08:13.1.4 - x86

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2568 [GMT -7:00]

Running from: c:\users\Main\Desktop\temp files\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\0.0233003980302956.exe

c:\windows\system32\0.20350332604267252.exe

c:\windows\system32\0.2141507338584564.exe

c:\windows\system32\0.2143360744844789.exe

c:\windows\system32\0.27306740916380956.exe

c:\windows\system32\0.45552337830943324.exe

c:\windows\system32\0.6142422367986187.exe

c:\windows\system32\0.9316687117997196.exe

c:\windows\system32\AILogix

c:\windows\system32\AILogix\CUXL\CUXLMON.INF

c:\windows\system32\AILogix\CUXL\CUXLMonUtil.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))

.

.

2011-10-03 06:13 . 2011-10-03 06:13 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-10-03 06:13 . 2011-10-03 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-29 04:47 . 2011-09-29 04:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46 . 2011-09-29 04:46 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2011-09-29 03:47 . 2011-09-29 04:02 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40 . 2010-11-20 11:20 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40 . 2009-07-14 02:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui

2011-09-29 03:39 . 2009-07-14 01:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll

2011-09-29 03:39 . 2009-07-14 01:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll

2011-09-29 03:39 . 2009-07-14 01:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll

2011-09-29 03:39 . 2009-07-14 01:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll

2011-09-29 03:23 . 2011-09-29 03:23 -------- d-----w- c:\program files\Common Files\Java

2011-09-29 03:23 . 2011-07-19 12:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15 . 2011-09-17 06:15 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05 . 2011-09-30 19:12 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05 . 2011-09-17 06:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2011-09-17 06:01 . 2011-09-30 22:12 -------- d-----w- c:\programdata\Battle.net

2011-09-14 18:38 . 2011-09-14 18:38 -------- d-----w- c:\program files\ESET

2011-09-07 22:07 . 2011-09-07 22:07 -------- d-----w- c:\users\Main\AppData\Local\Microsoft Games

2011-09-04 05:27 . 2011-09-04 05:27 -------- d-----w- c:\users\Main\AppData\Roaming\Malwarebytes

2011-09-04 05:27 . 2011-09-04 05:27 -------- d-----w- c:\programdata\Malwarebytes

2011-09-04 05:27 . 2011-09-19 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-04 05:27 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 04:00 . 2011-08-27 00:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 06:17 . 2011-08-26 07:49 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17 . 2011-08-26 07:49 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16 . 2011-08-26 09:16 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51 . 2011-08-26 08:51 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 07:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-26 06:28 . 2011-08-26 06:28 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-26 06:28 . 2011-08-26 06:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-26 06:28 . 2011-08-26 06:28 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-26 06:28 . 2011-08-26 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-26 06:28 . 2011-08-26 06:28 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 06:28 . 2011-08-26 06:28 367104 ----a-w- c:\windows\system32\html.iec

2011-08-26 06:28 . 2011-08-26 06:28 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-26 06:28 . 2011-08-26 06:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-26 06:28 . 2011-08-26 06:28 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-26 06:28 . 2011-08-26 06:28 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-08-26 06:28 . 2011-08-26 06:28 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-26 06:28 . 2011-08-26 06:28 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-26 06:28 . 2011-08-26 06:28 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-26 06:28 . 2011-08-26 06:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-26 06:28 . 2011-08-26 06:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-26 06:28 . 2011-08-26 06:28 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-26 06:28 . 2011-08-26 06:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-08-26 06:28 . 2011-08-26 06:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-26 06:28 . 2011-08-26 06:28 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-16 15:48 . 2011-08-26 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBA8785F-DC1A-46C3-8975-61F3B53B427E}\mpengine.dll

2011-07-16 04:27 . 2011-08-26 06:48 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-09 04:29 . 2011-08-26 07:37 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-26 06:48 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BonUpdate.exe]

2011-05-31 02:10 1003008 ----a-w- c:\program files\bondisk.com\BonDisk(normal)\BonUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2009-07-09 03:14 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 22:36 136176 ----atw- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAutoUP.exe]

2011-05-31 02:05 1003008 ----a-w- c:\program files\qdown.com\Qdown(normal)\QAutoUP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]

2010-05-20 22:27 764784 ----a-w- c:\windows\vVX6000.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Bondisk Update Service;Bondisk Update Service;c:\program files\BonDisk.com\BonDisk(normal)\BonUpdate.exe [2011-05-31 1003008]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\Qdown(normal)\QAutoUp.exe [2011-05-31 1003008]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

R4 SuperDownService;SuperDown Download Service;c:\program files\SuperDown\SuperDownService.exe [2011-09-01 150528]

R4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-08-28 1337432]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-26 722416]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 NetAccelerator;NetAccelerator_Service;c:\program files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe [2011-09-20 147456]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 105592]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]

S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2009-05-20 552960]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673205837-3864767729-1015926490-1001Core.job

- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

TCP: DhcpNameServer = 192.168.1.1

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe

SafeBoot-Symantec Antvirus

MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

.

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{6BCB43AF-A20F-4996-8860-48F511A222DB}"=hex:51,66,7a,6c,4c,1d,38,12,c1,40,d8,

6f,3d,ec,f8,0c,f7,76,0b,b5,14,fc,66,cf

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e3,b3,26,7f,a5,78,cc,01

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-02 23:15:25

ComboFix-quarantined-files.txt 2011-10-03 06:15

.

Pre-Run: 31,564,795,904 bytes free

Post-Run: 32,024,670,208 bytes free

.

- - End Of File - - 258AB69F9A3CA1F42B7B9411B4D0BC1B

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 23:32:29 on 2011-10-02

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2434 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\rundll32.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: TorrentSeek Toolbar: {6bcb43af-a20f-4996-8860-48f511a222db} - c:\program files\torrentseek\tbTorr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{091BFC2A-E4C2-48AF-86DC-E38B8B6E0E1A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 NetAccelerator;NetAccelerator_Service;c:\program files\bondisk.com\bondisk(normal)\NetAccelerator.exe [2011-9-19 147456]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-10 1775344]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-26 105592]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2009-5-20 552960]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S2 Bondisk Update Service;Bondisk Update Service;c:\program files\bondisk.com\bondisk(normal)\BonUpdate.exe [2011-5-30 1003008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\qdown(normal)\QAutoUP.exe [2011-5-30 1003008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-26 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-25 1343400]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S4 SuperDownService;SuperDown Download Service;c:\program files\superdown\SuperDownService.exe [2011-9-1 150528]

S4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-8-27 1337432]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-03 06:15:28 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-03 06:15:26 -------- d-----w- c:\users\main\appdata\local\temp

2011-10-03 06:06:48 98816 ----a-w- c:\windows\sed.exe

2011-10-03 06:06:48 518144 ----a-w- c:\windows\SWREG.exe

2011-10-03 06:06:48 256000 ----a-w- c:\windows\PEV.exe

2011-10-03 06:06:48 208896 ----a-w- c:\windows\MBR.exe

2011-10-03 06:06:44 -------- d-----w- C:\ComboFix

2011-09-29 04:47:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46:14 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47:28 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47:04 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40:25 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui

2011-09-29 03:39:59 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll

2011-09-29 03:39:59 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll

2011-09-29 03:39:59 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll

2011-09-29 03:39:59 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll

2011-09-29 03:23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15:40 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05:14 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-09-17 06:01:23 -------- d-----w- c:\programdata\Battle.net

2011-09-14 18:38:19 -------- d-----w- c:\program files\ESET

2011-09-07 22:07:42 -------- d-----w- c:\users\main\appdata\local\Microsoft Games

2011-09-04 05:27:34 -------- d-----w- c:\users\main\appdata\roaming\Malwarebytes

2011-09-04 05:27:29 -------- d-----w- c:\programdata\Malwarebytes

2011-09-04 05:27:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-04 05:27:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-09-29 04:00:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 06:17:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17:28 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05:39 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 05:23:18 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866061F8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x86606008; MOV EAX, 0x8c49c2f8; CALL EAX; }

1 ntkrnlpa!IofCallDriver[0x82C7B52A] -> \Device\Harddisk0\DR0[0x87196030]

3 CLASSPNP[0x8CBC559E] -> ntkrnlpa!IofCallDriver[0x82C7B52A] -> \Device\Ide\IAAStorageDevice-1[0x86680028]

\Driver\iaStorV[0x8668F3F8] -> IRP_MJ_CREATE -> 0x866061F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 23:32:54.39 ===============

Ok these are the logs you requested. Hope they help.

Link to post
Share on other sites

Ok did exactly what you said for mbr.exe -r in cmd.exe.

here are the logs.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7882

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/5/2011 10:41:40 PM

mbam-log-2011-10-05 (22-41-40).txt

Scan type: Quick scan

Objects scanned: 169169

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

22:42:13.0415 3196 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46

22:42:13.0883 3196 ============================================================

22:42:13.0883 3196 Current date / time: 2011/10/05 22:42:13.0883

22:42:13.0883 3196 SystemInfo:

22:42:13.0883 3196

22:42:13.0883 3196 OS Version: 6.1.7601 ServicePack: 1.0

22:42:13.0883 3196 Product type: Workstation

22:42:13.0883 3196 ComputerName: MAIN-PC

22:42:13.0883 3196 UserName: Main

22:42:13.0883 3196 Windows directory: C:\Windows

22:42:13.0883 3196 System windows directory: C:\Windows

22:42:13.0883 3196 Processor architecture: Intel x86

22:42:13.0883 3196 Number of processors: 4

22:42:13.0883 3196 Page size: 0x1000

22:42:13.0883 3196 Boot type: Normal boot

22:42:13.0883 3196 ============================================================

22:42:15.0006 3196 Initialize success

22:42:17.0549 2928 ============================================================

22:42:17.0549 2928 Scan started

22:42:17.0549 2928 Mode: Manual;

22:42:17.0549 2928 ============================================================

22:42:18.0719 2928 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:42:18.0719 2928 1394ohci - ok

22:42:18.0750 2928 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:42:18.0750 2928 ACPI - ok

22:42:18.0765 2928 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:42:18.0765 2928 AcpiPmi - ok

22:42:18.0812 2928 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:42:18.0812 2928 adp94xx - ok

22:42:18.0828 2928 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:42:18.0828 2928 adpahci - ok

22:42:18.0843 2928 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:42:18.0843 2928 adpu320 - ok

22:42:18.0890 2928 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:42:18.0906 2928 AFD - ok

22:42:18.0921 2928 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:42:18.0921 2928 agp440 - ok

22:42:18.0953 2928 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:42:18.0953 2928 aic78xx - ok

22:42:18.0984 2928 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:42:18.0984 2928 aliide - ok

22:42:18.0999 2928 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:42:18.0999 2928 amdagp - ok

22:42:19.0015 2928 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:42:19.0015 2928 amdide - ok

22:42:19.0031 2928 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:42:19.0031 2928 AmdK8 - ok

22:42:19.0218 2928 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

22:42:19.0249 2928 amdkmdag - ok

22:42:19.0280 2928 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

22:42:19.0280 2928 amdkmdap - ok

22:42:19.0280 2928 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:42:19.0280 2928 AmdPPM - ok

22:42:19.0311 2928 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:42:19.0311 2928 amdsata - ok

22:42:19.0343 2928 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:42:19.0343 2928 amdsbs - ok

22:42:19.0358 2928 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:42:19.0358 2928 amdxata - ok

22:42:19.0389 2928 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:42:19.0389 2928 AppID - ok

22:42:19.0436 2928 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:42:19.0436 2928 arc - ok

22:42:19.0452 2928 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:42:19.0452 2928 arcsas - ok

22:42:19.0483 2928 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:42:19.0483 2928 AsyncMac - ok

22:42:19.0514 2928 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:42:19.0514 2928 atapi - ok

22:42:19.0748 2928 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

22:42:19.0795 2928 atikmdag - ok

22:42:19.0873 2928 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:42:19.0873 2928 b06bdrv - ok

22:42:19.0904 2928 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:42:19.0904 2928 b57nd60x - ok

22:42:19.0951 2928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:42:19.0951 2928 Beep - ok

22:42:19.0982 2928 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:42:19.0982 2928 blbdrive - ok

22:42:20.0013 2928 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:42:20.0029 2928 bowser - ok

22:42:20.0045 2928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:42:20.0045 2928 BrFiltLo - ok

22:42:20.0060 2928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:42:20.0060 2928 BrFiltUp - ok

