Trojan Agent in SVCHOST.EXE

[dmaier]

I have not been able to remove the Trojan Agent in svchost.exe

Can anyone help me on how to fix this. Here is the DDS log and I have attached the attach file.

Thanks in advance for any help

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_27

Run by maierdg at 8:01:12 on 2012-01-16

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4084.3522 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://theredzone.org/start.html

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=C:\Windows\SysWOW64\Userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRunOnce: [*NMRUI] "C:\Users\Melanie\Desktop\NPE.exe" /POSTADVSCAN

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a

mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm

IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: bmnet.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LB/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{44983826-B96D-483B-B502-983A02AB6905} : DhcpNameServer = 192.168.1.254

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a

mRun-x64: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-23 1157240]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSviA64.sys [2012-1-13 488568]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1caafe4d0bdac00;Google Update Service (gupdate1caafe4d0bdac00);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-17 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2012-1-15 130008]

S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

S3 bcm;Beceem Communications Inc. Tarang3;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]

S3 bcmbusctr;Beceem Devices' Enumerator;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]

S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-9-10 124224]

S3 cm_ser;C-motech USB Serial Port2 Driver;C:\Windows\system32\DRIVERS\cm_ser.sys --> C:\Windows\system32\DRIVERS\cm_ser.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-17 133104]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-29 93184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-16 00:37:51 -------- d-----w- C:\Users\maierdg\AppData\Roaming\Tific

2012-01-16 00:28:52 96376 ----a-w- C:\Windows\System32\drivers\SMR210.SYS

2012-01-16 00:28:44 -------- d-----w- C:\Users\maierdg\AppData\Local\NPE

2012-01-16 00:18:36 34288 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-01-16 00:17:57 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys

2012-01-16 00:17:57 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys

2012-01-16 00:17:57 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys

2012-01-16 00:17:57 432760 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symtdiv.sys

2012-01-16 00:17:57 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys

2012-01-16 00:17:57 382584 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys

2012-01-16 00:17:56 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys

2012-01-16 00:17:48 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D

2012-01-09 18:00:58 20480 ----a-w- C:\Windows\svchost.exe

.

==================== Find3M ====================

.

2012-01-16 00:18:34 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-01-14 13:05:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-15 22:13:50 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-12-15 22:13:49 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-12-15 22:13:49 34688 ----a-w- C:\Windows\System32\LMIport.dll

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 8:02:13.66 ===============

attach.txt

[dmaier]

zzzzzzzzzzzzzzzz

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[dmaier]

I just updated Malwarebytes and ran a scan. Below is the log. When I reboot Malwarebytes loads other than that, I just get the message there is a Trojan in svchost.exe

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.20.04

Windows Vista Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.19088

Melanie :: MELANIE-PC [limited]

1/20/2012 8:06:18 PM

mbam-log-2012-01-20 (20-06-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 153948

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

[LDTate]

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[dmaier]

Here are the results from TDSKiller:

08:46:42.0771 5816 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04

08:46:43.0458 5816 ============================================================

08:46:43.0458 5816 Current date / time: 2012/01/21 08:46:43.0458

08:46:43.0458 5816 SystemInfo:

08:46:43.0458 5816

08:46:43.0458 5816 OS Version: 6.0.6001 ServicePack: 1.0

08:46:43.0458 5816 Product type: Workstation

08:46:43.0458 5816 ComputerName: MELANIE-PC

08:46:43.0458 5816 UserName: maierdg

08:46:43.0458 5816 Windows directory: C:\Windows

08:46:43.0458 5816 System windows directory: C:\Windows

08:46:43.0458 5816 Running under WOW64

08:46:43.0458 5816 Processor architecture: Intel x64

08:46:43.0458 5816 Number of processors: 2

08:46:43.0458 5816 Page size: 0x1000

08:46:43.0458 5816 Boot type: Normal boot

08:46:43.0458 5816 ============================================================

08:46:44.0675 5816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

08:46:44.0753 5816 Initialize success

08:47:25.0547 5444 ============================================================

08:47:25.0547 5444 Scan started

08:47:25.0547 5444 Mode: Manual; SigCheck; TDLFS;

08:47:25.0547 5444 ============================================================

08:47:26.0654 5444 ACPI (375243251c24028da6c9761645b43f21) C:\Windows\system32\drivers\acpi.sys

