Jonkiote

Members

View Profile See their activity

Posts
19
Joined
February 22, 2012
Last visited
July 7, 2018

Reputation

0 Neutral

Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Great! Thank you for your help Maurice. I've learned a lot. Time to make a restore point and then use the internet! Cya!
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Besides the antivirus problem, the only question I have left is regarding my ipod/USB. When I had the trojans and infections, I did frequently plug them in. Does that mean my usb/ipod could be infected too? (I have not plugged anything into the computer ever since my first post on this site).
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

So, I went to the adobe site, and downloaded the latest adobe reader there. Here's the new Security check log: Results of screen317's Security Check version 0.99.31 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 31 Adobe Flash Player 11.1.102.62 Adobe Reader X (10.1.2) Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

That's weird. Why does it say my adobe reader is out of date? I checked for updates, and there was none. I have v9.5.0.
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

I believe Norton is currently installed. I could have sworn I uninstalled avg already using avg remover. Yes, all else seems to be fine. All systems green! Results of screen317's Security Check version 0.99.31 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 31 Adobe Flash Player 11.1.102.62 Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Awesome, that fixed the exe problem! Norton was preinstalled when I bought the comp, and I did have AVG, but I uninstalled it months ago because I thought it conflicted with MBAM.
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Hi again, The Rsitx64 did not create an info.txt this time, only a log.txt I'm sorry, but what do you mean by "Winkey"? Combofix log: 2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat 2012-02-26 02:46:02 . 2012-02-26 02:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527}.reg.dat 2012-02-26 02:46:01 . 2012-02-26 02:46:01 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2012-02-26 02:45:51 . 2012-02-26 02:45:51 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat 2012-02-26 02:45:51 . 2012-02-26 02:45:51 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2012-02-26 02:45:50 . 2012-02-26 02:45:50 718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat 2012-02-26 02:45:49 . 2012-02-26 02:45:49 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.reg.dat 2012-02-26 02:29:54 . 2012-02-26 02:29:54 6,273 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-02-26 02:21:53 . 2012-02-26 02:21:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log MBAM log: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.25.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Carelessjon :: CARELESSJON-PC [administrator] Protection: Enabled 2/25/2012 5:58:14 PM mbam-log-2012-02-25 (17-58-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221065 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RSIT log: Logfile of random's system information tool 1.09 (written by random/random) Run by Carelessjon at 2012-02-25 18:05:11 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 33 GB (6%) free of 596 GB Total RAM: 3895 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:05:19 PM, on 2/25/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Carelessjon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.hawaii.edu:10012/studentinterface/PrintScript/smsx.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - (no file) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12394 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService /QuitInfo:0000000000000264;00000000000002C8; /AddRef; C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1 C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe" "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 1856 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" "taskhost.exe" "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /c /a /s UserSession /QuitInfo:00000000000008D4;00000000000008D8; /AddRef; /QuitInfo:0000000000000884;00000000000008B8; /loadhooks /Parent:00000000000004E0 "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /startalways C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3956 CREDAT:145409 C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe "C:\Users\Carelessjon\Desktop\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default prefs.js - "browser.startup.homepage" - "http://www.minecraftwiki.net/wiki/Minecraft_Wiki" prefs.js - "extensions.enabledItems" - "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6, wtxpcom@mybrowserbar.com:4.9, youtubedownloader@mybrowserbar.com:4.9, {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25" prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0] "Description"=Virtual Earth 3D "Path"=C:\Program Files (x86)\Virtual Earth 3D\ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame] "Description"=Nexon Game Controller "Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0] "Description"= "Path"=C:\Program Files (x86)\Virtual Earth 3D\ C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files (x86)\Mozilla Firefox\plugins\ npdeployJava1.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml avg-secure-search.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\extensions\ adblockpopups@jessehakanen.net {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} {88c7f2aa-f93f-432c-8f0e-b7d85967a527} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL [2011-11-23 210360] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-14 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Security Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-14 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-01-11 458352] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll [2011-12-14 501176] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-11 342128] {95B7759C-8C7F-4BF1-B163-73684A933233} - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TouchORB"=C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [2010-02-03 153416] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-23 10081312] "TouchPortal"=C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [2010-03-08 6310432] "RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-09-30 17920] "AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984] "Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-10 39408] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "YouCam Mirror Tray icon"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2009-11-23 167008] "BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-02-08 74984] "THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2010-02-22 1016832] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-10 90112] "SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] "AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888] "Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2012-01-10 390656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-11-12 249344] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-02-25 16:47:08 ----D---- C:\Windows\temp 2012-02-25 16:47:06 ----A---- C:\ComboFix.txt 2012-02-25 16:22:01 ----A---- C:\Windows\zip.exe 2012-02-25 16:22:01 ----A---- C:\Windows\SWSC.exe 2012-02-25 16:22:01 ----A---- C:\Windows\SWREG.exe 2012-02-25 16:22:01 ----A---- C:\Windows\sed.exe 2012-02-25 16:22:01 ----A---- C:\Windows\PEV.exe 2012-02-25 16:22:01 ----A---- C:\Windows\NIRCMD.exe 2012-02-25 16:22:01 ----A---- C:\Windows\MBR.exe 2012-02-25 16:22:01 ----A---- C:\Windows\grep.exe 2012-02-25 16:21:50 ----D---- C:\Qoobox 2012-02-25 12:32:19 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_12.32.19_log.txt 2012-02-25 05:33:38 ----D---- C:\SilentRunner 2012-02-25 05:04:30 ----D---- C:\ARK 2012-02-25 05:01:20 ----D---- C:\TDSSKiller_Quarantine 2012-02-25 04:59:13 ----A---- C:\TDSSKiller.2.7.14.0_25.02.2012_04.59.13_log.txt 2012-02-24 18:43:55 ----D---- C:\Program Files (x86)\ESET 2012-02-24 18:30:51 ----D---- C:\_OTL 2012-02-23 20:50:58 ----D---- C:\Users\Carelessjon\AppData\Roaming\QuickScan 2012-02-23 20:40:15 ----D---- C:\rsit 2012-02-23 20:40:15 ----D---- C:\Program Files\trend micro 2012-02-23 20:35:04 ----D---- C:\Windows\ERDNT 2012-02-23 20:33:52 ----D---- C:\Program Files (x86)\ERUNT 2012-02-15 21:44:05 ----D---- C:\ProgramData\Intel 2012-02-15 00:40:31 ----A---- C:\Windows\system32\MRT.INI 2012-02-15 00:37:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2012-02-15 00:37:41 ----A---- C:\Windows\system32\mshtmled.dll 2012-02-15 00:37:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2012-02-15 00:37:40 ----A---- C:\Windows\system32\jscript9.dll 2012-02-15 00:37:40 ----A---- C:\Windows\system32\iertutil.dll 2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\url.dll 2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\jscript.dll 2012-02-15 00:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll 2012-02-15 00:37:39 ----A---- C:\Windows\system32\url.dll 2012-02-15 00:37:39 ----A---- C:\Windows\system32\jscript.dll 2012-02-15 00:37:39 ----A---- C:\Windows\system32\ieui.dll 2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\wininet.dll 2012-02-15 00:37:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2012-02-15 00:37:38 ----A---- C:\Windows\system32\wininet.dll 2012-02-15 00:37:38 ----A---- C:\Windows\system32\urlmon.dll 2012-02-15 00:37:38 ----A---- C:\Windows\system32\jsproxy.dll 2012-02-15 00:37:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2012-02-15 00:37:36 ----A---- C:\Windows\system32\mshtml.dll 2012-02-15 00:37:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2012-02-15 00:37:34 ----A---- C:\Windows\system32\ieframe.dll 2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaws.exe 2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe 2012-02-14 23:52:40 ----A---- C:\Windows\SYSWOW64\java.exe 2012-02-14 23:24:35 ----A---- C:\Windows\system32\shell32.dll 2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\shell32.dll 2012-02-14 23:24:33 ----A---- C:\Windows\SYSWOW64\ntshrui.dll 2012-02-14 23:24:33 ----A---- C:\Windows\system32\ntshrui.dll 2012-02-14 23:24:29 ----A---- C:\Windows\system32\win32k.sys 2012-02-14 23:24:28 ----A---- C:\Windows\system32\drivers\afd.sys 2012-02-14 23:24:25 ----A---- C:\Windows\SYSWOW64\msvcrt.dll 2012-02-14 23:24:25 ----A---- C:\Windows\system32\msvcrt.dll 2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\YouTube Downloader Toolbar 2012-02-12 05:09:02 ----D---- C:\Program Files (x86)\Application Updater 2012-01-28 17:33:17 ----D---- C:\Program Files\iTunes 2012-01-28 17:33:17 ----D---- C:\Program Files\iPod ======List of files/folders modified in the last 1 month====== 2012-02-25 17:59:19 ----D---- C:\Windows\system32\config 2012-02-25 16:52:57 ----SHD---- C:\Windows\Installer 2012-02-25 16:52:50 ----D---- C:\ProgramData\Adobe 2012-02-25 16:47:09 ----D---- C:\Windows\system32\drivers 2012-02-25 16:47:08 ----D---- C:\Windows 2012-02-25 16:42:00 ----A---- C:\Windows\system.ini 2012-02-25 16:41:53 ----D---- C:\Windows\system32\drivers\etc 2012-02-25 16:41:07 ----D---- C:\Windows\System32 2012-02-25 16:41:07 ----D---- C:\Windows\inf 2012-02-25 16:41:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-02-25 16:36:55 ----A---- C:\Windows\SYSWOW64\log.txt 2012-02-25 16:29:12 ----D---- C:\Windows\SYSWOW64\drivers 2012-02-25 16:29:12 ----D---- C:\Windows\SysWOW64 2012-02-25 16:29:12 ----D---- C:\Windows\AppPatch 2012-02-25 16:29:11 ----D---- C:\Program Files\Common Files 2012-02-25 16:29:11 ----D---- C:\Program Files (x86)\Common Files 2012-02-24 19:37:05 ----D---- C:\ProgramData\YouTube Downloader 2012-02-24 18:43:59 ----D---- C:\Windows\Downloaded Program Files 2012-02-24 18:43:55 ----RD---- C:\Program Files (x86) 2012-02-24 18:31:11 ----SHD---- C:\System Volume Information 2012-02-24 18:28:04 ----D---- C:\Windows\Prefetch 2012-02-23 20:40:15 ----RD---- C:\Program Files 2012-02-22 13:25:14 ----A---- C:\Windows\wininit.ini 2012-02-21 22:10:14 ----D---- C:\Windows\system32\Tasks 2012-02-17 12:40:50 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-02-16 13:41:29 ----RSD---- C:\Windows\assembly 2012-02-16 13:41:29 ----D---- C:\Windows\Microsoft.NET 2012-02-15 21:44:05 ----D---- C:\ProgramData 2012-02-15 21:42:34 ----D---- C:\Windows\system32\catroot2 2012-02-15 21:41:58 ----D---- C:\Program Files (x86)\Intel 2012-02-15 21:41:22 ----D---- C:\Windows\system32\catroot 2012-02-15 21:41:18 ----D---- C:\Windows\system32\DriverStore 2012-02-15 17:51:24 ----D---- C:\Windows\winsxs 2012-02-15 17:49:50 ----D---- C:\Windows\SYSWOW64\migration 2012-02-15 17:49:50 ----D---- C:\Windows\system32\migration 2012-02-15 17:49:50 ----D---- C:\Program Files\Internet Explorer 2012-02-15 17:49:50 ----D---- C:\Program Files (x86)\Internet Explorer 2012-02-15 00:41:18 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2012-02-15 00:38:39 ----D---- C:\Windows\debug 2012-02-15 00:38:37 ----A---- C:\Windows\system32\MRT.exe 2012-02-14 23:52:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll 2012-02-14 22:55:50 ----D---- C:\Windows\system32\NDF 2012-02-13 13:29:04 ----D---- C:\Users\Carelessjon\AppData\Roaming\uTorrent 2012-02-09 10:25:30 ----D---- C:\Windows\system32\FxsTmp 2012-02-01 16:12:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-01-31 09:56:35 ----D---- C:\Windows\system32\drivers\NISx64 2012-01-31 03:57:07 ----D---- C:\Program Files\Symantec 2012-01-30 12:01:20 ----D---- C:\ProgramData\AVG Secure Search 2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe 2012-01-28 17:34:01 ----D---- C:\Program Files (x86)\iTunes ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [2011-07-25 451192] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [2011-11-23 1092728] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-01 1151096] R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [2011-11-04 167048] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-12-14 482936] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS [2011-11-23 37496] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [2011-11-16 190072] R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [2011-11-16 405624] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48:29]; \??\C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-08 146928] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2009-12-24 294064] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152] R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-23 2272544] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-12-24 244736] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-02-24 67616] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152] R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-02-01 852256] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-01-31 175736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232] S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [] S3 int15.sys;int15.sys; \??\C:\Windows\syswow64\OEM\Factory\int15.sys [] S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS [2011-12-14 117880] S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS [2011-12-14 2048632] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136] S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [2011-11-23 738936] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 Greg_Service;GRegService; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-27 1150496] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-12-28 268824] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-29 138248] R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2320920] R2 Updater Service;Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232] R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664] S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2009-10-09 238328] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-10 182768] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760] S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736] -----------------EOF-----------------
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