22:42:20.0091 2928 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:42:20.0091 2928 Brserid - ok

22:42:20.0107 2928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:42:20.0107 2928 BrSerWdm - ok

22:42:20.0123 2928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:42:20.0123 2928 BrUsbMdm - ok

22:42:20.0138 2928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:42:20.0138 2928 BrUsbSer - ok

22:42:20.0138 2928 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:42:20.0138 2928 BTHMODEM - ok

22:42:20.0216 2928 catchme - ok

22:42:20.0310 2928 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:42:20.0310 2928 cdfs - ok

22:42:20.0372 2928 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

22:42:20.0372 2928 cdrom - ok

22:42:20.0403 2928 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:42:20.0403 2928 circlass - ok

22:42:20.0435 2928 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:42:20.0435 2928 CLFS - ok

22:42:20.0497 2928 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:42:20.0497 2928 CmBatt - ok

22:42:20.0528 2928 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:42:20.0528 2928 cmdide - ok

22:42:20.0559 2928 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

22:42:20.0559 2928 CNG - ok

22:42:20.0559 2928 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:42:20.0559 2928 Compbatt - ok

22:42:20.0606 2928 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:42:20.0606 2928 CompositeBus - ok

22:42:20.0622 2928 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:42:20.0622 2928 crcdisk - ok

22:42:20.0700 2928 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

22:42:20.0715 2928 CSC - ok

22:42:20.0762 2928 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

22:42:20.0762 2928 DfsC - ok

22:42:20.0793 2928 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:42:20.0793 2928 discache - ok

22:42:20.0809 2928 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:42:20.0809 2928 Disk - ok

22:42:20.0856 2928 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:42:20.0871 2928 drmkaud - ok

22:42:20.0903 2928 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:42:20.0903 2928 DXGKrnl - ok

22:42:20.0949 2928 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

22:42:20.0949 2928 e1express - ok

22:42:21.0027 2928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:42:21.0059 2928 ebdrv - ok

22:42:21.0137 2928 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:42:21.0137 2928 eeCtrl - ok

22:42:21.0215 2928 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:42:21.0215 2928 elxstor - ok

22:42:21.0308 2928 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:42:21.0308 2928 EraserUtilRebootDrv - ok

22:42:21.0371 2928 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:42:21.0371 2928 ErrDev - ok

22:42:21.0417 2928 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:42:21.0417 2928 exfat - ok

22:42:21.0433 2928 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:42:21.0433 2928 fastfat - ok

22:42:21.0464 2928 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:42:21.0464 2928 fdc - ok

22:42:21.0480 2928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:42:21.0480 2928 FileInfo - ok

22:42:21.0495 2928 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:42:21.0495 2928 Filetrace - ok

22:42:21.0495 2928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:42:21.0511 2928 flpydisk - ok

22:42:21.0511 2928 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:42:21.0511 2928 FltMgr - ok

22:42:21.0527 2928 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:42:21.0527 2928 FsDepends - ok

22:42:21.0558 2928 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys

22:42:21.0558 2928 fssfltr - ok

22:42:21.0573 2928 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:42:21.0573 2928 Fs_Rec - ok

22:42:21.0589 2928 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:42:21.0605 2928 fvevol - ok

22:42:21.0620 2928 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:42:21.0620 2928 gagp30kx - ok

22:42:21.0683 2928 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys

22:42:21.0683 2928 hcw18bda - ok

22:42:21.0698 2928 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:42:21.0698 2928 hcw85cir - ok

22:42:21.0745 2928 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

22:42:21.0745 2928 HdAudAddService - ok

22:42:21.0792 2928 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:42:21.0792 2928 HDAudBus - ok

22:42:21.0807 2928 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:42:21.0807 2928 HidBatt - ok

22:42:21.0807 2928 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:42:21.0807 2928 HidBth - ok

22:42:21.0823 2928 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:42:21.0823 2928 HidIr - ok

22:42:21.0854 2928 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

22:42:21.0854 2928 HidUsb - ok

22:42:21.0885 2928 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:42:21.0885 2928 HpSAMD - ok

22:42:21.0917 2928 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:42:21.0932 2928 HTTP - ok

22:42:21.0948 2928 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:42:21.0948 2928 hwpolicy - ok

22:42:21.0995 2928 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

22:42:21.0995 2928 i8042prt - ok

22:42:22.0010 2928 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:42:22.0010 2928 iaStorV - ok

22:42:22.0041 2928 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:42:22.0041 2928 iirsp - ok

22:42:22.0166 2928 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

22:42:22.0182 2928 IntcAzAudAddService - ok

22:42:22.0197 2928 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:42:22.0197 2928 intelide - ok

22:42:22.0229 2928 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:42:22.0229 2928 intelppm - ok

22:42:22.0244 2928 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:42:22.0244 2928 IpFilterDriver - ok

22:42:22.0275 2928 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:42:22.0275 2928 IPMIDRV - ok

22:42:22.0291 2928 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:42:22.0291 2928 IPNAT - ok

22:42:22.0307 2928 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:42:22.0307 2928 IRENUM - ok

22:42:22.0307 2928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:42:22.0307 2928 isapnp - ok

22:42:22.0338 2928 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:42:22.0338 2928 iScsiPrt - ok

22:42:22.0353 2928 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

22:42:22.0353 2928 kbdclass - ok

22:42:22.0369 2928 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

22:42:22.0369 2928 kbdhid - ok

22:42:22.0400 2928 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

22:42:22.0400 2928 KSecDD - ok

22:42:22.0431 2928 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

22:42:22.0431 2928 KSecPkg - ok

22:42:22.0478 2928 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:42:22.0478 2928 lltdio - ok

22:42:22.0509 2928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:42:22.0509 2928 LSI_FC - ok

22:42:22.0525 2928 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:42:22.0525 2928 LSI_SAS - ok

22:42:22.0541 2928 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:42:22.0541 2928 LSI_SAS2 - ok

22:42:22.0556 2928 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:42:22.0556 2928 LSI_SCSI - ok

22:42:22.0572 2928 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:42:22.0572 2928 luafv - ok

22:42:22.0587 2928 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:42:22.0587 2928 megasas - ok

22:42:22.0603 2928 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:42:22.0603 2928 MegaSR - ok

22:42:22.0619 2928 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:42:22.0619 2928 Modem - ok

22:42:22.0650 2928 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:42:22.0650 2928 monitor - ok

22:42:22.0712 2928 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

22:42:22.0712 2928 mouclass - ok

22:42:22.0728 2928 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:42:22.0743 2928 mouhid - ok

22:42:22.0759 2928 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:42:22.0775 2928 mountmgr - ok

22:42:22.0790 2928 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:42:22.0790 2928 mpio - ok

22:42:22.0821 2928 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:42:22.0821 2928 mpsdrv - ok

22:42:22.0853 2928 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:42:22.0853 2928 MRxDAV - ok

22:42:22.0884 2928 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:42:22.0884 2928 mrxsmb - ok

22:42:22.0899 2928 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:42:22.0899 2928 mrxsmb10 - ok

22:42:22.0915 2928 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:42:22.0915 2928 mrxsmb20 - ok

22:42:22.0946 2928 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:42:22.0946 2928 msahci - ok

22:42:22.0977 2928 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:42:22.0993 2928 msdsm - ok

22:42:23.0024 2928 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:42:23.0024 2928 Msfs - ok

22:42:23.0040 2928 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:42:23.0040 2928 mshidkmdf - ok

22:42:23.0040 2928 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:42:23.0040 2928 msisadrv - ok

22:42:23.0087 2928 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:42:23.0087 2928 MSKSSRV - ok

22:42:23.0087 2928 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:42:23.0102 2928 MSPCLOCK - ok

22:42:23.0102 2928 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:42:23.0102 2928 MSPQM - ok

22:42:23.0118 2928 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:42:23.0118 2928 MsRPC - ok

22:42:23.0133 2928 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:42:23.0133 2928 mssmbios - ok

22:42:23.0149 2928 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:42:23.0149 2928 MSTEE - ok

22:42:23.0165 2928 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:42:23.0165 2928 MTConfig - ok

22:42:23.0180 2928 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:42:23.0180 2928 Mup - ok

22:42:23.0211 2928 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:42:23.0211 2928 NativeWifiP - ok

22:42:23.0305 2928 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111005.002\NAVENG.SYS

22:42:23.0305 2928 NAVENG - ok

22:42:23.0352 2928 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111005.002\NAVEX15.SYS

22:42:23.0367 2928 NAVEX15 - ok

22:42:23.0492 2928 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:42:23.0492 2928 NDIS - ok

22:42:23.0539 2928 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:42:23.0539 2928 NdisCap - ok

22:42:23.0570 2928 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:42:23.0570 2928 NdisTapi - ok

22:42:23.0586 2928 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:42:23.0586 2928 Ndisuio - ok

22:42:23.0633 2928 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:42:23.0633 2928 NdisWan - ok

22:42:23.0664 2928 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:42:23.0664 2928 NDProxy - ok

22:42:23.0773 2928 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:42:23.0773 2928 NetBIOS - ok

22:42:23.0804 2928 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:42:23.0804 2928 NetBT - ok

22:42:23.0882 2928 netr73 (bc1522f7871fd0ce25b164a83dd09dad) C:\Windows\system32\DRIVERS\netr73.sys

22:42:23.0882 2928 netr73 - ok

22:42:23.0913 2928 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:42:23.0913 2928 nfrd960 - ok

22:42:23.0945 2928 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:42:23.0945 2928 Npfs - ok

22:42:23.0960 2928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:42:23.0960 2928 nsiproxy - ok

22:42:24.0007 2928 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:42:24.0007 2928 Ntfs - ok

22:42:24.0038 2928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:42:24.0038 2928 Null - ok

22:42:24.0085 2928 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:42:24.0085 2928 nvraid - ok

22:42:24.0101 2928 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:42:24.0101 2928 nvstor - ok

22:42:24.0116 2928 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:42:24.0116 2928 nv_agp - ok

22:42:24.0381 2928 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:42:24.0381 2928 ohci1394 - ok

22:42:24.0506 2928 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:42:24.0506 2928 Parport - ok

22:42:24.0615 2928 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:42:24.0615 2928 partmgr - ok

22:42:24.0740 2928 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:42:24.0740 2928 Parvdm - ok

22:42:24.0771 2928 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:42:24.0771 2928 pci - ok

22:42:24.0834 2928 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

22:42:24.0834 2928 pciide - ok

22:42:24.0849 2928 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:42:24.0849 2928 pcmcia - ok

22:42:24.0896 2928 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:42:24.0896 2928 pcw - ok

22:42:24.0943 2928 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:42:24.0943 2928 PEAUTH - ok

22:42:25.0068 2928 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:42:25.0068 2928 PptpMiniport - ok

22:42:25.0115 2928 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:42:25.0115 2928 Processor - ok

22:42:25.0146 2928 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:42:25.0146 2928 Psched - ok

22:42:25.0224 2928 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:42:25.0224 2928 ql2300 - ok

22:42:25.0239 2928 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:42:25.0239 2928 ql40xx - ok

22:42:25.0302 2928 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:42:25.0302 2928 QWAVEdrv - ok

22:42:25.0333 2928 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:42:25.0333 2928 RasAcd - ok

22:42:25.0380 2928 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:42:25.0380 2928 RasAgileVpn - ok

22:42:25.0395 2928 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:42:25.0395 2928 Rasl2tp - ok

22:42:25.0427 2928 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:42:25.0427 2928 RasPppoe - ok

22:42:25.0442 2928 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:42:25.0442 2928 RasSstp - ok

22:42:25.0458 2928 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:42:25.0458 2928 rdbss - ok

22:42:25.0473 2928 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:42:25.0473 2928 rdpbus - ok

22:42:25.0505 2928 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:42:25.0505 2928 RDPCDD - ok

22:42:25.0629 2928 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

22:42:25.0629 2928 RDPDR - ok

22:42:25.0661 2928 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:42:25.0661 2928 RDPENCDD - ok

22:42:25.0707 2928 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:42:25.0707 2928 RDPREFMP - ok

22:42:25.0754 2928 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

22:42:25.0754 2928 RdpVideoMiniport - ok

22:42:25.0785 2928 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

22:42:25.0785 2928 RDPWD - ok

22:42:25.0848 2928 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:42:25.0848 2928 rdyboost - ok

22:42:25.0895 2928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:42:25.0910 2928 rspndr - ok