08:47:26.0826 5444 ACPI - ok

08:47:27.0091 5444 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

08:47:27.0122 5444 adp94xx - ok

08:47:27.0200 5444 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

08:47:27.0231 5444 adpahci - ok

08:47:27.0247 5444 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

08:47:27.0263 5444 adpu160m - ok

08:47:27.0450 5444 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

08:47:27.0481 5444 adpu320 - ok

08:47:27.0637 5444 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys

08:47:27.0746 5444 AFD - ok

08:47:27.0949 5444 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys

08:47:28.0011 5444 AgereSoftModem - ok

08:47:28.0105 5444 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

08:47:28.0121 5444 agp440 - ok

08:47:28.0152 5444 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

08:47:28.0183 5444 aic78xx - ok

08:47:28.0199 5444 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

08:47:28.0230 5444 aliide - ok

08:47:28.0261 5444 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

08:47:28.0277 5444 amdide - ok

08:47:28.0433 5444 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

08:47:28.0479 5444 AmdK8 - ok

08:47:28.0573 5444 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

08:47:28.0589 5444 arc - ok

08:47:28.0604 5444 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

08:47:28.0620 5444 arcsas - ok

08:47:28.0651 5444 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

08:47:28.0713 5444 AsyncMac - ok

08:47:28.0916 5444 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

08:47:28.0932 5444 atapi - ok

08:47:29.0010 5444 bcm (bbb815cee10b436ba4226bb119b66216) C:\Windows\system32\DRIVERS\drxvi314_64.sys

08:47:29.0197 5444 bcm - ok

08:47:29.0306 5444 bcmbusctr (6d46aef6be3f7a10c3a9dca603f8f2e4) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys

08:47:29.0306 5444 bcmbusctr - ok

08:47:29.0493 5444 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys

08:47:29.0525 5444 BHDrvx64 - ok

08:47:29.0634 5444 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

08:47:29.0681 5444 blbdrive - ok

08:47:29.0712 5444 BMLoad - ok

08:47:29.0743 5444 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys

08:47:29.0759 5444 bowser - ok

08:47:29.0774 5444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

08:47:29.0852 5444 BrFiltLo - ok

08:47:29.0883 5444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

08:47:29.0899 5444 BrFiltUp - ok

08:47:30.0211 5444 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

08:47:30.0320 5444 Brserid - ok

08:47:30.0351 5444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

08:47:30.0429 5444 BrSerWdm - ok

08:47:30.0445 5444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

08:47:30.0507 5444 BrUsbMdm - ok

08:47:30.0523 5444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

08:47:30.0585 5444 BrUsbSer - ok

08:47:30.0632 5444 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

08:47:30.0679 5444 BTHMODEM - ok

08:47:30.0710 5444 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

08:47:30.0741 5444 cdfs - ok

08:47:30.0757 5444 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

08:47:30.0788 5444 cdrom - ok

08:47:30.0819 5444 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

08:47:30.0851 5444 circlass - ok

08:47:30.0882 5444 CLFS (319e4e9a68303f60cbc813ef19f3cf84) C:\Windows\system32\CLFS.sys

08:47:30.0897 5444 CLFS - ok

08:47:30.0960 5444 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

08:47:30.0975 5444 cmdide - ok

08:47:31.0022 5444 cm_ser (e9e160fed596d6555de17bc7a78aa424) C:\Windows\system32\DRIVERS\cm_ser.sys

08:47:31.0038 5444 cm_ser - ok

08:47:31.0053 5444 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

08:47:31.0069 5444 Compbatt - ok

08:47:31.0085 5444 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

08:47:31.0100 5444 crcdisk - ok

08:47:31.0163 5444 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys

08:47:31.0178 5444 DfsC - ok

08:47:31.0225 5444 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys

08:47:31.0225 5444 DgiVecp - ok

08:47:31.0287 5444 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

08:47:31.0287 5444 disk - ok

08:47:31.0350 5444 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

08:47:31.0397 5444 drmkaud - ok

08:47:31.0443 5444 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

08:47:31.0521 5444 DXGKrnl - ok

08:47:31.0553 5444 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

08:47:31.0599 5444 E1G60 - ok

08:47:31.0615 5444 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

08:47:31.0631 5444 Ecache - ok

08:47:31.0724 5444 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

08:47:31.0740 5444 eeCtrl - ok

08:47:31.0818 5444 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

08:47:31.0849 5444 elxstor - ok

08:47:31.0943 5444 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:47:31.0958 5444 EraserUtilRebootDrv - ok

08:47:32.0005 5444 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

08:47:32.0036 5444 ErrDev - ok

08:47:32.0083 5444 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

08:47:32.0145 5444 exfat - ok

08:47:32.0208 5444 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

08:47:32.0270 5444 fastfat - ok

08:47:32.0301 5444 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

08:47:32.0364 5444 fdc - ok

08:47:32.0395 5444 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

08:47:32.0411 5444 FileInfo - ok

08:47:32.0457 5444 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

08:47:32.0504 5444 Filetrace - ok

08:47:32.0551 5444 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

08:47:32.0582 5444 flpydisk - ok

08:47:32.0598 5444 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

08:47:32.0613 5444 FltMgr - ok

08:47:32.0629 5444 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

08:47:32.0645 5444 Fs_Rec - ok

08:47:32.0676 5444 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

08:47:32.0676 5444 gagp30kx - ok

08:47:32.0707 5444 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:47:32.0707 5444 GEARAspiWDM - ok

08:47:32.0769 5444 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:47:32.0816 5444 HDAudBus - ok