I was able to update Adobe Reader, but I still can't open any file without the admin option..
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Also, I was not able to turn windows defender back on after the scan. But I could turn MBAM back on due to it being an icon on my desktop with the run as admin opt.
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Um. I ran combofix, but now I can't really do anything else. Whenever I click any icon, I get this pop-up "illegal operation being attempted on a registry key that has been marked for deletion." The only things I can run are icons that have the "run as admin" option if I right click it, but not everything has that option.. It was going so well.. I could not start adobe reader, and therefore could not update it. Combofix log: ComboFix 12-02-25.02 - Carelessjon 02/25/2012 16:25:19.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2363 [GMT -10:00] Running from: c:\users\Carelessjon\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 ))))))))))))))))))))))))))))))) . . 2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-02-26 02:34 . 2012-02-26 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-25 15:33 . 2012-02-25 15:39 -------- d-----w- C:\SilentRunner 2012-02-25 15:04 . 2012-02-25 15:31 -------- d-----w- C:\ARK 2012-02-25 15:01 . 2012-02-25 15:01 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-25 04:43 . 2012-02-25 04:43 -------- d-----w- c:\program files (x86)\ESET 2012-02-25 04:30 . 2012-02-25 04:30 -------- d-----w- C:\_OTL 2012-02-24 06:50 . 2012-02-24 06:51 -------- d-----w- c:\users\Carelessjon\AppData\Roaming\QuickScan 2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- C:\rsit 2012-02-24 06:40 . 2012-02-24 06:40 -------- d-----w- c:\program files\trend micro 2012-02-24 06:34 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFE10DA-72EB-4B52-99B7-B47BDE9562A3}\mpengine.dll 2012-02-24 06:33 . 2012-02-24 06:34 -------- d-----w- c:\program files (x86)\ERUNT 2012-02-16 07:44 . 2012-02-16 07:44 -------- d-----w- c:\programdata\Intel 2012-02-15 09:52 . 2012-02-15 09:52 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-15 09:24 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 09:24 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 09:24 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 09:24 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 09:24 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 09:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 09:24 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 09:24 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-12 15:09 . 2012-02-25 05:19 -------- d-----w- c:\program files (x86)\Application Updater 2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2012-02-12 15:09 . 2012-02-12 15:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-02-02 12:20 . 2012-02-17 22:40 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2012-01-31 13:56 . 2012-01-31 19:55 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091 2012-01-29 03:33 . 2012-01-29 03:34 -------- d-----w- c:\program files\iTunes 2012-01-29 03:33 . 2012-01-29 03:33 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-17 05:22 . 2011-06-18 05:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-15 09:52 . 2010-12-31 10:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-31 13:56 . 2010-10-17 10:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-01-29 15:10 . 2012-01-21 03:09 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 08:43 . 2012-01-11 08:43 167704 ----a-w- c:\windows\system32\igfxtray.exe 2012-01-11 08:43 . 2012-01-11 08:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe 2012-01-11 08:43 . 2012-01-11 08:43 417560 ----a-w- c:\windows\system32\igfxpers.exe 2012-01-11 08:43 . 2012-01-11 08:43 239896 ----a-w- c:\windows\system32\igfxext.exe 2012-01-11 08:43 . 2012-01-11 08:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe 2012-01-11 08:43 . 2012-01-11 08:43 392984 ----a-w- c:\windows\system32\hkcmd.exe 2012-01-11 08:43 . 2012-01-11 08:43 184600 ----a-w- c:\windows\system32\difx64.exe 2012-01-11 08:37 . 2012-01-11 08:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll 2012-01-11 08:28 . 2012-01-11 08:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll 2012-01-11 08:28 . 2012-01-11 08:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2012-01-11 08:27 . 2012-01-11 08:27 867020 ----a-w- c:\windows\system32\igkrng575.bin 2012-01-11 08:27 . 2012-01-11 08:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin 2012-01-11 08:27 . 2012-01-11 08:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin 2012-01-11 08:18 . 2010-08-26 05:31 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll 2012-01-11 08:12 . 2010-08-26 05:28 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll 2012-01-11 08:06 . 2010-08-26 05:26 9528832 ----a-w- c:\windows\system32\igd10umd64.dll 2012-01-11 07:55 . 2010-08-26 05:23 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2012-01-11 07:42 . 2012-01-11 07:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll 2012-01-11 07:29 . 2012-01-11 07:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc 2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc 2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc 2012-01-11 07:20 . 2012-01-11 07:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc 2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc 2012-01-11 07:20 . 2012-01-11 07:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc 2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc 2012-01-11 07:20 . 2012-01-11 07:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc 2012-01-11 07:20 . 2012-01-11 07:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc 2012-01-11 07:20 . 2012-01-11 07:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc 2012-01-11 07:20 . 2012-01-11 07:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc 2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc 2012-01-11 07:20 . 2012-01-11 07:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc 2012-01-11 07:20 . 2012-01-11 07:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2012-01-11 07:20 . 2012-01-11 07:20 375808 ----a-w- c:\windows\system32\igfxpph.dll 2012-01-11 07:19 . 2012-01-11 07:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll 2012-01-11 07:19 . 2012-01-11 07:19 28672 ----a-w- c:\windows\system32\igfxexps.dll 2012-01-11 07:19 . 2010-08-26 05:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll 2012-01-11 07:19 . 2010-08-26 05:04 110080 ----a-w- c:\windows\system32\hccutils.dll 2012-01-11 07:19 . 2012-01-11 07:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2012-01-11 07:19 . 2012-01-11 07:19 390656 ----a-w- c:\windows\system32\igfxdev.dll 2012-01-11 07:19 . 2012-01-11 07:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll 2012-01-11 07:18 . 2012-01-11 07:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc 2012-01-11 07:18 . 2012-01-11 07:18 142336 ----a-w- c:\windows\system32\igfxdo.dll 2012-01-11 07:18 . 2010-08-26 05:03 9014784 ----a-w- c:\windows\system32\igfxress.dll 2012-01-11 07:15 . 2012-01-11 07:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2012-01-11 07:14 . 2012-01-11 07:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll 2012-01-11 07:12 . 2012-01-11 07:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll 2012-01-11 07:12 . 2012-01-11 07:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll 2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll 2012-01-11 07:12 . 2012-01-11 07:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll 2012-01-11 07:12 . 2012-01-11 07:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll 2012-01-11 07:12 . 2012-01-11 07:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2012-01-11 07:12 . 2012-01-11 07:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2012-01-11 07:12 . 2012-01-11 07:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll 2011-12-11 01:24 . 2012-01-14 21:25 23152 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-11-24 167008] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-02-08 74984] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-02-23 1016832] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-25 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-14 460872] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664] R2 SBSDWSCService;SBSD Security Center Service; [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 135664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-09-02 1151096] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-21 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {60DB6561-0A84-4c94-AF33-288405CFD56D};Power Control [2010/04/12 00:48];c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl [2010-02-09 03:43 146928] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-14 652360] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-29 2320920] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232] S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-14 869216] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-14 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20] . 2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 11:20] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-02-04 153416] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312] "TouchPortal"="c:\program files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [2010-03-09 6310432] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx6900&r=27361010l200p0427y155k45m1r27r uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll FF - ProfilePath - c:\users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Profiles\u6wdl1pn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.minecraftwiki.net/wiki/Minecraft_Wiki FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-Locked - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-Locked - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{60DB6561-0A84-4c94-AF33-288405CFD56D}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerCinema Movie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-368538222-2643626402-1821840259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe . ************************************************************************** . Completion time: 2012-02-25 16:47:03 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-26 02:47 . Pre-Run: 33,842,069,504 bytes free Post-Run: 35,544,367,104 bytes free . - - End Of File - - 5B94ACC2255DB4E1BD17A4ACB200CD42 Awaiting orders, sir.