22:42:25.0941 2928 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

22:42:25.0941 2928 s3cap - ok

22:42:25.0957 2928 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:42:25.0957 2928 sbp2port - ok

22:42:25.0988 2928 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:42:25.0988 2928 scfilter - ok

22:42:26.0035 2928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:42:26.0035 2928 secdrv - ok

22:42:26.0082 2928 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:42:26.0082 2928 Serenum - ok

22:42:26.0082 2928 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:42:26.0082 2928 Serial - ok

22:42:26.0113 2928 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:42:26.0129 2928 sermouse - ok

22:42:26.0175 2928 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:42:26.0175 2928 sffdisk - ok

22:42:26.0207 2928 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:42:26.0207 2928 sffp_mmc - ok

22:42:26.0222 2928 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:42:26.0222 2928 sffp_sd - ok

22:42:26.0238 2928 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:42:26.0238 2928 sfloppy - ok

22:42:26.0300 2928 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:42:26.0300 2928 sisagp - ok

22:42:26.0300 2928 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:42:26.0300 2928 SiSRaid2 - ok

22:42:26.0316 2928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:42:26.0316 2928 SiSRaid4 - ok

22:42:26.0347 2928 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:42:26.0347 2928 Smb - ok

22:42:26.0487 2928 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

22:42:26.0487 2928 SPBBCDrv - ok

22:42:26.0628 2928 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:42:26.0628 2928 spldr - ok

22:42:26.0784 2928 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys

22:42:26.0784 2928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

22:42:26.0784 2928 sptd ( LockedFile.Multi.Generic ) - warning

22:42:26.0784 2928 sptd - detected LockedFile.Multi.Generic (1)

22:42:26.0846 2928 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS

22:42:26.0846 2928 SRTSP - ok

22:42:26.0893 2928 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS

22:42:26.0909 2928 SRTSPL - ok

22:42:26.0940 2928 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS

22:42:26.0940 2928 SRTSPX - ok

22:42:26.0971 2928 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:42:26.0971 2928 srv - ok

22:42:26.0987 2928 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:42:26.0987 2928 srv2 - ok

22:42:27.0049 2928 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:42:27.0049 2928 srvnet - ok

22:42:27.0143 2928 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:42:27.0143 2928 stexstor - ok

22:42:27.0205 2928 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

22:42:27.0205 2928 storflt - ok

22:42:27.0236 2928 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

22:42:27.0252 2928 storvsc - ok

22:42:27.0283 2928 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:42:27.0283 2928 swenum - ok

22:42:27.0330 2928 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

22:42:27.0330 2928 SymEvent - ok

22:42:27.0345 2928 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

22:42:27.0345 2928 SYMREDRV - ok

22:42:27.0377 2928 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

22:42:27.0377 2928 SYMTDI - ok

22:42:27.0392 2928 Synth3dVsc - ok

22:42:27.0455 2928 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

22:42:27.0470 2928 Tcpip - ok

22:42:27.0533 2928 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

22:42:27.0548 2928 TCPIP6 - ok

22:42:27.0579 2928 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:42:27.0579 2928 tcpipreg - ok

22:42:27.0611 2928 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:42:27.0611 2928 TDPIPE - ok

22:42:27.0657 2928 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

22:42:27.0657 2928 TDTCP - ok

22:42:27.0720 2928 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:42:27.0720 2928 tdx - ok

22:42:27.0751 2928 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys

22:42:27.0751 2928 Teefer2 - ok

22:42:27.0782 2928 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:42:27.0782 2928 TermDD - ok

22:42:27.0860 2928 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:42:27.0860 2928 tssecsrv - ok

22:42:27.0907 2928 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:42:27.0907 2928 TsUsbFlt - ok

22:42:27.0923 2928 tsusbhub - ok

22:42:27.0969 2928 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:42:27.0969 2928 tunnel - ok

22:42:28.0001 2928 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:42:28.0001 2928 uagp35 - ok

22:42:28.0063 2928 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:42:28.0063 2928 udfs - ok

22:42:28.0094 2928 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:42:28.0110 2928 uliagpkx - ok

22:42:28.0188 2928 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

22:42:28.0188 2928 umbus - ok

22:42:28.0235 2928 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:42:28.0235 2928 UmPass - ok

22:42:28.0281 2928 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

22:42:28.0281 2928 usbaudio - ok

22:42:28.0297 2928 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

22:42:28.0297 2928 usbccgp - ok

22:42:28.0313 2928 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:42:28.0313 2928 usbcir - ok

22:42:28.0453 2928 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:42:28.0453 2928 usbehci - ok

22:42:28.0484 2928 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:42:28.0500 2928 usbhub - ok

22:42:28.0531 2928 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

22:42:28.0531 2928 usbohci - ok

22:42:28.0562 2928 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:42:28.0562 2928 usbprint - ok

22:42:28.0578 2928 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:42:28.0578 2928 USBSTOR - ok

22:42:28.0703 2928 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:42:28.0703 2928 usbuhci - ok

22:42:28.0765 2928 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:42:28.0765 2928 vdrvroot - ok

22:42:28.0796 2928 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:42:28.0796 2928 vga - ok

22:42:28.0812 2928 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:42:28.0812 2928 VgaSave - ok

22:42:28.0827 2928 VGPU - ok

22:42:29.0436 2928 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:42:29.0436 2928 vhdmp - ok

22:42:29.0545 2928 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:42:29.0545 2928 viaagp - ok

22:42:29.0639 2928 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:42:29.0639 2928 ViaC7 - ok

22:42:29.0966 2928 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:42:29.0966 2928 viaide - ok

22:42:30.0138 2928 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

22:42:30.0138 2928 vmbus - ok

22:42:30.0216 2928 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

22:42:30.0216 2928 VMBusHID - ok

22:42:30.0231 2928 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:42:30.0231 2928 volmgr - ok

22:42:30.0294 2928 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:42:30.0294 2928 volmgrx - ok

22:42:30.0434 2928 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:42:30.0434 2928 volsnap - ok

22:42:30.0809 2928 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:42:30.0809 2928 vsmraid - ok

22:42:31.0261 2928 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

22:42:31.0261 2928 vwifibus - ok

22:42:31.0355 2928 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:42:31.0355 2928 vwififlt - ok

22:42:31.0464 2928 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys

22:42:31.0479 2928 VX6000 - ok

22:42:31.0651 2928 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:42:31.0651 2928 WacomPen - ok

22:42:31.0963 2928 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:42:31.0979 2928 WANARP - ok

22:42:31.0979 2928 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:42:31.0979 2928 Wanarpv6 - ok

22:42:32.0103 2928 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:42:32.0103 2928 Wd - ok

22:42:32.0150 2928 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:42:32.0166 2928 Wdf01000 - ok

22:42:32.0322 2928 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:42:32.0322 2928 WfpLwf - ok

22:42:32.0337 2928 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:42:32.0337 2928 WIMMount - ok

22:42:32.0478 2928 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:42:32.0478 2928 WmiAcpi - ok

22:42:32.0540 2928 WPS (c24cfb097547dd4dd9040ec9757f0dca) C:\Windows\system32\drivers\wpsdrvnt.sys

22:42:32.0540 2928 WPS - ok

22:42:32.0571 2928 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys

22:42:32.0571 2928 WpsHelper - ok

22:42:32.0618 2928 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:42:32.0618 2928 ws2ifsl - ok

22:42:32.0712 2928 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:42:32.0712 2928 WudfPf - ok

22:42:32.0837 2928 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:42:32.0837 2928 WUDFRd - ok

22:42:32.0915 2928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:42:32.0915 2928 \Device\Harddisk0\DR0 - ok

22:42:32.0946 2928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

22:42:32.0946 2928 \Device\Harddisk1\DR1 - ok

22:42:32.0946 2928 MBR (0x1B8) (f1bc9a487fad21118da4d5b596310ba4) \Device\Harddisk2\DR2

22:42:33.0414 2928 \Device\Harddisk2\DR2 - ok

22:42:33.0523 2928 Boot (0x1200) (ef44c3dc26bde6b816689cd3dae4bf3c) \Device\Harddisk0\DR0\Partition0

22:42:33.0523 2928 \Device\Harddisk0\DR0\Partition0 - ok

22:42:33.0632 2928 Boot (0x1200) (bc2a5696faaf1d65c044af5da58d00a4) \Device\Harddisk0\DR0\Partition1

22:42:33.0632 2928 \Device\Harddisk0\DR0\Partition1 - ok

22:42:33.0960 2928 Boot (0x1200) (de48249d6936673e8383cf219da573f3) \Device\Harddisk0\DR0\Partition2

22:42:33.0960 2928 \Device\Harddisk0\DR0\Partition2 - ok

22:42:33.0975 2928 Boot (0x1200) (0b3c485a79e3834cb0bed13b41c8c72c) \Device\Harddisk1\DR1\Partition0

22:42:33.0975 2928 \Device\Harddisk1\DR1\Partition0 - ok

22:42:33.0975 2928 Boot (0x1200) (96d19609c5794a6d8279e362ed2255a5) \Device\Harddisk1\DR1\Partition1

22:42:33.0975 2928 \Device\Harddisk1\DR1\Partition1 - ok

22:42:33.0991 2928 Boot (0x1200) (953c7e761331dea9baabb3a4c17f9cde) \Device\Harddisk1\DR1\Partition2

22:42:33.0991 2928 \Device\Harddisk1\DR1\Partition2 - ok

22:42:33.0991 2928 Boot (0x1200) (f0ef35cb68d515a819dd52bedae682d4) \Device\Harddisk2\DR2\Partition0

22:42:33.0991 2928 \Device\Harddisk2\DR2\Partition0 - ok

22:42:33.0991 2928 ============================================================

22:42:33.0991 2928 Scan finished

22:42:33.0991 2928 ============================================================

22:42:34.0007 2560 Detected object count: 1

22:42:34.0007 2560 Actual detected object count: 1

22:42:46.0112 2560 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

22:42:46.0128 2560 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

22:42:51.0822 1212 Deinitialize success

ComboFix 11-10-05.02 - Main 5/2011 Wed 22:44:45.2.4 - x86

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2617 [GMT -7:00]

Running from: c:\users\Main\Desktop\temp files\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))

.

.

2011-10-06 05:49 . 2011-10-06 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-06 05:42 . 2011-10-06 05:42 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 06:15 . 2011-10-06 05:49 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-09-29 04:47 . 2011-09-29 04:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46 . 2011-09-29 04:46 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2011-09-29 03:47 . 2011-09-29 04:02 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40 . 2010-11-20 11:20 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40 . 2009-07-14 02:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui

2011-09-29 03:39 . 2009-07-14 01:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll

2011-09-29 03:39 . 2009-07-14 01:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll

2011-09-29 03:39 . 2009-07-14 01:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll

2011-09-29 03:39 . 2009-07-14 01:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll

2011-09-29 03:23 . 2011-09-29 03:23 -------- d-----w- c:\program files\Common Files\Java

2011-09-29 03:23 . 2011-07-19 12:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15 . 2011-09-17 06:15 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05 . 2011-09-30 19:12 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05 . 2011-09-17 06:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2011-09-17 06:01 . 2011-09-30 22:12 -------- d-----w- c:\programdata\Battle.net

2011-09-14 18:38 . 2011-09-14 18:38 -------- d-----w- c:\program files\ESET

2011-09-07 22:07 . 2011-09-07 22:07 -------- d-----w- c:\users\Main\AppData\Local\Microsoft Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 04:00 . 2011-08-27 00:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2011-09-04 05:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 06:17 . 2011-08-26 07:49 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17 . 2011-08-26 07:49 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16 . 2011-08-26 09:16 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51 . 2011-08-26 08:51 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 07:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-26 06:28 . 2011-08-26 06:28 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-26 06:28 . 2011-08-26 06:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-26 06:28 . 2011-08-26 06:28 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-26 06:28 . 2011-08-26 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-26 06:28 . 2011-08-26 06:28 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 06:28 . 2011-08-26 06:28 367104 ----a-w- c:\windows\system32\html.iec

2011-08-26 06:28 . 2011-08-26 06:28 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-26 06:28 . 2011-08-26 06:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-26 06:28 . 2011-08-26 06:28 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-26 06:28 . 2011-08-26 06:28 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-08-26 06:28 . 2011-08-26 06:28 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-26 06:28 . 2011-08-26 06:28 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-26 06:28 . 2011-08-26 06:28 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-26 06:28 . 2011-08-26 06:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-26 06:28 . 2011-08-26 06:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-26 06:28 . 2011-08-26 06:28 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-26 06:28 . 2011-08-26 06:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-08-26 06:28 . 2011-08-26 06:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-26 06:28 . 2011-08-26 06:28 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-16 15:48 . 2011-08-26 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBA8785F-DC1A-46C3-8975-61F3B53B427E}\mpengine.dll

2011-07-16 04:27 . 2011-08-26 06:48 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 02:17 . 2011-08-26 06:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-09 04:29 . 2011-08-26 07:37 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-26 06:48 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BonUpdate.exe]

2011-05-31 02:10 1003008 ----a-w- c:\program files\bondisk.com\BonDisk(normal)\BonUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2009-07-09 03:14 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 22:36 136176 ----atw- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAutoUP.exe]

2011-05-31 02:05 1003008 ----a-w- c:\program files\qdown.com\Qdown(normal)\QAutoUP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]

2010-05-20 22:27 764784 ----a-w- c:\windows\vVX6000.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Bondisk Update Service;Bondisk Update Service;c:\program files\BonDisk.com\BonDisk(normal)\BonUpdate.exe [2011-05-31 1003008]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\Qdown(normal)\QAutoUp.exe [2011-05-31 1003008]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

R4 SuperDownService;SuperDown Download Service;c:\program files\SuperDown\SuperDownService.exe [2011-09-01 150528]

R4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-08-28 1337432]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-26 722416]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 NetAccelerator;NetAccelerator_Service;c:\program files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe [2011-09-20 147456]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 105592]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]

S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2009-05-20 552960]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 41621276

*Deregistered* - 41621276

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673205837-3864767729-1015926490-1001Core.job

- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

TCP: DhcpNameServer = 192.168.1.1

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{6BCB43AF-A20F-4996-8860-48F511A222DB}"=hex:51,66,7a,6c,4c,1d,38,12,c1,40,d8,

6f,3d,ec,f8,0c,f7,76,0b,b5,14,fc,66,cf

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e3,b3,26,7f,a5,78,cc,01

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-05 22:51:26

ComboFix-quarantined-files.txt 2011-10-06 05:51

.

Pre-Run: 38,100,619,264 bytes free

Post-Run: 38,052,466,688 bytes free

.

- - End Of File - - 0D451ED6D30BEF6B7519C95A72B1DC10

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 22:51:57 on 2011-10-05

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2528 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: TorrentSeek Toolbar: {6bcb43af-a20f-4996-8860-48f511a222db} - c:\program files\torrentseek\tbTorr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{091BFC2A-E4C2-48AF-86DC-E38B8B6E0E1A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 NetAccelerator;NetAccelerator_Service;c:\program files\bondisk.com\bondisk(normal)\NetAccelerator.exe [2011-9-19 147456]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-10 1775344]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-26 105592]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2009-5-20 552960]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S2 Bondisk Update Service;Bondisk Update Service;c:\program files\bondisk.com\bondisk(normal)\BonUpdate.exe [2011-5-30 1003008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\qdown(normal)\QAutoUP.exe [2011-5-30 1003008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-26 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-25 1343400]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S4 SuperDownService;SuperDown Download Service;c:\program files\superdown\SuperDownService.exe [2011-9-1 150528]

S4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-8-27 1337432]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-06 05:50:40 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-06 05:42:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 06:15:26 -------- d-----w- c:\users\main\appdata\local\temp

2011-10-03 06:06:48 98816 ----a-w- c:\windows\sed.exe

2011-10-03 06:06:48 518144 ----a-w- c:\windows\SWREG.exe

2011-10-03 06:06:48 256000 ----a-w- c:\windows\PEV.exe

2011-10-03 06:06:48 208896 ----a-w- c:\windows\MBR.exe

2011-09-29 04:47:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46:14 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47:28 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47:04 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40:25 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui

2011-09-29 03:39:59 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll

2011-09-29 03:39:59 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll

2011-09-29 03:39:59 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll

2011-09-29 03:39:59 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll

2011-09-29 03:23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15:40 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05:14 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-09-17 06:01:23 -------- d-----w- c:\programdata\Battle.net

2011-09-14 18:38:19 -------- d-----w- c:\program files\ESET

2011-09-07 22:07:42 -------- d-----w- c:\users\main\appdata\local\Microsoft Games

.

==================== Find3M ====================

.

2011-09-29 04:00:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 06:17:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17:28 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05:39 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 05:23:18 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8660A1F8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8660a008; MOV EAX, 0x8c4942f8; CALL EAX; }

1 ntkrnlpa!IofCallDriver[0x82C3C52A] -> \Device\Harddisk0\DR0[0x87196030]

3 CLASSPNP[0x8CBB959E] -> ntkrnlpa!IofCallDriver[0x82C3C52A] -> \Device\Ide\IAAStorageDevice-1[0x86680028]

\Driver\iaStorV[0x86699E70] -> IRP_MJ_CREATE -> 0x8660A1F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 22:52:13.34 ===============

Is the infection I have serious, do you know what type of infection it is. Thanks again for your help.

Link to post
Share on other sites

Here are the logs.

post-95375-0-68818000-1318753350.jpg

01:07:50.0855 3624 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24

01:07:52.0883 3624 ============================================================

01:07:52.0883 3624 Current date / time: 2011/10/16 01:07:52.0883

01:07:52.0883 3624 SystemInfo:

01:07:52.0883 3624

01:07:52.0883 3624 OS Version: 6.1.7601 ServicePack: 1.0

01:07:52.0883 3624 Product type: Workstation

01:07:52.0883 3624 ComputerName: MAIN-PC

01:07:52.0883 3624 UserName: Main

01:07:52.0883 3624 Windows directory: C:\Windows

01:07:52.0883 3624 System windows directory: C:\Windows

01:07:52.0883 3624 Processor architecture: Intel x86

01:07:52.0883 3624 Number of processors: 4

01:07:52.0883 3624 Page size: 0x1000

01:07:52.0883 3624 Boot type: Normal boot

01:07:52.0883 3624 ============================================================

01:07:54.0692 3624 Initialize success

01:07:56.0876 1472 ============================================================

01:07:56.0876 1472 Scan started

01:07:56.0876 1472 Mode: Manual;

01:07:56.0876 1472 ============================================================

01:07:58.0093 1472 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

01:07:58.0093 1472 1394ohci - ok

01:07:58.0156 1472 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

01:07:58.0156 1472 ACPI - ok

01:07:58.0187 1472 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

01:07:58.0187 1472 AcpiPmi - ok

01:07:58.0234 1472 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

01:07:58.0234 1472 adp94xx - ok

01:07:58.0265 1472 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

01:07:58.0265 1472 adpahci - ok

01:07:58.0296 1472 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

01:07:58.0312 1472 adpu320 - ok

01:07:58.0390 1472 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

01:07:58.0390 1472 AFD - ok

01:07:58.0421 1472 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

01:07:58.0421 1472 agp440 - ok

01:07:58.0468 1472 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

01:07:58.0468 1472 aic78xx - ok

01:07:58.0499 1472 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

01:07:58.0499 1472 aliide - ok

01:07:58.0546 1472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

01:07:58.0546 1472 amdagp - ok

01:07:58.0561 1472 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

01:07:58.0561 1472 amdide - ok

01:07:58.0577 1472 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

01:07:58.0577 1472 AmdK8 - ok

01:07:58.0780 1472 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

01:07:58.0951 1472 amdkmdag - ok

01:07:59.0092 1472 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys

01:07:59.0092 1472 amdkmdap - ok

01:07:59.0139 1472 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

01:07:59.0139 1472 AmdPPM - ok

01:07:59.0185 1472 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

01:07:59.0201 1472 amdsata - ok

01:07:59.0248 1472 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

01:07:59.0248 1472 amdsbs - ok

01:07:59.0263 1472 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

01:07:59.0263 1472 amdxata - ok

01:07:59.0295 1472 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

01:07:59.0295 1472 AppID - ok

01:07:59.0341 1472 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

01:07:59.0341 1472 arc - ok

01:07:59.0357 1472 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

01:07:59.0357 1472 arcsas - ok

01:07:59.0388 1472 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

01:07:59.0388 1472 AsyncMac - ok

01:07:59.0419 1472 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

01:07:59.0419 1472 atapi - ok

01:07:59.0622 1472 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys

01:07:59.0669 1472 atikmdag - ok

01:07:59.0731 1472 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

01:07:59.0731 1472 b06bdrv - ok

01:07:59.0763 1472 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

01:07:59.0763 1472 b57nd60x - ok

01:07:59.0809 1472 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

01:07:59.0809 1472 Beep - ok

01:07:59.0841 1472 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

01:07:59.0841 1472 blbdrive - ok

01:07:59.0887 1472 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

01:07:59.0887 1472 bowser - ok

01:07:59.0903 1472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

01:07:59.0903 1472 BrFiltLo - ok

01:07:59.0919 1472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

01:07:59.0919 1472 BrFiltUp - ok

01:07:59.0950 1472 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

01:07:59.0950 1472 Brserid - ok

01:07:59.0981 1472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

01:07:59.0981 1472 BrSerWdm - ok

01:07:59.0997 1472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

01:07:59.0997 1472 BrUsbMdm - ok

01:08:00.0012 1472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

01:08:00.0012 1472 BrUsbSer - ok

01:08:00.0028 1472 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

01:08:00.0028 1472 BTHMODEM - ok

01:08:00.0137 1472 catchme - ok

01:08:00.0231 1472 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

01:08:00.0231 1472 cdfs - ok

01:08:00.0309 1472 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

01:08:00.0309 1472 cdrom - ok

01:08:00.0340 1472 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

01:08:00.0340 1472 circlass - ok

01:08:00.0371 1472 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

01:08:00.0371 1472 CLFS - ok

01:08:00.0480 1472 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

01:08:00.0480 1472 CmBatt - ok

01:08:00.0496 1472 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

01:08:00.0496 1472 cmdide - ok

01:08:00.0527 1472 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

01:08:00.0527 1472 CNG - ok

01:08:00.0543 1472 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

01:08:00.0543 1472 Compbatt - ok

01:08:00.0589 1472 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

01:08:00.0589 1472 CompositeBus - ok

01:08:00.0621 1472 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

01:08:00.0621 1472 crcdisk - ok

01:08:00.0652 1472 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

01:08:00.0667 1472 CSC - ok

01:08:00.0699 1472 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

01:08:00.0714 1472 DfsC - ok

01:08:00.0745 1472 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

01:08:00.0745 1472 discache - ok

01:08:00.0761 1472 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

01:08:00.0761 1472 Disk - ok

01:08:00.0792 1472 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

01:08:00.0792 1472 drmkaud - ok

01:08:00.0855 1472 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

01:08:00.0855 1472 DXGKrnl - ok

01:08:00.0901 1472 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

01:08:00.0901 1472 e1express - ok

01:08:00.0995 1472 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

01:08:01.0073 1472 ebdrv - ok

01:08:01.0167 1472 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

01:08:01.0167 1472 eeCtrl - ok

01:08:01.0276 1472 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

01:08:01.0276 1472 elxstor - ok

01:08:01.0385 1472 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

01:08:01.0385 1472 EraserUtilRebootDrv - ok

01:08:01.0463 1472 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

01:08:01.0463 1472 ErrDev - ok

01:08:01.0572 1472 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

01:08:01.0572 1472 exfat - ok

01:08:01.0603 1472 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

01:08:01.0603 1472 fastfat - ok

01:08:01.0791 1472 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

01:08:01.0791 1472 fdc - ok

01:08:01.0900 1472 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

01:08:01.0900 1472 FileInfo - ok

01:08:01.0915 1472 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

01:08:01.0915 1472 Filetrace - ok

01:08:01.0947 1472 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

01:08:01.0947 1472 flpydisk - ok

01:08:01.0978 1472 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

01:08:01.0978 1472 FltMgr - ok

01:08:02.0009 1472 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

01:08:02.0009 1472 FsDepends - ok

01:08:02.0056 1472 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys

01:08:02.0056 1472 fssfltr - ok

01:08:02.0071 1472 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

01:08:02.0071 1472 Fs_Rec - ok

01:08:02.0103 1472 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

01:08:02.0103 1472 fvevol - ok

01:08:02.0118 1472 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

01:08:02.0134 1472 gagp30kx - ok

01:08:02.0181 1472 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys

01:08:02.0196 1472 hcw18bda - ok

01:08:02.0212 1472 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

01:08:02.0212 1472 hcw85cir - ok

01:08:02.0259 1472 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

01:08:02.0259 1472 HdAudAddService - ok

01:08:02.0305 1472 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

01:08:02.0305 1472 HDAudBus - ok

01:08:02.0321 1472 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

01:08:02.0321 1472 HidBatt - ok

01:08:02.0337 1472 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

01:08:02.0337 1472 HidBth - ok

01:08:02.0368 1472 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

01:08:02.0368 1472 HidIr - ok

01:08:02.0415 1472 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

01:08:02.0415 1472 HidUsb - ok

01:08:02.0446 1472 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

01:08:02.0446 1472 HpSAMD - ok

01:08:02.0493 1472 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

01:08:02.0493 1472 HTTP - ok

01:08:02.0539 1472 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

01:08:02.0555 1472 hwpolicy - ok

01:08:02.0586 1472 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

01:08:02.0586 1472 i8042prt - ok

01:08:02.0617 1472 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

01:08:02.0617 1472 iaStorV - ok

01:08:02.0680 1472 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

01:08:02.0680 1472 iirsp - ok

01:08:02.0805 1472 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

01:08:02.0820 1472 IntcAzAudAddService - ok

01:08:02.0867 1472 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

01:08:02.0867 1472 intelide - ok

01:08:02.0929 1472 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

01:08:02.0929 1472 intelppm - ok

01:08:02.0945 1472 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:08:02.0961 1472 IpFilterDriver - ok