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Hmm. MBAM no longer detects anything svchost seems to be gone! Thank you so much! When running roguekiller, I assumed I was supposed to click scan after the pre-scan since under the registry tab, there was nothing listed. And so I did. The scan found 2 files which I deleted. The TDSS killer scan showed no infections, so I didn't reboot or cure anything.(yay?) RogueKiller log: RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Carelessjon [Admin rights] Mode: Scan -- Date: 02/25/2012 12:31:10 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++ --- User --- [MBR] ebe60ec8dd1041ac5bb31652596469e4 [bSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt TDSSKiller log: 12:32:19.0077 2348 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 12:32:19.0686 2348 ============================================================ 12:32:19.0686 2348 Current date / time: 2012/02/25 12:32:19.0686 12:32:19.0686 2348 SystemInfo: 12:32:19.0686 2348 12:32:19.0686 2348 OS Version: 6.1.7601 ServicePack: 1.0 12:32:19.0686 2348 Product type: Workstation 12:32:19.0686 2348 ComputerName: CARELESSJON-PC 12:32:19.0686 2348 UserName: Carelessjon 12:32:19.0686 2348 Windows directory: C:\Windows 12:32:19.0686 2348 System windows directory: C:\Windows 12:32:19.0686 2348 Running under WOW64 12:32:19.0686 2348 Processor architecture: Intel x64 12:32:19.0686 2348 Number of processors: 4 12:32:19.0686 2348 Page size: 0x1000 12:32:19.0686 2348 Boot type: Normal boot 12:32:19.0686 2348 ============================================================ 12:32:21.0449 2348 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:32:21.0464 2348 \Device\Harddisk0\DR0: 12:32:21.0464 2348 MBR used 12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 12:32:21.0464 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000 12:32:21.0480 2348 Initialize success 12:32:21.0480 2348 ============================================================ 12:32:30.0247 4192 ============================================================ 12:32:30.0247 4192 Scan started 12:32:30.0247 4192 Mode: Manual; 12:32:30.0247 4192 ============================================================ 12:32:31.0667 4192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:32:31.0698 4192 1394ohci - ok 12:32:31.0745 4192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:32:31.0745 4192 ACPI - ok 12:32:31.0776 4192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:32:31.0776 4192 AcpiPmi - ok 12:32:31.0838 4192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 12:32:31.0838 4192 adp94xx - ok 12:32:31.0901 4192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 12:32:31.0916 4192 adpahci - ok 12:32:31.0932 4192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 12:32:31.0932 4192 adpu320 - ok 12:32:31.0994 4192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:32:31.0994 4192 AFD - ok 12:32:32.0010 4192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:32:32.0010 4192 agp440 - ok 12:32:32.0025 4192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:32:32.0025 4192 aliide - ok 12:32:32.0041 4192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:32:32.0041 4192 amdide - ok 12:32:32.0057 4192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 12:32:32.0057 4192 AmdK8 - ok 12:32:32.0057 4192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 12:32:32.0057 4192 AmdPPM - ok 12:32:32.0072 4192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:32:32.0072 4192 amdsata - ok 12:32:32.0088 4192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 12:32:32.0088 4192 amdsbs - ok 12:32:32.0103 4192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:32:32.0103 4192 amdxata - ok 12:32:32.0135 4192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:32:32.0135 4192 AppID - ok 12:32:32.0197 4192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 12:32:32.0197 4192 arc - ok 12:32:32.0213 4192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 12:32:32.0213 4192 arcsas - ok 12:32:32.0244 4192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:32:32.0259 4192 AsyncMac - ok 12:32:32.0275 4192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:32:32.0275 4192 atapi - ok 12:32:32.0322 4192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 12:32:32.0337 4192 b06bdrv - ok 12:32:32.0400 4192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:32:32.0400 4192 b57nd60a - ok 12:32:32.0431 4192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:32:32.0431 4192 Beep - ok 12:32:32.0556 4192 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys 12:32:32.0556 4192 BHDrvx64 - ok 12:32:32.0603 4192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 12:32:32.0603 4192 blbdrive - ok 12:32:32.0649 4192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:32:32.0649 4192 bowser - ok 12:32:32.0681 4192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:32:32.0681 4192 BrFiltLo - ok 12:32:32.0712 4192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:32:32.0712 4192 BrFiltUp - ok 12:32:32.0727 4192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:32:32.0727 4192 Brserid - ok 12:32:32.0743 4192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:32:32.0743 4192 BrSerWdm - ok 12:32:32.0759 4192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:32:32.0759 4192 BrUsbMdm - ok 12:32:32.0774 4192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:32:32.0774 4192 BrUsbSer - ok 12:32:32.0774 4192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 12:32:32.0790 4192 BTHMODEM - ok 12:32:32.0837 4192 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys 12:32:32.0837 4192 ccSet_NIS - ok 12:32:32.0868 4192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:32:32.0868 4192 cdfs - ok 12:32:32.0899 4192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 12:32:32.0899 4192 cdrom - ok 12:32:32.0946 4192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 12:32:32.0946 4192 circlass - ok 12:32:32.0977 4192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:32:32.0977 4192 CLFS - ok 12:32:33.0039 4192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 12:32:33.0039 4192 CmBatt - ok 12:32:33.0055 4192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:32:33.0055 4192 cmdide - ok 12:32:33.0086 4192 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:32:33.0086 4192 CNG - ok 12:32:33.0102 4192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 12:32:33.0102 4192 Compbatt - ok 12:32:33.0133 4192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:32:33.0133 4192 CompositeBus - ok 12:32:33.0149 4192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 12:32:33.0149 4192 crcdisk - ok 12:32:33.0195 4192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:32:33.0195 4192 DfsC - ok 12:32:33.0227 4192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:32:33.0227 4192 discache - ok 12:32:33.0242 4192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 12:32:33.0242 4192 Disk - ok 12:32:33.0273 4192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:32:33.0273 4192 drmkaud - ok 12:32:33.0336 4192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:32:33.0336 4192 DXGKrnl - ok 12:32:33.0367 4192 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys 12:32:33.0367 4192 e1kexpress - ok 12:32:33.0398 4192 EagleX64 - ok 12:32:33.0492 4192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 12:32:33.0570 4192 ebdrv - ok 12:32:33.0648 4192 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 12:32:33.0648 4192 eeCtrl - ok 12:32:33.0695 4192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 12:32:33.0710 4192 elxstor - ok 12:32:33.0757 4192 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:32:33.0757 4192 EraserUtilRebootDrv - ok 12:32:33.0773 4192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:32:33.0773 4192 ErrDev - ok 12:32:33.0819 4192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:32:33.0819 4192 exfat - ok 12:32:33.0835 4192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:32:33.0851 4192 fastfat - ok 12:32:33.0882 4192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 12:32:33.0882 4192 fdc - ok 12:32:33.0913 4192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:32:33.0913 4192 FileInfo - ok 12:32:33.0944 4192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:32:33.0944 4192 Filetrace - ok 12:32:33.0960 4192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 12:32:33.0960 4192 flpydisk - ok 12:32:33.0991 4192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:32:33.0991 4192 FltMgr - ok 12:32:34.0022 4192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:32:34.0022 4192 FsDepends - ok 12:32:34.0038 4192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 12:32:34.0038 4192 Fs_Rec - ok 12:32:34.0069 4192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:32:34.0069 4192 fvevol - ok 12:32:34.0085 4192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:32:34.0085 4192 gagp30kx - ok 12:32:34.0116 4192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:32:34.0116 4192 GEARAspiWDM - ok 12:32:34.0178 4192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:32:34.0178 4192 hcw85cir - ok 12:32:34.0225 4192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:32:34.0241 4192 HdAudAddService - ok 12:32:34.0272 4192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:32:34.0272 4192 HDAudBus - ok 12:32:34.0287 4192 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 12:32:34.0287 4192 HECIx64 - ok 12:32:34.0303 4192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 12:32:34.0303 4192 HidBatt - ok 12:32:34.0350 4192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 12:32:34.0350 4192 HidBth - ok 12:32:34.0381 4192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 12:32:34.0381 4192 HidIr - ok 12:32:34.0397 4192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 12:32:34.0397 4192 HidUsb - ok 12:32:34.0412 4192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:32:34.0412 4192 HpSAMD - ok 12:32:34.0459 4192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:32:34.0459 4192 HTTP - ok 12:32:34.0490 4192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:32:34.0490 4192 hwpolicy - ok 12:32:34.0506 4192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 12:32:34.0506 4192 i8042prt - ok 12:32:34.0553 4192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:32:34.0553 4192 iaStorV - ok 12:32:34.0677 4192 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys 12:32:34.0677 4192 IDSVia64 - ok 12:32:34.0865 4192 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys 12:32:35.0005 4192 igfx - ok 12:32:35.0052 4192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 12:32:35.0052 4192 iirsp - ok 12:32:35.0161 4192 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys 12:32:35.0161 4192 int15.sys - ok 12:32:35.0223 4192 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys 12:32:35.0239 4192 IntcAzAudAddService - ok 12:32:35.0255 4192 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys 12:32:35.0270 4192 IntcDAud - ok 12:32:35.0270 4192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:32:35.0270 4192 intelide - ok 12:32:35.0301 4192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:32:35.0301 4192 intelppm - ok 12:32:35.0333 4192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:32:35.0333 4192 IpFilterDriver - ok 12:32:35.0364 4192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:32:35.0379 4192 IPMIDRV - ok 12:32:35.0411 4192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:32:35.0426 4192 IPNAT - ok 12:32:35.0457 4192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:32:35.0473 4192 IRENUM - ok 12:32:35.0473 4192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:32:35.0473 4192 isapnp - ok 12:32:35.0520 4192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:32:35.0520 4192 iScsiPrt - ok 12:32:35.0551 4192 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys 12:32:35.0551 4192 itecir - ok 12:32:35.0567 4192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 12:32:35.0567 4192 kbdclass - ok 12:32:35.0582 4192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:32:35.0582 4192 kbdhid - ok 12:32:35.0613 4192 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:32:35.0613 4192 KSecDD - ok 12:32:35.0629 4192 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:32:35.0629 4192 KSecPkg - ok 12:32:35.0645 4192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:32:35.0645 4192 ksthunk - ok 12:32:35.0691 4192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:32:35.0691 4192 lltdio - ok 12:32:35.0723 4192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:32:35.0738 4192 LSI_FC - ok 12:32:35.0738 4192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:32:35.0738 4192 LSI_SAS - ok 12:32:35.0754 4192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:32:35.0754 4192 LSI_SAS2 - ok 12:32:35.0785 4192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:32:35.0785 4192 LSI_SCSI - ok 12:32:35.0832 4192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:32:35.0832 4192 luafv - ok 12:32:35.0879 4192 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 12:32:35.0879 4192 MBAMProtector - ok 12:32:35.0910 4192 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys 12:32:35.0910 4192 MBfilt - ok 12:32:35.0925 4192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 12:32:35.0925 4192 megasas - ok 12:32:35.0941 4192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 12:32:35.0941 4192 MegaSR - ok 12:32:35.0957 4192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:32:35.0972 4192 Modem - ok 