01:08:02.0992 1472 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

01:08:02.0992 1472 IPMIDRV - ok

01:08:03.0007 1472 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

01:08:03.0007 1472 IPNAT - ok

01:08:03.0023 1472 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

01:08:03.0023 1472 IRENUM - ok

01:08:03.0054 1472 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

01:08:03.0054 1472 isapnp - ok

01:08:03.0085 1472 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

01:08:03.0085 1472 iScsiPrt - ok

01:08:03.0117 1472 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

01:08:03.0117 1472 kbdclass - ok

01:08:03.0148 1472 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

01:08:03.0148 1472 kbdhid - ok

01:08:03.0179 1472 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

01:08:03.0195 1472 KSecDD - ok

01:08:03.0226 1472 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

01:08:03.0241 1472 KSecPkg - ok

01:08:03.0288 1472 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

01:08:03.0288 1472 lltdio - ok

01:08:03.0319 1472 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

01:08:03.0319 1472 LSI_FC - ok

01:08:03.0335 1472 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

01:08:03.0335 1472 LSI_SAS - ok

01:08:03.0351 1472 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

01:08:03.0366 1472 LSI_SAS2 - ok

01:08:03.0382 1472 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

01:08:03.0382 1472 LSI_SCSI - ok

01:08:03.0397 1472 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

01:08:03.0397 1472 luafv - ok

01:08:03.0413 1472 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

01:08:03.0413 1472 megasas - ok

01:08:03.0460 1472 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

01:08:03.0460 1472 MegaSR - ok

01:08:03.0507 1472 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

01:08:03.0507 1472 Modem - ok

01:08:03.0538 1472 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

01:08:03.0538 1472 monitor - ok

01:08:03.0569 1472 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

01:08:03.0569 1472 mouclass - ok

01:08:03.0585 1472 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

01:08:03.0585 1472 mouhid - ok

01:08:03.0631 1472 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

01:08:03.0631 1472 mountmgr - ok

01:08:03.0663 1472 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

01:08:03.0663 1472 mpio - ok

01:08:03.0694 1472 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

01:08:03.0694 1472 mpsdrv - ok

01:08:03.0725 1472 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

01:08:03.0725 1472 MRxDAV - ok

01:08:03.0772 1472 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

01:08:03.0772 1472 mrxsmb - ok

01:08:03.0787 1472 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:08:03.0803 1472 mrxsmb10 - ok

01:08:03.0819 1472 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:08:03.0819 1472 mrxsmb20 - ok

01:08:03.0850 1472 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

01:08:03.0850 1472 msahci - ok

01:08:03.0897 1472 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

01:08:03.0897 1472 msdsm - ok

01:08:03.0975 1472 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

01:08:03.0975 1472 Msfs - ok

01:08:03.0975 1472 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

01:08:03.0990 1472 mshidkmdf - ok

01:08:04.0006 1472 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

01:08:04.0006 1472 msisadrv - ok

01:08:04.0037 1472 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

01:08:04.0053 1472 MSKSSRV - ok

01:08:04.0053 1472 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

01:08:04.0053 1472 MSPCLOCK - ok

01:08:04.0084 1472 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

01:08:04.0084 1472 MSPQM - ok

01:08:04.0084 1472 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

01:08:04.0084 1472 MsRPC - ok

01:08:04.0115 1472 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

01:08:04.0115 1472 mssmbios - ok

01:08:04.0131 1472 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

01:08:04.0131 1472 MSTEE - ok

01:08:04.0146 1472 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

01:08:04.0146 1472 MTConfig - ok

01:08:04.0146 1472 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

01:08:04.0146 1472 Mup - ok

01:08:04.0193 1472 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

01:08:04.0193 1472 NativeWifiP - ok

01:08:04.0396 1472 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111014.024\NAVENG.SYS

01:08:04.0396 1472 NAVENG - ok

01:08:04.0443 1472 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111014.024\NAVEX15.SYS

01:08:04.0458 1472 NAVEX15 - ok

01:08:04.0552 1472 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

01:08:04.0583 1472 NDIS - ok

01:08:04.0630 1472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

01:08:04.0630 1472 NdisCap - ok

01:08:04.0661 1472 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

01:08:04.0661 1472 NdisTapi - ok

01:08:04.0708 1472 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

01:08:04.0708 1472 Ndisuio - ok

01:08:04.0723 1472 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

01:08:04.0739 1472 NdisWan - ok

01:08:04.0755 1472 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

01:08:04.0770 1472 NDProxy - ok

01:08:04.0817 1472 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

01:08:04.0833 1472 NetBIOS - ok

01:08:04.0848 1472 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

01:08:04.0864 1472 NetBT - ok

01:08:04.0926 1472 netr73 (bc1522f7871fd0ce25b164a83dd09dad) C:\Windows\system32\DRIVERS\netr73.sys

01:08:04.0942 1472 netr73 - ok

01:08:04.0973 1472 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

01:08:04.0973 1472 nfrd960 - ok

01:08:04.0989 1472 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

01:08:04.0989 1472 Npfs - ok

01:08:05.0004 1472 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

01:08:05.0004 1472 nsiproxy - ok

01:08:05.0051 1472 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

01:08:05.0082 1472 Ntfs - ok

01:08:05.0098 1472 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

01:08:05.0098 1472 Null - ok

01:08:05.0145 1472 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

01:08:05.0145 1472 nvraid - ok

01:08:05.0160 1472 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

01:08:05.0160 1472 nvstor - ok

01:08:05.0176 1472 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

01:08:05.0176 1472 nv_agp - ok

01:08:05.0207 1472 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

01:08:05.0207 1472 ohci1394 - ok

01:08:05.0254 1472 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

01:08:05.0254 1472 Parport - ok

01:08:05.0285 1472 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

01:08:05.0285 1472 partmgr - ok

01:08:05.0316 1472 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

01:08:05.0316 1472 Parvdm - ok

01:08:05.0332 1472 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

01:08:05.0332 1472 pci - ok

01:08:05.0363 1472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

01:08:05.0363 1472 pciide - ok

01:08:05.0394 1472 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

01:08:05.0410 1472 pcmcia - ok

01:08:05.0441 1472 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

01:08:05.0441 1472 pcw - ok

01:08:05.0457 1472 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

01:08:05.0472 1472 PEAUTH - ok

01:08:05.0581 1472 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

01:08:05.0581 1472 PptpMiniport - ok

01:08:05.0628 1472 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

01:08:05.0628 1472 Processor - ok

01:08:05.0675 1472 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

01:08:05.0675 1472 Psched - ok

01:08:05.0722 1472 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

01:08:05.0769 1472 ql2300 - ok

01:08:05.0784 1472 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

01:08:05.0784 1472 ql40xx - ok

01:08:05.0815 1472 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

01:08:05.0815 1472 QWAVEdrv - ok

01:08:05.0847 1472 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

01:08:05.0847 1472 RasAcd - ok

01:08:05.0878 1472 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

01:08:05.0878 1472 RasAgileVpn - ok

01:08:05.0893 1472 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

01:08:05.0909 1472 Rasl2tp - ok

01:08:05.0925 1472 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

01:08:05.0925 1472 RasPppoe - ok

01:08:05.0956 1472 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

01:08:05.0956 1472 RasSstp - ok

01:08:05.0987 1472 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

01:08:05.0987 1472 rdbss - ok

01:08:06.0018 1472 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

01:08:06.0018 1472 rdpbus - ok

01:08:06.0034 1472 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

01:08:06.0049 1472 RDPCDD - ok

01:08:06.0081 1472 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

01:08:06.0081 1472 RDPDR - ok

01:08:06.0112 1472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

01:08:06.0112 1472 RDPENCDD - ok

01:08:06.0127 1472 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

01:08:06.0127 1472 RDPREFMP - ok

01:08:06.0174 1472 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

01:08:06.0174 1472 RdpVideoMiniport - ok

01:08:06.0205 1472 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

01:08:06.0205 1472 RDPWD - ok

01:08:06.0252 1472 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

01:08:06.0252 1472 rdyboost - ok

01:08:06.0315 1472 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

01:08:06.0315 1472 rspndr - ok

01:08:06.0346 1472 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

01:08:06.0346 1472 s3cap - ok

01:08:06.0361 1472 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

01:08:06.0361 1472 sbp2port - ok

01:08:06.0393 1472 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

01:08:06.0408 1472 scfilter - ok

01:08:06.0424 1472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

01:08:06.0424 1472 secdrv - ok

01:08:06.0471 1472 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

01:08:06.0471 1472 Serenum - ok

01:08:06.0486 1472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

01:08:06.0486 1472 Serial - ok

01:08:06.0517 1472 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

01:08:06.0517 1472 sermouse - ok

01:08:06.0564 1472 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

01:08:06.0564 1472 sffdisk - ok

01:08:06.0580 1472 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

01:08:06.0580 1472 sffp_mmc - ok

01:08:06.0611 1472 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

01:08:06.0611 1472 sffp_sd - ok

01:08:06.0642 1472 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

01:08:06.0642 1472 sfloppy - ok

01:08:06.0673 1472 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

01:08:06.0673 1472 sisagp - ok

01:08:06.0689 1472 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

01:08:06.0705 1472 SiSRaid2 - ok

01:08:06.0705 1472 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

01:08:06.0720 1472 SiSRaid4 - ok

01:08:06.0736 1472 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

01:08:06.0736 1472 Smb - ok

01:08:06.0907 1472 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

01:08:06.0907 1472 SPBBCDrv - ok

01:08:07.0001 1472 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

01:08:07.0001 1472 spldr - ok

01:08:07.0079 1472 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys

01:08:07.0079 1472 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

01:08:07.0079 1472 sptd ( LockedFile.Multi.Generic ) - warning

01:08:07.0079 1472 sptd - detected LockedFile.Multi.Generic (1)

01:08:07.0126 1472 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS

01:08:07.0126 1472 SRTSP - ok

01:08:07.0157 1472 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS

01:08:07.0173 1472 SRTSPL - ok

01:08:07.0204 1472 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS

01:08:07.0204 1472 SRTSPX - ok

01:08:07.0235 1472 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

01:08:07.0251 1472 srv - ok

01:08:07.0251 1472 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

01:08:07.0266 1472 srv2 - ok

01:08:07.0282 1472 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

01:08:07.0282 1472 srvnet - ok

01:08:07.0344 1472 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

01:08:07.0344 1472 stexstor - ok

01:08:07.0375 1472 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

01:08:07.0375 1472 storflt - ok

01:08:07.0407 1472 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

01:08:07.0407 1472 storvsc - ok

01:08:07.0438 1472 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

01:08:07.0438 1472 swenum - ok

01:08:07.0469 1472 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

01:08:07.0469 1472 SymEvent - ok

01:08:07.0485 1472 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

01:08:07.0500 1472 SYMREDRV - ok

01:08:07.0516 1472 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

01:08:07.0516 1472 SYMTDI - ok

01:08:07.0531 1472 Synth3dVsc - ok

01:08:07.0609 1472 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

01:08:07.0625 1472 Tcpip - ok

01:08:07.0687 1472 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

01:08:07.0687 1472 TCPIP6 - ok

01:08:07.0781 1472 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

01:08:07.0781 1472 tcpipreg - ok

01:08:07.0953 1472 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

01:08:07.0953 1472 TDPIPE - ok

01:08:07.0999 1472 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

01:08:07.0999 1472 TDTCP - ok

01:08:08.0031 1472 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

01:08:08.0031 1472 tdx - ok

01:08:08.0077 1472 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys

01:08:08.0077 1472 Teefer2 - ok

01:08:08.0093 1472 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

01:08:08.0093 1472 TermDD - ok

01:08:08.0187 1472 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

01:08:08.0187 1472 tssecsrv - ok

01:08:08.0218 1472 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

01:08:08.0218 1472 TsUsbFlt - ok

01:08:08.0249 1472 tsusbhub - ok

01:08:08.0280 1472 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

01:08:08.0296 1472 tunnel - ok

01:08:08.0311 1472 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

01:08:08.0311 1472 uagp35 - ok

01:08:08.0374 1472 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

01:08:08.0374 1472 udfs - ok

01:08:08.0436 1472 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

01:08:08.0452 1472 uliagpkx - ok

01:08:08.0483 1472 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

01:08:08.0483 1472 umbus - ok

01:08:08.0514 1472 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

01:08:08.0530 1472 UmPass - ok

01:08:08.0577 1472 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

01:08:08.0577 1472 usbaudio - ok

01:08:08.0592 1472 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

01:08:08.0592 1472 usbccgp - ok

01:08:08.0623 1472 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

01:08:08.0623 1472 usbcir - ok

01:08:08.0655 1472 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

01:08:08.0655 1472 usbehci - ok

01:08:08.0686 1472 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

01:08:08.0686 1472 usbhub - ok

01:08:08.0701 1472 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

01:08:08.0717 1472 usbohci - ok

01:08:08.0733 1472 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

01:08:08.0748 1472 usbprint - ok

01:08:08.0764 1472 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:08:08.0764 1472 USBSTOR - ok

01:08:08.0795 1472 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

01:08:08.0795 1472 usbuhci - ok

01:08:08.0826 1472 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

01:08:08.0826 1472 vdrvroot - ok

01:08:08.0857 1472 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

01:08:08.0857 1472 vga - ok

01:08:08.0873 1472 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

01:08:08.0873 1472 VgaSave - ok

01:08:08.0889 1472 VGPU - ok

01:08:08.0920 1472 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

01:08:08.0935 1472 vhdmp - ok

01:08:08.0982 1472 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

01:08:08.0982 1472 viaagp - ok

01:08:08.0998 1472 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

01:08:09.0013 1472 ViaC7 - ok

01:08:09.0029 1472 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

01:08:09.0029 1472 viaide - ok

01:08:09.0060 1472 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

01:08:09.0060 1472 vmbus - ok

01:08:09.0091 1472 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

01:08:09.0091 1472 VMBusHID - ok

01:08:09.0123 1472 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

01:08:09.0123 1472 volmgr - ok

01:08:09.0169 1472 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

01:08:09.0169 1472 volmgrx - ok

01:08:09.0201 1472 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

01:08:09.0201 1472 volsnap - ok

01:08:09.0232 1472 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

01:08:09.0232 1472 vsmraid - ok

01:08:09.0247 1472 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

01:08:09.0247 1472 vwifibus - ok

01:08:09.0279 1472 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

01:08:09.0279 1472 vwififlt - ok

01:08:09.0357 1472 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys

01:08:09.0372 1472 VX6000 - ok

01:08:09.0419 1472 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

01:08:09.0419 1472 WacomPen - ok

01:08:09.0450 1472 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

01:08:09.0466 1472 WANARP - ok

01:08:09.0466 1472 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

01:08:09.0466 1472 Wanarpv6 - ok

01:08:09.0513 1472 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

01:08:09.0513 1472 Wd - ok

01:08:09.0544 1472 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

01:08:09.0544 1472 Wdf01000 - ok

01:08:09.0606 1472 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

01:08:09.0606 1472 WfpLwf - ok

01:08:09.0637 1472 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

01:08:09.0637 1472 WIMMount - ok

01:08:09.0700 1472 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

01:08:09.0700 1472 WmiAcpi - ok

01:08:09.0747 1472 WPS (c24cfb097547dd4dd9040ec9757f0dca) C:\Windows\system32\drivers\wpsdrvnt.sys

01:08:09.0747 1472 WPS - ok

01:08:09.0778 1472 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys

01:08:09.0778 1472 WpsHelper - ok

01:08:09.0825 1472 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

01:08:09.0825 1472 ws2ifsl - ok

01:08:09.0871 1472 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

01:08:09.0871 1472 WudfPf - ok

01:08:09.0903 1472 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

01:08:09.0903 1472 WUDFRd - ok

01:08:09.0949 1472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

01:08:09.0965 1472 \Device\Harddisk0\DR0 - ok

01:08:09.0996 1472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

01:08:09.0996 1472 \Device\Harddisk1\DR1 - ok

01:08:09.0996 1472 MBR (0x1B8) (f1bc9a487fad21118da4d5b596310ba4) \Device\Harddisk2\DR2

01:08:10.0480 1472 \Device\Harddisk2\DR2 - ok

01:08:10.0480 1472 Boot (0x1200) (ef44c3dc26bde6b816689cd3dae4bf3c) \Device\Harddisk0\DR0\Partition0

01:08:10.0495 1472 \Device\Harddisk0\DR0\Partition0 - ok

01:08:10.0511 1472 Boot (0x1200) (bc2a5696faaf1d65c044af5da58d00a4) \Device\Harddisk0\DR0\Partition1

01:08:10.0511 1472 \Device\Harddisk0\DR0\Partition1 - ok

01:08:10.0776 1472 Boot (0x1200) (de48249d6936673e8383cf219da573f3) \Device\Harddisk0\DR0\Partition2

01:08:10.0776 1472 \Device\Harddisk0\DR0\Partition2 - ok

01:08:10.0792 1472 Boot (0x1200) (0b3c485a79e3834cb0bed13b41c8c72c) \Device\Harddisk1\DR1\Partition0

01:08:10.0792 1472 \Device\Harddisk1\DR1\Partition0 - ok

01:08:10.0792 1472 Boot (0x1200) (96d19609c5794a6d8279e362ed2255a5) \Device\Harddisk1\DR1\Partition1

01:08:10.0807 1472 \Device\Harddisk1\DR1\Partition1 - ok

01:08:10.0807 1472 Boot (0x1200) (953c7e761331dea9baabb3a4c17f9cde) \Device\Harddisk1\DR1\Partition2

01:08:10.0807 1472 \Device\Harddisk1\DR1\Partition2 - ok

01:08:10.0807 1472 Boot (0x1200) (f0ef35cb68d515a819dd52bedae682d4) \Device\Harddisk2\DR2\Partition0

01:08:10.0823 1472 \Device\Harddisk2\DR2\Partition0 - ok

01:08:10.0823 1472 ============================================================

01:08:10.0823 1472 Scan finished

01:08:10.0823 1472 ============================================================

01:08:10.0839 4060 Detected object count: 1

01:08:10.0839 4060 Actual detected object count: 1

01:08:17.0562 4060 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

01:08:17.0578 4060 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

01:08:25.0237 3172 Deinitialize success

ComboFix 11-10-15.04 - Main 6/2011 Sun 1:11.3.4 - x86

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2626 [GMT -7:00]

Running from: c:\users\Main\Downloads\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Qdown.ico

.

.

((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))

.

.

2011-10-16 08:16 . 2011-10-16 08:16 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-10-16 08:16 . 2011-10-16 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-09 16:41 . 2011-10-09 16:41 -------- d-----w- c:\program files\Primary Interop Assemblies

2011-10-06 05:42 . 2011-10-16 08:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-29 04:47 . 2011-09-29 04:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46 . 2011-09-29 04:46 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2011-09-29 03:47 . 2011-09-29 04:02 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40 . 2010-11-20 11:20 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40 . 2009-07-14 02:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui

2011-09-29 03:39 . 2009-07-14 01:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll

2011-09-29 03:39 . 2009-07-14 01:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll

2011-09-29 03:39 . 2009-07-14 01:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll

2011-09-29 03:39 . 2009-07-14 01:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll

2011-09-29 03:23 . 2011-09-29 03:23 -------- d-----w- c:\program files\Common Files\Java

2011-09-29 03:23 . 2011-07-19 12:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15 . 2011-09-17 06:15 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05 . 2011-09-30 19:12 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05 . 2011-09-17 06:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2011-09-17 06:01 . 2011-09-30 22:12 -------- d-----w- c:\programdata\Battle.net

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 16:54 . 2011-08-27 00:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2011-09-04 05:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 06:17 . 2011-08-26 07:49 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17 . 2011-08-26 07:49 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16 . 2011-08-26 09:16 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51 . 2011-08-26 08:51 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 07:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-26 06:28 . 2011-08-26 06:28 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-26 06:28 . 2011-08-26 06:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-26 06:28 . 2011-08-26 06:28 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-26 06:28 . 2011-08-26 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-26 06:28 . 2011-08-26 06:28 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 06:28 . 2011-08-26 06:28 367104 ----a-w- c:\windows\system32\html.iec

2011-08-26 06:28 . 2011-08-26 06:28 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-26 06:28 . 2011-08-26 06:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-26 06:28 . 2011-08-26 06:28 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-26 06:28 . 2011-08-26 06:28 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-08-26 06:28 . 2011-08-26 06:28 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-26 06:28 . 2011-08-26 06:28 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-26 06:28 . 2011-08-26 06:28 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-26 06:28 . 2011-08-26 06:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-26 06:28 . 2011-08-26 06:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-26 06:28 . 2011-08-26 06:28 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-26 06:28 . 2011-08-26 06:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-08-26 06:28 . 2011-08-26 06:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-26 06:28 . 2011-08-26 06:28 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-16 15:48 . 2011-08-26 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBA8785F-DC1A-46C3-8975-61F3B53B427E}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BonUpdate.exe]

2011-05-31 02:10 1003008 ----a-w- c:\program files\bondisk.com\BonDisk(normal)\BonUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2009-07-09 03:14 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 22:36 136176 ----atw- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAutoUP.exe]

2011-05-31 02:05 1003008 ----a-w- c:\program files\qdown.com\Qdown(normal)\QAutoUP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]

2010-05-20 22:27 764784 ----a-w- c:\windows\vVX6000.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Bondisk Update Service;Bondisk Update Service;c:\program files\BonDisk.com\BonDisk(normal)\BonUpdate.exe [2011-05-31 1003008]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\Qdown(normal)\QAutoUp.exe [2011-05-31 1003008]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

R4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-08-28 1337432]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-26 722416]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 NetAccelerator;NetAccelerator_Service;c:\program files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe [2011-09-20 147456]

S2 SuperDownService;SuperDown Download Service;c:\program files\SuperDown\SuperDownService.exe [2011-08-11 150528]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 105592]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]

S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2009-05-20 552960]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 52429531

*Deregistered* - 52429531

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673205837-3864767729-1015926490-1001Core.job

- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

TCP: DhcpNameServer = 192.168.1.1

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{6BCB43AF-A20F-4996-8860-48F511A222DB}"=hex:51,66,7a,6c,4c,1d,38,12,c1,40,d8,

6f,3d,ec,f8,0c,f7,76,0b,b5,14,fc,66,cf

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e3,b3,26,7f,a5,78,cc,01

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-16 01:18:04

ComboFix-quarantined-files.txt 2011-10-16 08:18

.

Pre-Run: 38,263,586,816 bytes free

Post-Run: 38,276,788,224 bytes free

.