12:32:35.0988 4192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:32:35.0988 4192 monitor - ok 12:32:35.0988 4192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 12:32:35.0988 4192 mouclass - ok 12:32:36.0003 4192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:32:36.0003 4192 mouhid - ok 12:32:36.0050 4192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:32:36.0050 4192 mountmgr - ok 12:32:36.0066 4192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:32:36.0081 4192 mpio - ok 12:32:36.0113 4192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:32:36.0113 4192 mpsdrv - ok 12:32:36.0144 4192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:32:36.0144 4192 MRxDAV - ok 12:32:36.0191 4192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:32:36.0191 4192 mrxsmb - ok 12:32:36.0222 4192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:32:36.0222 4192 mrxsmb10 - ok 12:32:36.0253 4192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:32:36.0253 4192 mrxsmb20 - ok 12:32:36.0269 4192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:32:36.0269 4192 msahci - ok 12:32:36.0284 4192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:32:36.0284 4192 msdsm - ok 12:32:36.0315 4192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:32:36.0315 4192 Msfs - ok 12:32:36.0347 4192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:32:36.0347 4192 mshidkmdf - ok 12:32:36.0362 4192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:32:36.0362 4192 msisadrv - ok 12:32:36.0393 4192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:32:36.0393 4192 MSKSSRV - ok 12:32:36.0409 4192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:32:36.0409 4192 MSPCLOCK - ok 12:32:36.0425 4192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:32:36.0425 4192 MSPQM - ok 12:32:36.0471 4192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:32:36.0471 4192 MsRPC - ok 12:32:36.0487 4192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:32:36.0487 4192 mssmbios - ok 12:32:36.0503 4192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:32:36.0503 4192 MSTEE - ok 12:32:36.0518 4192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 12:32:36.0518 4192 MTConfig - ok 12:32:36.0534 4192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:32:36.0534 4192 Mup - ok 12:32:36.0565 4192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:32:36.0565 4192 NativeWifiP - ok 12:32:36.0643 4192 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS 12:32:36.0659 4192 NAVENG - ok 12:32:36.0721 4192 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS 12:32:36.0752 4192 NAVEX15 - ok 12:32:36.0799 4192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:32:36.0815 4192 NDIS - ok 12:32:36.0846 4192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:32:36.0846 4192 NdisCap - ok 12:32:36.0893 4192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:32:36.0893 4192 NdisTapi - ok 12:32:36.0924 4192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:32:36.0924 4192 Ndisuio - ok 12:32:36.0955 4192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:32:36.0955 4192 NdisWan - ok 12:32:36.0986 4192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:32:36.0986 4192 NDProxy - ok 12:32:37.0002 4192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:32:37.0002 4192 NetBIOS - ok 12:32:37.0033 4192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:32:37.0049 4192 NetBT - ok 12:32:37.0111 4192 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys 12:32:37.0111 4192 netr28x - ok 12:32:37.0158 4192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 12:32:37.0158 4192 nfrd960 - ok 12:32:37.0189 4192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:32:37.0205 4192 Npfs - ok 12:32:37.0220 4192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:32:37.0220 4192 nsiproxy - ok 12:32:37.0267 4192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:32:37.0298 4192 Ntfs - ok 12:32:37.0314 4192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:32:37.0314 4192 Null - ok 12:32:37.0345 4192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:32:37.0345 4192 nvraid - ok 12:32:37.0361 4192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:32:37.0361 4192 nvstor - ok 12:32:37.0423 4192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:32:37.0423 4192 nv_agp - ok 12:32:37.0439 4192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:32:37.0439 4192 ohci1394 - ok 12:32:37.0454 4192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 12:32:37.0454 4192 Parport - ok 12:32:37.0501 4192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 12:32:37.0501 4192 partmgr - ok 12:32:37.0517 4192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:32:37.0517 4192 pci - ok 12:32:37.0532 4192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:32:37.0532 4192 pciide - ok 12:32:37.0563 4192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 12:32:37.0563 4192 pcmcia - ok 12:32:37.0595 4192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:32:37.0595 4192 pcw - ok 12:32:37.0626 4192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:32:37.0641 4192 PEAUTH - ok 12:32:37.0704 4192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:32:37.0704 4192 PptpMiniport - ok 12:32:37.0704 4192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 12:32:37.0704 4192 Processor - ok 12:32:37.0751 4192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:32:37.0751 4192 Psched - ok 12:32:37.0813 4192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 12:32:37.0844 4192 ql2300 - ok 12:32:37.0844 4192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 12:32:37.0844 4192 ql40xx - ok 12:32:37.0875 4192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:32:37.0875 4192 QWAVEdrv - ok 12:32:37.0891 4192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:32:37.0891 4192 RasAcd - ok 12:32:37.0907 4192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:32:37.0907 4192 RasAgileVpn - ok 12:32:37.0938 4192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:32:37.0938 4192 Rasl2tp - ok 12:32:37.0953 4192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:32:37.0953 4192 RasPppoe - ok 12:32:37.0969 4192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:32:37.0969 4192 RasSstp - ok 12:32:38.0000 4192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:32:38.0000 4192 rdbss - ok 12:32:38.0016 4192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 12:32:38.0016 4192 rdpbus - ok 12:32:38.0031 4192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:32:38.0031 4192 RDPCDD - ok 12:32:38.0063 4192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:32:38.0063 4192 RDPENCDD - ok 12:32:38.0078 4192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:32:38.0078 4192 RDPREFMP - ok 12:32:38.0109 4192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 12:32:38.0109 4192 RDPWD - ok 12:32:38.0156 4192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:32:38.0156 4192 rdyboost - ok 12:32:38.0187 4192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:32:38.0187 4192 rspndr - ok 12:32:38.0234 4192 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys 12:32:38.0234 4192 RSUSBSTOR - ok 12:32:38.0250 4192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:32:38.0250 4192 sbp2port - ok 12:32:38.0297 4192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:32:38.0297 4192 scfilter - ok 12:32:38.0328 4192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:32:38.0328 4192 secdrv - ok 12:32:38.0359 4192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 12:32:38.0359 4192 Serenum - ok 12:32:38.0375 4192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 12:32:38.0375 4192 Serial - ok 12:32:38.0390 4192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 12:32:38.0390 4192 sermouse - ok 12:32:38.0406 4192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:32:38.0406 4192 sffdisk - ok 12:32:38.0421 4192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:32:38.0421 4192 sffp_mmc - ok 12:32:38.0421 4192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:32:38.0421 4192 sffp_sd - ok 12:32:38.0437 4192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 12:32:38.0437 4192 sfloppy - ok 12:32:38.0453 4192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:32:38.0453 4192 SiSRaid2 - ok 12:32:38.0468 4192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 12:32:38.0468 4192 SiSRaid4 - ok 12:32:38.0484 4192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:32:38.0484 4192 Smb - ok 12:32:38.0515 4192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:32:38.0515 4192 spldr - ok 12:32:38.0577 4192 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS 12:32:38.0593 4192 SRTSP - ok 12:32:38.0609 4192 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS 12:32:38.0609 4192 SRTSPX - ok 12:32:38.0655 4192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:32:38.0655 4192 srv - ok 12:32:38.0671 4192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:32:38.0687 4192 srv2 - ok 12:32:38.0687 4192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:32:38.0687 4192 srvnet - ok 12:32:38.0718 4192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 12:32:38.0718 4192 stexstor - ok 12:32:38.0733 4192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:32:38.0733 4192 swenum - ok 12:32:38.0780 4192 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS 12:32:38.0780 4192 SymDS - ok 12:32:38.0811 4192 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS 12:32:38.0827 4192 SymEFA - ok 12:32:38.0858 4192 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 12:32:38.0858 4192 SymEvent - ok 12:32:38.0889 4192 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS 12:32:38.0889 4192 SymIRON - ok 12:32:38.0921 4192 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS 12:32:38.0921 4192 SymNetS - ok 12:32:38.0999 4192 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 12:32:39.0030 4192 Tcpip - ok 12:32:39.0061 4192 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 12:32:39.0077 4192 TCPIP6 - ok 12:32:39.0108 4192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:32:39.0108 4192 tcpipreg - ok 12:32:39.0123 4192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:32:39.0123 4192 TDPIPE - ok 12:32:39.0155 4192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 12:32:39.0155 4192 TDTCP - ok 12:32:39.0201 4192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:32:39.0201 4192 tdx - ok 12:32:39.0217 4192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:32:39.0217 4192 TermDD - ok 12:32:39.0264 4192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:32:39.0264 4192 tssecsrv - ok 12:32:39.0311 4192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:32:39.0311 4192 TsUsbFlt - ok 12:32:39.0342 4192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:32:39.0342 4192 tunnel - ok 12:32:39.0373 4192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 12:32:39.0373 4192 uagp35 - ok 12:32:39.0420 4192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:32:39.0420 4192 udfs - ok 12:32:39.0435 4192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:32:39.0435 4192 uliagpkx - ok 12:32:39.0467 4192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 12:32:39.0467 4192 umbus - ok 12:32:39.0482 4192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 12:32:39.0482 4192 UmPass - ok 12:32:39.0513 4192 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 12:32:39.0529 4192 USBAAPL64 - ok 12:32:39.0545 4192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:32:39.0545 4192 usbccgp - ok 12:32:39.0576 4192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:32:39.0576 4192 usbcir - ok 12:32:39.0607 4192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:32:39.0607 4192 usbehci - ok 12:32:39.0623 4192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:32:39.0623 4192 usbhub - ok 12:32:39.0638 4192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:32:39.0638 4192 usbohci - ok 12:32:39.0669 4192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:32:39.0669 4192 usbprint - ok 12:32:39.0716 4192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:32:39.0716 4192 USBSTOR - ok 12:32:39.0716 4192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:32:39.0732 4192 usbuhci - ok 12:32:39.0763 4192 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 12:32:39.0763 4192 usbvideo - ok 12:32:39.0779 4192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:32:39.0779 4192 vdrvroot - ok 12:32:39.0794 4192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:32:39.0794 4192 vga - ok 12:32:39.0825 4192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:32:39.0841 4192 VgaSave - ok 12:32:39.0872 4192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:32:39.0872 4192 vhdmp - ok 12:32:39.0888 4192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:32:39.0888 4192 viaide - ok 12:32:39.0888 4192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:32:39.0888 4192 volmgr - ok 12:32:39.0935 4192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:32:39.0935 4192 volmgrx - ok 12:32:39.0966 4192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:32:39.0966 4192 volsnap - ok 12:32:39.0997 4192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 12:32:39.0997 4192 vsmraid - ok 12:32:40.0059 4192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:32:40.0059 4192 vwifibus - ok 12:32:40.0091 4192 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:32:40.0091 4192 vwififlt - ok 12:32:40.0122 4192 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 12:32:40.0122 4192 vwifimp - ok 12:32:40.0137 4192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 12:32:40.0137 4192 WacomPen - ok 12:32:40.0169 4192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:32:40.0169 4192 WANARP - ok 12:32:40.0169 4192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:32:40.0169 4192 Wanarpv6 - ok 12:32:40.0200 4192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 12:32:40.0200 4192 Wd - ok 12:32:40.0231 4192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:32:40.0231 4192 Wdf01000 - ok 12:32:40.0278 4192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:32:40.0278 4192 WfpLwf - ok 12:32:40.0309 4192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:32:40.0309 4192 WIMMount - ok 12:32:40.0356 4192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 12:32:40.0356 4192 WinUsb - ok 12:32:40.0387 4192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:32:40.0387 4192 WmiAcpi - ok 12:32:40.0403 4192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:32:40.0403 4192 ws2ifsl - ok 12:32:40.0434 4192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:32:40.0434 4192 WudfPf - ok 12:32:40.0465 4192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:32:40.0465 4192 WUDFRd - ok 12:32:40.0496 4192 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 12:32:40.0512 4192 xusb21 - ok 12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl 12:32:40.0605 4192 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok 12:32:40.0621 4192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:32:40.0668 4192 \Device\Harddisk0\DR0 - ok 12:32:40.0668 4192 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0 12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition0 - ok 12:32:40.0668 4192 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1 12:32:40.0668 4192 \Device\Harddisk0\DR0\Partition1 - ok 12:32:40.0683 4192 ============================================================ 12:32:40.0683 4192 Scan finished 12:32:40.0683 4192 ============================================================ 12:32:40.0683 4180 Detected object count: 0 12:32:40.0683 4180 Actual detected object count: 0 12:33:13.0927 4936 Deinitialize success
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Thanks for responding! Here it is: RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Carelessjon [Admin rights] Mode: Scan -- Date: 02/25/2012 06:23:47 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++ --- User --- [MBR] ebe60ec8dd1041ac5bb31652596469e4 [bSP] b650f728c07196848c923e7dac09c9d5 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Thanks for replying! Here are a few things I noted during this process: 1.The GMER scan ended saying something like "unable to find any..." and when I clicked "copy" and pasted it on a notepad, it pasted nothing. I tried clicking "save" instead and that produced a blank log. 2.After the ASWMBR scan, the "fix" button was enabled, but I did not click it. 3.After the TDSSKILLER scan was complete, there were two infections found one was set to cure and the other was set to skip. Seeing nothing of this in your instructions, I simply clicked continue. 4.Google no longer redirects me! svchost balloons no longer appear, however while I was running the GMER scan, I got a svchost quarantine pop-up from MBAM... aswmbr log: aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-02-25 04:54:22 ----------------------------- 04:54:22.091 OS Version: Windows x64 6.1.7601 Service Pack 1 04:54:22.091 Number of processors: 4 586 0x2502 04:54:22.091 ComputerName: CARELESSJON-PC UserName: Carelessjon 04:54:23.307 Initialize success 04:56:40.708 AVAST engine defs: 12022500 04:56:53.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 04:56:53.688 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 11 04:56:53.688 Device \Driver\atapi -> MajorFunction fffffa80052b15c4 04:56:53.688 Disk 0 MBR read successfully 04:56:53.688 Disk 0 MBR scan 04:56:53.703 Disk 0 MBR:Pihar-C [Rtk] 04:56:53.703 Disk 0 TDL4@MBR code has been found 04:56:53.703 Disk 0 Windows 7 default MBR code found via API 04:56:53.703 Disk 0 MBR hidden 04:56:53.719 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048 04:56:53.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176 04:56:53.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596042 MB offset 29566976 04:56:53.734 Disk 0 MBR [TDL4] **ROOTKIT** 04:56:54.202 Scan finished successfully 04:57:19.568 Disk 0 MBR has been saved successfully to "C:\Users\Carelessjon\Desktop\MBR.dat" 04:57:19.568 The log file has been saved successfully to "C:\Users\Carelessjon\Desktop\aswMBR.txt" TDSSKILLER log: 04:59:13.0708 1360 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 04:59:14.0238 1360 ============================================================ 04:59:14.0238 1360 Current date / time: 2012/02/25 04:59:14.0238 04:59:14.0238 1360 SystemInfo: 04:59:14.0238 1360 04:59:14.0238 1360 OS Version: 6.1.7601 ServicePack: 1.0 04:59:14.0238 1360 Product type: Workstation 04:59:14.0238 1360 ComputerName: CARELESSJON-PC 04:59:14.0238 1360 UserName: Carelessjon 04:59:14.0238 1360 Windows directory: C:\Windows 04:59:14.0238 1360 System windows directory: C:\Windows 04:59:14.0238 1360 Running under WOW64 04:59:14.0238 1360 Processor architecture: Intel x64 04:59:14.0238 1360 Number of processors: 4 04:59:14.0238 1360 Page size: 0x1000 04:59:14.0238 1360 Boot type: Normal boot 04:59:14.0238 1360 ============================================================ 04:59:15.0112 1360 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 04:59:15.0112 1360 \Device\Harddisk0\DR0: 04:59:15.0112 1360 MBR used 04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 04:59:15.0112 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000 04:59:15.0143 1360 Initialize success 04:59:15.0143 1360 ============================================================ 04:59:38.0481 4660 ============================================================ 04:59:38.0481 4660 Scan started 04:59:38.0481 4660 Mode: Manual; SigCheck; TDLFS; 04:59:38.0481 4660 ============================================================ 04:59:39.0120 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 04:59:39.0183 4660 1394ohci - ok 04:59:39.0214 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 04:59:39.0230 4660 ACPI - ok 04:59:39.0230 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 04:59:39.0308 4660 AcpiPmi - ok 04:59:39.0339 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 04:59:39.0354 4660 adp94xx - ok 04:59:39.0386 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 04:59:39.0401 4660 adpahci - ok 04:59:39.0401 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 04:59:39.0417 4660 adpu320 - ok 04:59:39.0464 4660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 04:59:39.0526 4660 AFD - ok 04:59:39.0557 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 04:59:39.0573 4660 agp440 - ok 04:59:39.0588 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 04:59:39.0588 4660 aliide - ok 04:59:39.0604 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 04:59:39.0620 4660 amdide - ok 04:59:39.0620 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 04:59:39.0682 4660 AmdK8 - ok 04:59:39.0682 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 04:59:39.0729 4660 AmdPPM - ok 04:59:39.0729 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 04:59:39.0744 4660 amdsata - ok 04:59:39.0760 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 04:59:39.0760 4660 amdsbs - ok 04:59:39.0791 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 04:59:39.0807 4660 amdxata - ok 04:59:39.0822 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 04:59:39.0963 4660 AppID - ok 04:59:40.0025 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 04:59:40.0025 4660 arc - ok 04:59:40.0041 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 04:59:40.0056 4660 arcsas - ok 04:59:40.0088 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 04:59:40.0212 4660 AsyncMac - ok 04:59:40.0244 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 04:59:40.0259 4660 atapi - ok 04:59:40.0322 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 04:59:40.0368 4660 b06bdrv - ok 04:59:40.0415 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 04:59:40.0446 4660 b57nd60a - ok 04:59:40.0493 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 04:59:40.0540 4660 Beep - ok 04:59:40.0680 4660 BHDrvx64 (41da5845e1f8af445bd626cf085c4541) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys 04:59:40.0743 4660 BHDrvx64 - ok 04:59:40.0774 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 04:59:40.0821 4660 blbdrive - ok 04:59:40.0883 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 04:59:40.0930 4660 bowser - ok 04:59:40.0961 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 04:59:40.0992 4660 BrFiltLo - ok 04:59:41.0039 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 04:59:41.0055 4660 BrFiltUp - ok 04:59:41.0070 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 04:59:41.0117 4660 Brserid - ok 04:59:41.0148 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 04:59:41.0164 4660 BrSerWdm - ok 04:59:41.0180 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 04:59:41.0211 4660 BrUsbMdm - ok 04:59:41.0211 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 04:59:41.0242 4660 BrUsbSer - ok 04:59:41.0242 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 04:59:41.0273 4660 BTHMODEM - ok 04:59:41.0336 4660 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys 04:59:41.0351 4660 ccSet_NIS - ok 04:59:41.0382 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 04:59:41.0429 4660 cdfs - ok 04:59:41.0476 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 04:59:41.0523 4660 cdrom - ok 04:59:41.0570 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 04:59:41.0601 4660 circlass - ok 04:59:41.0648 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 04:59:41.0679 4660 CLFS - ok 04:59:41.0897 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 04:59:41.0960 4660 CmBatt - ok 04:59:41.0975 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 04:59:41.0975 4660 cmdide - ok 04:59:42.0022 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 04:59:42.0038 4660 CNG - ok 04:59:42.0053 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 04:59:42.0069 4660 Compbatt - ok 04:59:42.0100 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 04:59:42.0131 4660 CompositeBus - ok 04:59:42.0147 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 04:59:42.0147 4660 crcdisk - ok 04:59:42.0209 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 04:59:42.0287 4660 DfsC - ok 04:59:42.0318 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 04:59:42.0381 4660 discache - ok 04:59:42.0428 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 04:59:42.0428 4660 Disk - ok 04:59:42.0474 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 04:59:42.0490 4660 drmkaud - ok 04:59:42.0537 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 04:59:42.0584 4660 DXGKrnl - ok 04:59:42.0615 4660 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys 04:59:42.0615 4660 e1kexpress - ok 04:59:42.0646 4660 EagleX64 - ok 04:59:42.0740 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 04:59:42.0833 4660 ebdrv - ok 04:59:42.0911 4660 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 04:59:42.0927 4660 eeCtrl - ok 04:59:42.0974 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 04:59:42.0989 4660 elxstor - ok 04:59:43.0052 4660 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 04:59:43.0052 4660 EraserUtilRebootDrv - ok 04:59:43.0067 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 04:59:43.0114 4660 ErrDev - ok 04:59:43.0161 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 04:59:43.0208 4660 exfat - ok 04:59:43.0239 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 04:59:43.0286 4660 fastfat - ok 04:59:43.0317 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 04:59:43.0348 4660 fdc - ok 04:59:43.0395 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 04:59:43.0395 4660 FileInfo - ok 04:59:43.0410 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 04:59:43.0473 4660 Filetrace - ok 04:59:43.0488 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 04:59:43.0504 4660 flpydisk - ok 04:59:43.0535 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 04:59:43.0551 4660 FltMgr - ok 04:59:43.0582 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 04:59:43.0582 4660 FsDepends - ok 04:59:43.0598 4660 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 04:59:43.0598 4660 Fs_Rec - ok 04:59:43.0644 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 04:59:43.0644 4660 fvevol - ok 04:59:43.0676 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 04:59:43.0691 4660 gagp30kx - ok 04:59:43.0707 4660 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 04:59:43.0722 4660 GEARAspiWDM - ok 04:59:43.0769 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 04:59:43.0816 4660 hcw85cir - ok 04:59:43.0863 4660 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 04:59:43.0878 4660 HdAudAddService - ok 04:59:43.0925 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 04:59:43.0972 4660 HDAudBus - ok 04:59:44.0003 4660 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 04:59:44.0003 4660 HECIx64 - ok 04:59:44.0019 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 04:59:44.0019 4660 HidBatt - ok 04:59:44.0050 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 04:59:44.0175 4660 HidBth - ok 04:59:44.0206 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 04:59:44.0222 4660 HidIr - ok 04:59:44.0253 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 04:59:44.0284 4660 HidUsb - ok 04:59:44.0300 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 04:59:44.0315 4660 HpSAMD - ok 04:59:44.0362 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 04:59:44.0424 4660 HTTP - ok 04:59:44.0456 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 04:59:44.0456 4660 hwpolicy - ok 04:59:44.0502 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 04:59:44.0518 4660 i8042prt - ok 04:59:44.0534 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 04:59:44.0549 4660 iaStorV - ok 04:59:44.0643 4660 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys 04:59:44.0658 4660 IDSVia64 - ok 04:59:44.0830 4660 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys 04:59:45.0111 4660 igfx - ok 04:59:45.0158 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 04:59:45.0158 4660 iirsp - ok 04:59:45.0267 4660 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys 04:59:45.0282 4660 int15.sys - ok 04:59:45.0345 4660 IntcAzAudAddService (935faa1a0af889f1ef46be55666100d0) C:\Windows\system32\drivers\RTKVHD64.sys 04:59:45.0407 4660 IntcAzAudAddService - ok 04:59:45.0438 4660 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys 04:59:45.0485 4660 IntcDAud - ok 04:59:45.0501 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 04:59:45.0501 4660 intelide - ok 04:59:45.0516 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 04:59:45.0548 4660 intelppm - ok 04:59:45.0579 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 04:59:45.0641 4660 IpFilterDriver - ok 04:59:45.0657 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 04:59:45.0672 4660 IPMIDRV - ok 04:59:45.0704 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 04:59:45.0766 4660 IPNAT - ok 04:59:45.0813 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 04:59:45.0844 4660 IRENUM - ok 04:59:45.0860 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 04:59:45.0875 4660 isapnp - ok 04:59:45.0891 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 04:59:45.0906 4660 iScsiPrt - ok 04:59:45.0938 4660 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys 04:59:45.0938 4660 itecir - ok 04:59:45.0969 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 04:59:45.0969 4660 kbdclass - ok 04:59:45.0984 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 04:59:46.0000 4660 kbdhid - ok 04:59:46.0016 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 04:59:46.0031 4660 KSecDD - ok 04:59:46.0062 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 04:59:46.0062 4660 KSecPkg - ok 04:59:46.0078 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 04:59:46.0140 4660 ksthunk - ok 04:59:46.0172 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 04:59:46.0234 4660 lltdio - ok 04:59:46.0296 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 04:59:46.0312 4660 LSI_FC - ok 04:59:46.0328 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 04:59:46.0328 4660 LSI_SAS - ok 04:59:46.0343 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 04:59:46.0343 4660 LSI_SAS2 - ok 04:59:46.0359 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 04:59:46.0374 4660 LSI_SCSI - ok 04:59:46.0390 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 04:59:46.0452 4660 luafv - ok 04:59:46.0515 4660 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 04:59:46.0530 4660 MBAMProtector - ok 04:59:46.0562 4660 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys 04:59:46.0562 4660 MBfilt - ok 04:59:46.0577 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 04:59:46.0593 4660 megasas - ok 04:59:46.0624 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 04:59:46.0640 4660 MegaSR - ok 04:59:46.0671 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 04:59:46.0718 4660 Modem - ok 04:59:46.0749 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 04:59:46.0796 4660 monitor - ok 04:59:46.0811 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 04:59:46.0827 4660 mouclass - ok 04:59:46.0827 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 04:59:46.0874 4660 mouhid - ok 04:59:46.0905 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 04:59:46.0905 4660 mountmgr - ok 04:59:46.0952 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 04:59:46.0967 4660 mpio - ok 04:59:46.0998 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 04:59:47.0045 4660 mpsdrv - ok 04:59:47.0092 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 04:59:47.0139 4660 MRxDAV - ok 04:59:47.0186 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 04:59:47.0248 4660 mrxsmb - ok 04:59:47.0279 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 04:59:47.0310 4660 mrxsmb10 - ok 04:59:47.0326 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 04:59:47.0342 4660 mrxsmb20 - ok 04:59:47.0357 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 04:59:47.0373 4660 msahci - ok 04:59:47.0373 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 04:59:47.0388 4660 msdsm - ok 04:59:47.0420 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 04:59:47.0451 4660 Msfs - ok 04:59:47.0466 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 04:59:47.0498 4660 mshidkmdf - ok 04:59:47.0513 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 04:59:47.0529 4660 msisadrv - ok 04:59:47.0544 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 04:59:47.0607 4660 MSKSSRV - ok 04:59:47.0638 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 04:59:47.0685 4660 MSPCLOCK - ok 04:59:47.0716 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 04:59:47.0778 4660 MSPQM - ok 04:59:47.0810 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 04:59:47.0825 4660 MsRPC - ok 04:59:47.0841 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 04:59:47.0856 4660 mssmbios - ok 04:59:47.0856 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 04:59:47.0919 4660 MSTEE - ok 04:59:47.0934 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 04:59:47.0950 4660 MTConfig - ok 04:59:47.0981 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 04:59:47.0997 4660 Mup - ok 04:59:48.0012 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 04:59:48.0059 4660 NativeWifiP - ok 04:59:48.0153 4660 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\ENG64.SYS 04:59:48.0153 4660 NAVENG - ok 04:59:48.0231 4660 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111214.001\EX64.SYS 04:59:48.0293 4660 NAVEX15 - ok 04:59:48.0340 4660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 04:59:48.0371 4660 NDIS - ok 04:59:48.0387 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 04:59:48.0449 4660 NdisCap - ok 04:59:48.0480 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 04:59:48.0527 4660 NdisTapi - ok 04:59:48.0574 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 04:59:48.0636 4660 Ndisuio - ok 04:59:48.0668 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 04:59:48.0730 4660 NdisWan - ok 04:59:48.0777 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 04:59:48.0824 4660 NDProxy - ok 04:59:48.0855 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 04:59:48.0886 4660 NetBIOS - ok 04:59:48.0902 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 04:59:48.0948 4660 NetBT - ok 04:59:49.0026 4660 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys 04:59:49.0058 4660 netr28x - ok 04:59:49.0104 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 04:59:49.0104 4660 nfrd960 - ok 04:59:49.0151 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 04:59:49.0198 4660 Npfs - ok 04:59:49.0229 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 04:59:49.0276 4660 nsiproxy - ok 04:59:49.0338 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 04:59:49.0385 4660 Ntfs - ok 04:59:49.0401 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 04:59:49.0463 4660 Null - ok 04:59:49.0510 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 04:59:49.0510 4660 nvraid - ok 04:59:49.0526 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 04:59:49.0541 4660 nvstor - ok 04:59:49.0572 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 04:59:49.0588 4660 nv_agp - ok 04:59:49.0604 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 04:59:49.0635 4660 ohci1394 - ok 04:59:49.0650 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 04:59:49.0666 4660 Parport - ok 04:59:49.0697 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 04:59:49.0697 4660 partmgr - ok 04:59:49.0713 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 04:59:49.0728 4660 pci - ok 04:59:49.0744 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 04:59:49.0744 4660 pciide - ok 04:59:49.0791 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 04:59:49.0791 4660 pcmcia - ok 04:59:49.0838 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 04:59:49.0838 4660 pcw - ok 04:59:49.0869 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 04:59:49.0947 4660 PEAUTH - ok 04:59:50.0009 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 04:59:50.0087 4660 PptpMiniport - ok 