- - End Of File - - 3B4B13825E26C5468348D6252B0BB013

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 1:18:20 on 2011-10-16

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2478 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\SuperDown\SuperDownService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: TorrentSeek Toolbar: {6bcb43af-a20f-4996-8860-48f511a222db} - c:\program files\torrentseek\tbTorr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{091BFC2A-E4C2-48AF-86DC-E38B8B6E0E1A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 NetAccelerator;NetAccelerator_Service;c:\program files\bondisk.com\bondisk(normal)\NetAccelerator.exe [2011-9-19 147456]

R2 SuperDownService;SuperDown Download Service;c:\program files\superdown\SuperDownService.exe [2011-9-1 150528]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-10 1775344]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-26 105592]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2009-5-20 552960]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S2 Bondisk Update Service;Bondisk Update Service;c:\program files\bondisk.com\bondisk(normal)\BonUpdate.exe [2011-5-30 1003008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\qdown(normal)\QAutoUP.exe [2011-5-30 1003008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-26 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-25 1343400]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-8-27 1337432]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-16 08:18:07 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-16 08:18:06 -------- d-----w- c:\users\main\appdata\local\temp

2011-10-09 16:41:08 -------- d-----w- c:\program files\Primary Interop Assemblies

2011-10-06 05:42:46 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 06:06:48 98816 ----a-w- c:\windows\sed.exe

2011-10-03 06:06:48 518144 ----a-w- c:\windows\SWREG.exe

2011-10-03 06:06:48 256000 ----a-w- c:\windows\PEV.exe

2011-10-03 06:06:48 208896 ----a-w- c:\windows\MBR.exe

2011-09-29 04:47:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46:14 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47:28 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47:10 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP

2011-09-29 03:47:08 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47:04 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40:25 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40:07 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui

2011-09-29 03:39:59 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll

2011-09-29 03:39:59 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll

2011-09-29 03:39:59 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll

2011-09-29 03:39:59 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll

2011-09-29 03:23:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-17 06:15:40 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-09-17 06:05:14 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 06:05:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-09-17 06:01:23 -------- d-----w- c:\programdata\Battle.net

.

==================== Find3M ====================

.

2011-10-15 16:54:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 06:17:29 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17:28 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05:39 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 05:23:18 0 ----a-w- c:\windows\ativpsrm.bin

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866061F8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x86606008; MOV EAX, 0x8c4ad2f8; CALL EAX; }

1 ntkrnlpa!IofCallDriver[0x82C3A52A] -> \Device\Harddisk0\DR0[0x87195030]

3 CLASSPNP[0x8C80459E] -> ntkrnlpa!IofCallDriver[0x82C3A52A] -> \Device\Ide\IAAStorageDevice-1[0x86680028]

\Driver\iaStorV[0x8665CF38] -> IRP_MJ_CREATE -> 0x866061F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 1:18:36.02 ===============

Link to post
Share on other sites

Ok here is the log for combo fix.

ComboFix 11-10-19.06 - Main 9/2011 Wed 22:25:30.4.4 - x86

Microsoft Windows Se7en Maximum Edition 6.1.7601.1.949.82.1033.18.3582.2620 [GMT -7:00]

Running from: c:\users\Main\Downloads\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))

.

.

2011-10-20 05:30 . 2011-10-20 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-16 08:18 . 2011-10-20 05:30 -------- d-----w- c:\users\Main\AppData\Local\temp

2011-10-09 16:41 . 2011-10-09 16:41 -------- d-----w- c:\program files\Primary Interop Assemblies

2011-10-06 05:42 . 2011-10-16 08:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-29 04:47 . 2011-09-29 04:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-29 04:46 . 2011-09-29 04:46 -------- d-----w- c:\programdata\Hitman Pro

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\ja

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\0411

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-09-29 03:47 . 2011-09-29 03:47 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2011-09-29 03:47 . 2011-09-29 04:02 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-09-29 03:40 . 2010-11-20 11:20 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-09-29 03:40 . 2009-07-14 02:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui

2011-09-29 03:39 . 2009-07-14 01:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll

2011-09-29 03:39 . 2009-07-14 01:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll

2011-09-29 03:39 . 2009-07-14 01:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll

2011-09-29 03:39 . 2009-07-14 01:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll

2011-09-29 03:23 . 2011-09-29 03:23 -------- d-----w- c:\program files\Common Files\Java

2011-09-29 03:23 . 2011-07-19 12:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 16:54 . 2011-08-27 00:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2011-09-04 05:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 06:17 . 2011-08-26 07:49 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-29 06:17 . 2011-08-26 07:49 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-26 09:16 . 2011-08-26 09:16 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-08-26 08:51 . 2011-08-26 08:51 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-26 08:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-26 07:33 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-26 06:28 . 2011-08-26 06:28 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-26 06:28 . 2011-08-26 06:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-26 06:28 . 2011-08-26 06:28 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-26 06:28 . 2011-08-26 06:28 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-26 06:28 . 2011-08-26 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-26 06:28 . 2011-08-26 06:28 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 06:28 . 2011-08-26 06:28 367104 ----a-w- c:\windows\system32\html.iec

2011-08-26 06:28 . 2011-08-26 06:28 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-26 06:28 . 2011-08-26 06:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-26 06:28 . 2011-08-26 06:28 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-26 06:28 . 2011-08-26 06:28 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-08-26 06:28 . 2011-08-26 06:28 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-26 06:28 . 2011-08-26 06:28 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-26 06:28 . 2011-08-26 06:28 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-26 06:28 . 2011-08-26 06:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-26 06:28 . 2011-08-26 06:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-26 06:28 . 2011-08-26 06:28 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-26 06:28 . 2011-08-26 06:28 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-08-26 06:28 . 2011-08-26 06:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-26 06:28 . 2011-08-26 06:28 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-16 15:48 . 2011-08-26 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBA8785F-DC1A-46C3-8975-61F3B53B427E}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BonUpdate.exe]

2011-05-31 02:10 1003008 ----a-w- c:\program files\bondisk.com\BonDisk(normal)\BonUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2009-07-09 03:14 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-29 22:36 136176 ----atw- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAutoUP.exe]

2011-05-31 02:05 1003008 ----a-w- c:\program files\qdown.com\Qdown(normal)\QAutoUP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]

2010-05-20 22:27 764784 ----a-w- c:\windows\vVX6000.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Bondisk Update Service;Bondisk Update Service;c:\program files\BonDisk.com\BonDisk(normal)\BonUpdate.exe [2011-05-31 1003008]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 QDown Update Service;QDown Update Service;c:\program files\qdown.com\Qdown(normal)\QAutoUp.exe [2011-05-31 1003008]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]

R4 WinCloud;WinCloud;c:\program files\tutudisk.com\tutudisk(fast)\WinCloud.exe [2011-08-28 1337432]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-26 722416]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 NetAccelerator;NetAccelerator_Service;c:\program files\BonDisk.com\Bondisk(normal)\NetAccelerator.exe [2011-09-20 147456]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 105592]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]

S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2009-05-20 552960]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673205837-3864767729-1015926490-1001Core.job

- c:\users\Main\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-29 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

TCP: DhcpNameServer = 192.168.1.1

DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB

DPF: {75E65490-6995-49BE-A563-C97BFA549741} - hxxp://www.qdown.com/mmsv/QdownWebControl.CAB

DPF: {BB2158B8-8A7E-4A1E-AB10-961B1479EE85} - hxxp://www.tutudisk.com/mmsv/WebControl.CAB

DPF: {E28B9595-EA0D-457D-9968-0D1697ADF333} - hxxp://superdown.co.kr/setup/SuperDownWebControl.cab

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 625142446 (+255): user != kernel

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{6BCB43AF-A20F-4996-8860-48F511A222DB}"=hex:51,66,7a,6c,4c,1d,38,12,c1,40,d8,

6f,3d,ec,f8,0c,f7,76,0b,b5,14,fc,66,cf

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e3,b3,26,7f,a5,78,cc,01

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-673205837-3864767729-1015926490-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-19 22:32:29

ComboFix-quarantined-files.txt 2011-10-20 05:32

ComboFix2.txt 2011-10-16 08:18

.

Pre-Run: 43,191,013,376 bytes free

Post-Run: 43,180,957,696 bytes free

.

- - End Of File - - F7B37EB8710E3D592C421EBE809FF4DD

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=01acf3604a66d0479799bf6bbfc57e93

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-10-25 09:06:05

# local_time=2011-10-25 02:06:05 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776638 100 94 1380202 71114644 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=290819

# found=0

# cleaned=0

# scan_time=6912

Results of screen317's Security Check version 0.99.24

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Symantec Endpoint Protection Small Business Edition