04:59:50.0087 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 04:59:50.0103 4660 Processor - ok 04:59:50.0165 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 04:59:50.0212 4660 Psched - ok 04:59:50.0259 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 04:59:50.0306 4660 ql2300 - ok 04:59:50.0321 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 04:59:50.0337 4660 ql40xx - ok 04:59:50.0352 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 04:59:50.0399 4660 QWAVEdrv - ok 04:59:50.0415 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 04:59:50.0462 4660 RasAcd - ok 04:59:50.0493 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 04:59:50.0524 4660 RasAgileVpn - ok 04:59:50.0540 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 04:59:50.0602 4660 Rasl2tp - ok 04:59:50.0633 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 04:59:50.0696 4660 RasPppoe - ok 04:59:50.0727 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 04:59:50.0758 4660 RasSstp - ok 04:59:50.0789 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 04:59:50.0852 4660 rdbss - ok 04:59:50.0867 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 04:59:50.0883 4660 rdpbus - ok 04:59:50.0914 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 04:59:50.0961 4660 RDPCDD - ok 04:59:50.0976 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 04:59:51.0039 4660 RDPENCDD - ok 04:59:51.0070 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 04:59:51.0101 4660 RDPREFMP - ok 04:59:51.0132 4660 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 04:59:51.0164 4660 RDPWD - ok 04:59:51.0195 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 04:59:51.0210 4660 rdyboost - ok 04:59:51.0242 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 04:59:51.0288 4660 rspndr - ok 04:59:51.0351 4660 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys 04:59:51.0366 4660 RSUSBSTOR - ok 04:59:51.0382 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 04:59:51.0382 4660 sbp2port - ok 04:59:51.0444 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 04:59:51.0476 4660 scfilter - ok 04:59:51.0507 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 04:59:51.0554 4660 secdrv - ok 04:59:51.0569 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 04:59:51.0585 4660 Serenum - ok 04:59:51.0616 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 04:59:51.0632 4660 Serial - ok 04:59:51.0647 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 04:59:51.0678 4660 sermouse - ok 04:59:51.0694 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 04:59:51.0710 4660 sffdisk - ok 04:59:51.0725 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 04:59:51.0741 4660 sffp_mmc - ok 04:59:51.0756 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 04:59:51.0772 4660 sffp_sd - ok 04:59:51.0772 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 04:59:51.0788 4660 sfloppy - ok 04:59:51.0819 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 04:59:51.0819 4660 SiSRaid2 - ok 04:59:51.0834 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 04:59:51.0850 4660 SiSRaid4 - ok 04:59:51.0866 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 04:59:51.0897 4660 Smb - ok 04:59:51.0928 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 04:59:51.0944 4660 spldr - ok 04:59:52.0006 4660 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS 04:59:52.0037 4660 SRTSP - ok 04:59:52.0053 4660 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS 04:59:52.0053 4660 SRTSPX - ok 04:59:52.0084 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 04:59:52.0100 4660 srv - ok 04:59:52.0131 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 04:59:52.0209 4660 srv2 - ok 04:59:52.0240 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 04:59:52.0271 4660 srvnet - ok 04:59:52.0334 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 04:59:52.0349 4660 stexstor - ok 04:59:52.0396 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 04:59:52.0412 4660 swenum - ok 04:59:52.0474 4660 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS 04:59:52.0490 4660 SymDS - ok 04:59:52.0536 4660 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS 04:59:52.0568 4660 SymEFA - ok 04:59:52.0599 4660 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 04:59:52.0614 4660 SymEvent - ok 04:59:52.0646 4660 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS 04:59:52.0646 4660 SymIRON - ok 04:59:52.0677 4660 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS 04:59:52.0692 4660 SymNetS - ok 04:59:52.0739 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 04:59:52.0802 4660 Tcpip - ok 04:59:52.0833 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 04:59:52.0864 4660 TCPIP6 - ok 04:59:52.0895 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 04:59:52.0942 4660 tcpipreg - ok 04:59:52.0989 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 04:59:53.0036 4660 TDPIPE - ok 04:59:53.0067 4660 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 04:59:53.0145 4660 TDTCP - ok 04:59:53.0192 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 04:59:53.0223 4660 tdx - ok 04:59:53.0270 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 04:59:53.0270 4660 TermDD - ok 04:59:53.0301 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 04:59:53.0348 4660 tssecsrv - ok 04:59:53.0426 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 04:59:53.0441 4660 TsUsbFlt - ok 04:59:53.0472 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 04:59:53.0519 4660 tunnel - ok 04:59:53.0550 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 04:59:53.0550 4660 uagp35 - ok 04:59:53.0597 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 04:59:53.0628 4660 udfs - ok 04:59:53.0644 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 04:59:53.0660 4660 uliagpkx - ok 04:59:53.0675 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 04:59:53.0722 4660 umbus - ok 04:59:53.0738 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 04:59:53.0784 4660 UmPass - ok 04:59:53.0816 4660 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 04:59:53.0862 4660 USBAAPL64 - ok 04:59:53.0894 4660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 04:59:53.0909 4660 usbccgp - ok 04:59:53.0940 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 04:59:53.0956 4660 usbcir - ok 04:59:53.0987 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 04:59:54.0003 4660 usbehci - ok 04:59:54.0034 4660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 04:59:54.0065 4660 usbhub - ok 04:59:54.0081 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 04:59:54.0096 4660 usbohci - ok 04:59:54.0112 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 04:59:54.0128 4660 usbprint - ok 04:59:54.0159 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 04:59:54.0206 4660 USBSTOR - ok 04:59:54.0206 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 04:59:54.0237 4660 usbuhci - ok 04:59:54.0284 4660 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 04:59:54.0299 4660 usbvideo - ok 04:59:54.0330 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 04:59:54.0346 4660 vdrvroot - ok 04:59:54.0362 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 04:59:54.0377 4660 vga - ok 04:59:54.0408 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 04:59:54.0471 4660 VgaSave - ok 04:59:54.0486 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 04:59:54.0502 4660 vhdmp - ok 04:59:54.0502 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 04:59:54.0518 4660 viaide - ok 04:59:54.0518 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 04:59:54.0533 4660 volmgr - ok 04:59:54.0564 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 04:59:54.0580 4660 volmgrx - ok 04:59:54.0611 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 04:59:54.0611 4660 volsnap - ok 04:59:54.0658 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 04:59:54.0658 4660 vsmraid - ok 04:59:54.0720 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 04:59:54.0752 4660 vwifibus - ok 04:59:54.0798 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 04:59:54.0830 4660 vwififlt - ok 04:59:54.0876 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 04:59:54.0892 4660 vwifimp - ok 04:59:54.0908 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 04:59:54.0939 4660 WacomPen - ok 04:59:54.0986 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 04:59:55.0032 4660 WANARP - ok 04:59:55.0064 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 04:59:55.0095 4660 Wanarpv6 - ok 04:59:55.0110 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 04:59:55.0126 4660 Wd - ok 04:59:55.0157 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 04:59:55.0173 4660 Wdf01000 - ok 04:59:55.0204 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 04:59:55.0235 4660 WfpLwf - ok 04:59:55.0266 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 04:59:55.0266 4660 WIMMount - ok 04:59:55.0298 4660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 04:59:55.0329 4660 WinUsb - ok 04:59:55.0376 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 04:59:55.0391 4660 WmiAcpi - ok 04:59:55.0422 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 04:59:55.0454 4660 ws2ifsl - ok 04:59:55.0485 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 04:59:55.0532 4660 WudfPf - ok 04:59:55.0578 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 04:59:55.0625 4660 WUDFRd - ok 04:59:55.0656 4660 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 04:59:55.0688 4660 xusb21 - ok 04:59:55.0766 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerCinema Movie\000.fcl 04:59:55.0781 4660 {60DB6561-0A84-4c94-AF33-288405CFD56D} - ok 04:59:55.0797 4660 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0 04:59:55.0812 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 04:59:55.0812 4660 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 04:59:55.0844 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 04:59:55.0844 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1) 04:59:55.0859 4660 Boot (0x1200) (69f1d6595ccff5ed5e003954c3ddf376) \Device\Harddisk0\DR0\Partition0 04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition0 - ok 04:59:55.0875 4660 Boot (0x1200) (f91a56594bb57a1e167718f5df3c7eac) \Device\Harddisk0\DR0\Partition1 04:59:55.0875 4660 \Device\Harddisk0\DR0\Partition1 - ok 04:59:55.0875 4660 ============================================================ 04:59:55.0875 4660 Scan finished 04:59:55.0875 4660 ============================================================ 04:59:55.0875 4460 Detected object count: 2 04:59:55.0875 4460 Actual detected object count: 2 05:01:20.0818 4460 \Device\Harddisk0\DR0\# - copied to quarantine 05:01:20.0818 4460 \Device\Harddisk0\DR0 - copied to quarantine 05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 05:01:20.0833 4460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 05:01:20.0849 4460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 05:01:20.0865 4460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 05:01:20.0880 4460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 05:01:20.0911 4460 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 05:01:20.0911 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 05:01:20.0911 4460 \Device\Harddisk0\DR0 - ok 05:01:21.0114 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 05:01:21.0114 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 05:01:37.0136 1364 Deinitialize success GMER log: SilentRunners log: "Silent Runners.vbs", revision 63, http://www.silentrunners.org/ Operating System: Windows 7 SP1 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "swg" = ""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "TouchORB" = "C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe" ["Acer Corp."] "RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ["Realtek Semiconductor"] "TouchPortal" = "C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe" [null data] "RunDLLEntry_THXCfg" = "C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64" [MS] "AdobeAAMUpdater-1.0" = ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"] "IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"] "Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider" -> {HKLM...CLSID} = "WLIDCredentialProvider" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" -> {HKLM...CLSID} = "GraphicsShellExt Class" \InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = ""C:\Program Files (x86)\Norton Internet Security\Engine64\19.5.0.145\NavShExt.dll"" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" ["Alexander Roshal"] Default executables: -------------------- HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile" <<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoActiveDesktop" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Carelessjon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DVDDecrypterPlayDVDMovieOnArrival\ "Provider" = "DVD Decrypter" "InvokeProgID" = "DVDDecrypter" "InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt" HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] MSLivePhotoAcquireDropHandler\ "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll" [MS] MSPlayCDAudioOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.AudioCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS] MSPlayDVDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.DVD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS] MSPlaySuperVideoCDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.VCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS] MSPlayVideoCDMovieOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.VCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS] MSTPCollageHandler\ "Provider" = "@C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\TouchpackShellResources.dll,-117" "InvokeProgID" = "Microsoft.Surface.TouchApps.Collage.1.0" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Surface.TouchApps.Collage.1.0\shell\open\command\(Default) = ""C:\Program Files (x86)\Microsoft Touch Pack for Windows 7\Collage.exe" "%1"" [null data] MSWMPBurnCDOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.BurnCD" "InvokeVerb" = "Burn" HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L"" [MS] NeroAutoPlay9CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay9CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy" ["Nero AG"] NeroAutoPlay9DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay9LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] PCinemaPlayCDAudioOnArrival\ "Provider" = "PowerCinema" "InvokeProgID" = "AudioCD" "InvokeVerb" = "PlayWithPowerCinema" HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."] PCMMoviePlayBluRayOnArrival\ "Provider" = "PowerCinema" "InvokeProgID" = "BD" "InvokeVerb" = "PlayWithPCMMovie" HKLM\SOFTWARE\Classes\BD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."] PCMMoviePlayDVDMovieOnArrival\ "Provider" = "PowerCinema" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPCMMovie" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."] PCMMoviePlaySVCDOnArrival\ "Provider" = "PowerCinema" "InvokeProgID" = "SVCD" "InvokeVerb" = "PlayWithPCMMovie" HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" "%L"" ["CyberLink Corp."] PCMMoviePlayVCDMovieOnArrival\ "Provider" = "PowerCinema" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithPCMMovie" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPCMMovie\Command\(Default) = ""C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"] VLCPlayDVDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.OPENFolder" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"] VLCPlayMusicFilesOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.OPENFolder" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"] VLCPlaySVCDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.SVCDMovie" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"] VLCPlayVCDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.VCDMovie" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"] VLCPlayVideoFilesOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.OPENFolder" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"] Non-disabled Scheduled Tasks: ----------------------------- C:\Users\Carelessjon\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Windows\System32\Tasks "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "Norton WSC Integration" -> (HIDDEN!) launches: ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe" /taskschd" ["Symantec Corporation"] "SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe /addGadget" [MS] "{20AE7520-2D03-45B6-BE7D-9CA1891CD077}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\BITTOR~2\UNWISE.EXE -c /U C:\PROGRA~2\BITTOR~2\INSTALL.LOG" [MS] "{47DE368C-76A2-4183-9E97-921C121DDFC1}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall" [MS] "{94FFBEEF-134C-457E-B93F-E5AB77B6B09E}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Carelessjon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYMU1UKO\258.96_desktop_win7_winvista_64bit_english_whql[1].exe" -d C:\Users\Carelessjon\Desktop" [MS] C:\Windows\System32\Tasks\Apple "AppleSoftwareUpdate" -> launches: "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience "AitAgent" -> launches: "aitagent" [MS] "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "KernelCeipCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS] "Uploader" -> launches: "%windir%\system32\WSqmCons.exe -u" [MS] "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}" -> {HKLM...CLSID} = "UsbCeip" \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}" -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}" -> {HKLM...CLSID} = "WinSAT Task Manger Task" \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS] "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS] "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS] "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS] "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS] "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS] "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS] "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS] "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS] "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS] "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS] "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS] "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS] "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS] "StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace "GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack "BackgroundConfigSurveyor" -> (HIDDEN!) launches: "{EA9155A3-8A39-40b4-8963-D3C761B18371}" -> {HKLM...CLSID} = "PerfTrack TaskHandler class" \InProcServer32\(Default) = "C:\Windows\System32\perftrack.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}" -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler" \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}" -> {HKLM...CLSID} = "RasMobilityManager" \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}" -> {HKLM...CLSID} = "RegistryIdleBackupHandler" \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC "InputPersonalization" -> launches: "%CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}" -> {HKLM...CLSID} = "RunTask" \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies "ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS] "ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing "UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE "Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"" [inProcServer32 entry not found] C:\Windows\System32\Tasks\Norton Internet Security "Norton Error Analyzer" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /analyze" ["Symantec Corporation"] "Norton Error Processor" -> launches: "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe /submit" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000006\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000007\LibraryPath = "C:\Program Files (x86)\Bonjour\mdnsNSP.dll" ["Apple Inc."] 000000000008\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000009\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ["Google Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."] Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] GRegService, Greg_Service, "C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe" ["Acer Incorporated"] Intel® Management & Security Application User Notification Service, UNS, ""C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"" ["Intel Corporation"] Intel® Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" ["Intel Corporation"] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"] Norton Internet Security, NIS, ""C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1" ["Symantec Corporation"] Updater Service, Updater Service, "C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe" ["Acer Group"] vToolbarUpdater, vToolbarUpdater, "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe" [null data] Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS] ---------- (launch time: 2012-02-25 05:39:24) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 33 seconds, including 18 seconds for message boxes)
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Thank you for continuing to help me! Strange. I uninstalled/deleted bittorrent months ago.. Anyway, I deleted all files(about 4) that popped up when I searched my computer for "torrent," and double-checked to see if bittorrent was still in my system somewhere.(It wasn't.) As for the Norton problem, I have not downloaded any replacements for it. Unless Malwarebytes or SpybotS&D count? And now the logs: OTLMoved Files log: ========== PROCESSES ========== All processes killed ========== FILES ========== C:\Windows\svchost.exe moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Carelessjon ->Flash cache emptied: 25025 bytes User: Default ->Flash cache emptied: 56466 bytes User: Default User ->Flash cache emptied: 0 bytes User: Guest ->Flash cache emptied: 8197508 bytes User: Public Total Flash Files Cleaned = 8.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02242012_183051 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ESET scan log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1001863ced58ea4fbc46e7708c1d6056 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-25 06:30:21 # local_time=2012-02-24 08:30:21 (-1000, Hawaiian Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 0 81690316 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=324498 # found=25 # cleaned=25 # scan_time=4576 C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RPEU5A5.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\$Recycle.Bin\S-1-5-21-368538222-2643626402-1821840259-1000\$RX7TA7M.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Carelessjon\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\Temp\Temporary Internet Files\Content.IE5\BUJXF5AO\a012aef2fa691f6a511f19f61cdaff7f[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C MBAM log: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.25.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Carelessjon :: CARELESSJON-PC [administrator] Protection: Disabled 2/24/2012 8:35:54 PM mbam-log-2012-02-24 (20-35-54).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 496732 Time elapsed: 54 minute(s), 40 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 5380 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) Yup, still getting the svchost baloons.
Svchost.exe does not go away.

Jonkiote replied to Jonkiote's topic in Resolved Malware Removal Logs

Sorry for posting again, but I also noticed these logs keep listing Norton with my antivirus/firewall. As soon as the trial expired, I did not ever use Norton again. Should I just delete it? Or is it still helping?

Sign In

Jonkiote

Posts

Joined

Last visited

Reputation

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Svchost.exe does not go away.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information