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 29

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

BonDisk.com Bondisk(normal) NetAccelerator.exe

``````````End of Log````````````

The only issue I can tell is that the computer is running more intense like spurts sometimes, even when I don't have any process intensive programs running.

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Restart your computer.

Get the latest version of Adobe Flash Player.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Test Results Summary

Computer Name: MAIN-PC

Date Tested: Sun Oct 30 17:56:25 PDT 2011

This system performs extremely well on our benchmarks and appears to be among the fastest systems available! See the information below for your system details and advice on how to tweak the hardware and software for best performance.

Customized Tune-up Tips

• Upgrade disk space (Drive F, H)

• Update outdated device drivers

• Adjust IE browser cache size

• Setup a Free User Account

• 15 Tracking Cookies Found

Configuration Summary: Our analysis was based on the data collected from this computer. A summary of the data collected is shown below. Click on any of the subsystem names or flags in the table below to see more information, or use the test details to see all the data on one page. For a list of programs running on your computer, including spyware, see the Windows details page. The test history page has a summary of previous tests for this configuration. See how your system compares to others we've tested.

Subsystem Status Description

System Intel Core2 Quad, 2400 MHz

Memory 3583MB RAM

Disk Drives C, D, E, F, G, H, I

Video ATI Radeon HD 4600 Series

Internet Microsoft Internet Explorer 5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; .NET4.0C)

Windows Windows Vista Ultimate SP1

Security

Compare

Test Details

TipsIn the tips and the tables, red indicates a serious problem, yellow a minor problem, and blue a suggestion.

• Upgrade disk space (Drive F, H)

• Update outdated device drivers

• Adjust IE browser cache size

• Setup a Free User Account

• 15 Tracking Cookies Found

Windows ConfigurationDescription Your Results

Common Name Windows Vista Ultimate SP1

Full Version Windows Vista Ultimate SP1

First Install Thu Aug 25 2011

Free Resources 90%

Fonts Installed 310

Windows Scripting Version 5.8.7600.16385

PCPitstop Version 191

CPU Load 8%

Running ProgramsMalicious or poorly written running programs are a common cause of poor performance and system instability. We strongly recommend that you use an antivirus program like CA Anti-Virus and a spyware scanner such as PC Pitstop Exterminate on a regular basis. To get control over your running programs we suggest WinPatrol Plus. Click on a file name to see more information about it.

Legend: Virus Spyware/Adware Optional Required No data

designates programs that can safely be disabled to improve computer performance, PC Pitstop Optimize disables these programs.

Name Vendor Complete File Name

Dwm.exe Microsoft Corporation C:\Windows\System32\dwm.exe

Unknown Microsoft Corporation C:\Program Files\Internet Explorer\iexplore.exe

Unknown Google Inc. C:\Users\Main\AppData\Local\Google\Chrome\Application\chrome.exe

Unknown Microsoft Corporation C:\Windows\System32\SearchFilterHost.exe

Unknown Microsoft Corporation C:\Windows\System32\SearchProtocolHost.exe

Unknown Microsoft Corporation C:\Windows\explorer.exe

Symantec Agent Firewall Symantec Corporation C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

(Various) Microsoft Corporation C:\Windows\System32\rundll32.exe

Performance-Related Windows Settings

The following settings may be helpful in diagnosing general system performance problems.

Setting name Value

Video acceleration disabled No

Paging of kernel disabled Yes

Screen saver running during tests No

NOIDE key found in registry No

Running 32-bit code on 64-bit Windows No

System Restore disabled No

Large System Cache enabled No

Has batteries No

Hibernate enabled Yes

HIBERFIL.SYS present Yes

Hibernate policy in use No

Sleep/Resume policy in use Yes

Running on battery power No

Internet Configuration

Run our Free PC Pitstop Optimize 3.0 Scan to check proper registry settings for your connection type. Optimize tweaks the optimal registry values to get the most from your Internet connection.

Try our free Optimize 3.0 Scan Now!

Learn More.

Description Your Results

Bandwidth Down Not tested

Bandwidth Up Not tested

Average Ping 56 ms

Ping Loss 0%

Server Location Not Tested

TCP Receive Window (default)

External IP Address 173.55.156.203

Internal IP Address 192.168.1.2

Browser Microsoft Internet Explorer 5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; .NET4.0C)

IE current cache 2 MB

IE max cache 250 MB

Your bandwidth was not tested. The most common reason for this is that Flash is not installed or not up to date. Please update your Flash client and retest.

Get Broadband Internet Now!

Tired of dial-up? Broadband National has the lowest priced broadband connection availible nationwide. Compare 40 different provides to get the best price. Starting as low as $19.99 per month.

Click here to find a low cost provider in your area! The Bandwidth tests measure the Internet bandwidth between your computer and PC Pitstop's servers. In general, if your bandwidth result is at least 85% of the rated connection speed, you're receiving good throughput (though shared connections may affect this, too).

Average Ping measures the round-trip time for a packet to travel from the PC being tested to PC Pitstop's web site and back; lower numbers indicate better performance. Ping times under 150ms are typical of T1, DSL, or cable modems. Consistent ping times of more than 500ms should only be seen in connections that span continents (e.g., USA to Europe) and/or are linked by satellite. Ping losses usually indicate serious Internet congestion.

Internet performance can be erratic for many different reasons, so you can't expect to get maximum bandwidth and ping performance every time you test. You should test several times and at different times of the day to get the most accurate picture of your connection speed. To repeat only our Bandwidth test and get more information, plus tips for improving performance, click here. For additional testing of your browser configuration and Internet connection, we recommend BrowserTune.

More Internet related Settings

The following settings may be helpful in diagnosing internet performance problems.

Setting name Value

Using a proxy No

HTTP 1.1 through proxy Enabled Yes

HTTP 1.1 Enabled Yes

Check for newer pages turned off No

Show Pictures No

Format docs using my style sheet No

Content Advisor enabled No

Check Associations Disable No

Enable Automatic Image Resize Yes

Enable third-party browser extensions No

Enable page transitions No

Always use my {colors|fonts|size} No

Security ConfigurationDescription Your Results

IE Restricted Zone Permissions None

Security-Related Windows Settings

The following settings may be helpful in diagnosing spyware and browser hijacks.

Setting name Value

Explorer: Some drive letters are hidden No

Explorer: Hide extensions for known file types Yes

Explorer: Hide protected operating system files Yes

Explorer: Do not show hidden files and folders Yes

Explorer: Do not display contents of system folders No

HOSTS location remapped via the Registry No

System File Protection disabled No

Main BoardDescription Your Results

Brand/Model HP-Pavilion GC674AA-ABA m8120n

Type Desktop

Serial Number Not available

BIOS Phoenix Technologies, LTD Phoenix - AwardBIOS v6.00PG HPQOEM - 42302e31 20070608

System Board ASUSTek Computer INC. Basswood3G 1.05

ProcessorDescription Your Results

Brand/Model Intel Core2 Quad (4 CPUs)

Nominal Clock Speed 2400 MHz

Measured Clock Speed 2400 MHz

External Clock Speed 266 MHz

CPU Load 8%

Speed Rating 35106 (246% of 13 similar)

Memory ConfigurationDescription Results

RAM installed 4096 MB

Windows RAM 3583 MB

Total RAM slots 4

Available RAM slots 0

Memory Type 1024+1024+1024+1024;DIMM Unknown Synchronous

Speed Rating 11795 MB/s (144% of 13 similar)

Memory Tip

On virtually any system, memory is the best bang-for-the-buck upgrade, especially if you currently have 256MB or less. Installing memory is a snap, it just works and your PC is faster. PC World has put together a step-by-step video if you need help.

With prices so low lately I've purchased a lot of memory, and all of it has been from Crucial. Their prices beat the competition and they currently have free shipping.

-- Rob Cheng, CEO, PC PitstopUpgrading memory can give your computer extra performance. Crucial Technology can identify the memory you need at very competitive prices.

Speed rating is measured in megabytes per second. The percentage indicates the performance of this system compared to systems in our database with a similar CPU and clock speed; the number of similar systems is also shown. For example, a score of 50% would indicate this system had half the performance of comparable systems; 200% would indicate twice the performance. A "normal" number is 100% plus or minus about 15%.

The System Management BIOS is reporting that there is 4096 MB of RAM, but Windows reports that 3583 MB is available. The most common reason for this discrepancy is that your system uses some system RAM for the video graphics card or BIOS functions. This case is common in highly-integrated PCs with video graphics built into the system board, and does not require any changes on your part.

There is a large discrepancy between the memory reported by the BIOS versus Windows. Often, this indicates a System Management BIOS (SMBIOS) problem and you may be able to fix it with a BIOS upgrade available from the vendor. SMBIOS results can be incorrect even if the power-on self test (POST) detects all of your installed RAM. For more insight into what your SMBIOS reports and why it can be wrong, download and run our SMBIOS reporting tools.

Drive LettersThese are drive letters associated with hard disk drives. This list does not include drive letters for floppy disks or other removable media such as CD-ROM, DVD, Zip or Jaz drives.

Description Drive C Drive D Drive E Drive F Drive G Drive H Drive I

Partition format NTFS NTFS NTFS NTFS NTFS NTFS NTFS

Cluster size 4 KB 4 KB 4 KB 4 KB 4 KB 4 KB 4 KB

Drive label OS OS Backup 2nd HD Storage 3rd HD Games Install 1st HD Data 1st HD Video Storage 2nd HD BB Storage 2nd HD

Size 69994 MB 99999 MB 305242 MB 99998 MB 135250 MB 299999 MB 315401 MB

Free space 41323 MB (59%) 12236 MB (12%) 29371 MB (10%) 4503 MB (5%) 28466 MB (21%) 21588 MB (7%) 38627 MB (12%)

Junk files 2 MB (0%) 0 MB (0%) 0 MB (0%) 0 MB (0%) 0 MB (0%) 0 MB (0%) 0 MB (0%)

System Restore Space Not tested Not tested Not tested Not tested Not tested Not tested Not tested

Data fragmentation 4% Not tested Not tested Not tested Not tested Not tested Not tested

File fragmentation 0% Not tested Not tested Not tested Not tested Not tested Not tested

Uncached speed 56 MB/s (96%) 64 MB/s (110%) 50 MB/s (86%) 53 MB/s (91%) 47 MB/s (81%) 57 MB/s (98%) 40 MB/s (69%)

Percentages shown for free space, junk files (temporary files, browser cache, Recycle Bin files), and system restore space represent the size relative to the total disk capacity. A disk with 50% free space is half-full (or half-empty, if you're an optimist). PC Pitstop Optimize is an easy way to keep your hard disk free of unnecessary files.

Our full tests only perform disk health checking on the C drive. We recommend that you check the health of your other drives using Disk MD.

Data fragmentation measures the percentage of data on the disk that is contained in fragmented files. File fragmentation is the percentage of files on the disk that are fragmented. Some disk optimization programs such as Window's Disk Defragmenter intentionally fragment files to place them in the best position to ensure quick program loading, so the fragmentation measures may be non-zero even after running a disk optimizer. For more details check out Disk MD.

Cached and uncached speed is measured in megabytes per second (MB/s). When a percentage is shown for cached and uncached speed, it compares the performance of the drive with those of systems in our database with the same processor and clock speed. (Our database currently has 13 similar systems.) A rating of 200% means a disk is twice the performance of similar systems, 50% means it's half the performance. Cached disk speed generally measures the efficiency of the system's processor and memory system, not the performance of the hard disk. Uncached speed is most affected by the physical hard disk and the disk interface.

CD/DVD DrivesHere are the CD and DVD drives that we have detected on your system:

Model Type Max Read Speed Max Write Speed

TSSTcorp CD/DVDW TS-H653L DVD-RAM 4234 KB/s (24X) 7056 KB/s (40X)

Video BoardDescription Your Results

Brand/Model ATI Radeon HD 4600 Series

Resolution 1680x1050 pixels

Colors 16 million

DirectX version 6.1.7600.16385 (win7_rtm.090713-1255)

OpenGL version 6.1.7600.16385 (win7_rtm.090713-1255)

Acceleration options Enabled

Performance 234.94 MP/s (No similar CPU/MHz/video)

Get Updated Drivers!

Run PC Pitstop Driver Alert FREE to find your PCs most up-to-date drivers. more

Better Performance

Improved Stability

Fast and Easy

PC Pitstop's video performance performs a basic test of your system's graphics capabilities and reports the result in millions of pixels displayed per second (MP/s). The percentage indicates the performance of this system compared to systems in our database with a similar CPU, clock speed, and video board. For example, a score of 50% would indicate this system had half the performance of comparable systems; 200% would indicate twice the performance. Determining "normal" performance can be difficult, there can be wide differences due to video drivers even on the same video board. (You can use Driver Alert to see if you have the latest driver.)

MonitorsDescription

Monitor SyncMaster T220/T220G,SyncMaster Magic T220/T220G(

Max. Resolution (HxV) 1680 x 1050 pixels

Screen Size (HxV) 47 x 30 cm

Viewable Diagonal Size 21.95 inch

Manufacture Date September 2008

Serial Number 1415000626

Installed Software

This is a list of software packages installed on this PC that have an entry in the Add/Remove Programs dialog of Control Panel. Not all software packages installed on the system may have an entry listed here, but most will.

If you do not believe that you installed a particular software package listed here, there could be several explanations for how it got there:

If you bought a name-brand PC, it may have been installed by the maker of the PC before you bought it.

It may have been bundled with software that you knowingly did install, but the bundling was not made clear during the installation process.

It may have been installed through a drive-by download; many spyware and adware packages are installed this way.

One way to determine whether a software package was bundled with something is to see if there are other pieces of software that you did install on the same date; the chances are good that those may have bundled the software you don't recognize. Note: On Windows 9x/Me systems, it is not always possible to determine the installation date.

Name Publisher Category Date Installed

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Microsoft Corporation Oct 30, 2011

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Microsoft Corporation Oct 30, 2011

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Microsoft Corporation Oct 30, 2011

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Microsoft Corporation Oct 30, 2011

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Microsoft Corporation Oct 30, 2011

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Microsoft Corporation Oct 30, 2011

Microsoft Silverlight Microsoft Corporation Oct 29, 2011

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated Oct 15, 2011

Diablo III Beta Blizzard Entertainment Sep 30, 2011

Adobe Flash Player 10 Plugin Adobe Systems Incorporated Sep 29, 2011

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation Sep 28, 2011

Malwarebytes' Anti-Malware version 1.51.2.1300 Malwarebytes Corporation Sep 19, 2011

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation Sep 17, 2011

GOM Player Gretech Corporation Sep 08, 2011

YouTube Downloader 3.3 BienneSoft Sep 02, 2011

YouTube Downloader Toolbar v4.6 Spigot, Inc. Sep 01, 2011

½´ÆÛ´Ù¿î Aug 31, 2011

Vz In Home Agent Verizon Aug 29, 2011

Google Chrome Google Inc. Aug 29, 2011

Microsoft Visual C++ 2005 Redistributable Microsoft Corporation Aug 29, 2011

½´ÆÛ´Ù¿î Aug 28, 2011

Foxit Creator Foxit Corporation Aug 27, 2011

Real Alternative 2.0.2 Aug 26, 2011

QuickTime Alternative 3.2.2 Aug 26, 2011

MPEG2 Codec(libmpeg2/mad) Aug 26, 2011

Microsoft Office Professional Plus 2010 Microsoft Corporation Aug 26, 2011

¥ìTorrent Aug 26, 2011

Symantec Endpoint Protection Small Business Edition Symantec Corporation Aug 26, 2011

LiveUpdate 3.3 (Symantec Corporation) Symantec Corporation AntiSpam AntiSpyware AntiVirus Backup Firewall SysTool Aug 26, 2011

Microsoft .NET Framework 4 Client Profile Microsoft Corporation Aug 26, 2011

Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation Aug 26, 2011

Windows Live Essentials Microsoft Corporation Aug 26, 2011

Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation Aug 26, 2011

Bing Bar Microsoft Corporation Aug 26, 2011

Microsoft LifeCam Microsoft Corporation Aug 26, 2011

TorrentSeek Toolbar Aug 26, 2011

Realtek High Definition Audio Driver Realtek Semiconductor Corp. Aug 26, 2011

Notepad++ Aug 26, 2011

Adobe Shockwave Player 11.5 Adobe Systems, Inc. Aug 26, 2011

CCleaner Piriform SysTool Aug 26, 2011

7-Zip 9.13 beta Aug 26, 2011

Yahoo! Toolbar Aug 26, 2011

Foxit Reader Foxit Corporation Aug 26, 2011

Java 6 Update 29 Sun Microsystems, Inc. Aug 25, 2011

ImgBurn LIGHTNING UK! Aug 25, 2011

K-Lite Mega Codec Pack 5.0.5 Aug 25, 2011

Link to post
Share on other sites

  • Staff

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.