08:47:32.0847 5444 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

08:47:32.0879 5444 HidBth - ok

08:47:32.0894 5444 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

08:47:32.0941 5444 HidIr - ok

08:47:32.0972 5444 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

08:47:33.0035 5444 HidUsb - ok

08:47:33.0066 5444 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

08:47:33.0066 5444 HpCISSs - ok

08:47:33.0113 5444 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

08:47:33.0144 5444 HTTP - ok

08:47:33.0175 5444 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

08:47:33.0175 5444 i2omp - ok

08:47:33.0206 5444 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

08:47:33.0222 5444 i8042prt - ok

08:47:33.0253 5444 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

08:47:33.0269 5444 iaStorV - ok

08:47:33.0393 5444 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120120.002\IDSvia64.sys

08:47:33.0425 5444 IDSVia64 - ok

08:47:33.0643 5444 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys

08:47:33.0830 5444 igfx - ok

08:47:34.0173 5444 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

08:47:34.0173 5444 iirsp - ok

08:47:34.0688 5444 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys

08:47:34.0766 5444 IntcAzAudAddService - ok

08:47:34.0922 5444 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

08:47:34.0953 5444 intelide - ok

08:47:35.0063 5444 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

08:47:35.0141 5444 intelppm - ok

08:47:35.0234 5444 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:47:35.0297 5444 IpFilterDriver - ok

08:47:35.0343 5444 IpInIp - ok

08:47:35.0874 5444 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

08:47:35.0936 5444 IPMIDRV - ok

08:47:36.0139 5444 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

08:47:36.0201 5444 IPNAT - ok

08:47:36.0342 5444 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

08:47:36.0404 5444 IRENUM - ok

08:47:36.0513 5444 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

08:47:36.0545 5444 isapnp - ok

08:47:36.0872 5444 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

08:47:36.0888 5444 iScsiPrt - ok

08:47:37.0231 5444 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

08:47:37.0247 5444 iteatapi - ok

08:47:37.0371 5444 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

08:47:37.0387 5444 iteraid - ok

08:47:37.0746 5444 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

08:47:37.0761 5444 kbdclass - ok

08:47:38.0245 5444 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

08:47:38.0307 5444 kbdhid - ok

08:47:38.0729 5444 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

08:47:38.0760 5444 KSecDD - ok

08:47:39.0056 5444 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

08:47:39.0103 5444 ksthunk - ok

08:47:39.0290 5444 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

08:47:39.0353 5444 lltdio - ok

08:47:39.0462 5444 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

08:47:39.0477 5444 LMIInfo - ok

08:47:39.0743 5444 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

08:47:39.0758 5444 lmimirr - ok

08:47:39.0961 5444 LMIRfsClientNP - ok

08:47:40.0289 5444 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

08:47:40.0289 5444 LMIRfsDriver - ok

08:47:40.0429 5444 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

08:47:40.0460 5444 LSI_FC - ok

08:47:40.0679 5444 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

08:47:40.0710 5444 LSI_SAS - ok

08:47:40.0819 5444 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

08:47:40.0835 5444 LSI_SCSI - ok

08:47:40.0959 5444 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

08:47:41.0006 5444 luafv - ok

08:47:41.0162 5444 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

08:47:41.0178 5444 megasas - ok

08:47:41.0318 5444 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

08:47:41.0365 5444 MegaSR - ok

08:47:41.0396 5444 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

08:47:41.0459 5444 Modem - ok

08:47:41.0646 5444 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

08:47:41.0693 5444 monitor - ok

08:47:41.0942 5444 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

08:47:41.0958 5444 mouclass - ok

08:47:41.0989 5444 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

08:47:42.0051 5444 mouhid - ok

08:47:42.0332 5444 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

08:47:42.0348 5444 MountMgr - ok

08:47:42.0675 5444 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

08:47:42.0691 5444 mpio - ok

08:47:42.0894 5444 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

08:47:42.0941 5444 mpsdrv - ok

08:47:43.0206 5444 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

08:47:43.0221 5444 Mraid35x - ok

08:47:43.0331 5444 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

08:47:43.0362 5444 MRxDAV - ok

08:47:43.0424 5444 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:47:43.0455 5444 mrxsmb - ok

08:47:44.0048 5444 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:47:44.0064 5444 mrxsmb10 - ok

08:47:44.0391 5444 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:47:44.0407 5444 mrxsmb20 - ok

08:47:44.0672 5444 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

08:47:44.0688 5444 msahci - ok

08:47:45.0000 5444 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

08:47:45.0015 5444 msdsm - ok

08:47:45.0343 5444 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

08:47:45.0405 5444 Msfs - ok

08:47:45.0515 5444 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

08:47:45.0530 5444 msisadrv - ok

08:47:45.0561 5444 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

08:47:45.0608 5444 MSKSSRV - ok

08:47:45.0951 5444 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

08:47:46.0014 5444 MSPCLOCK - ok

08:47:46.0185 5444 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

08:47:46.0248 5444 MSPQM - ok

08:47:46.0419 5444 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

08:47:46.0435 5444 MsRPC - ok

08:47:46.0934 5444 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

08:47:46.0950 5444 mssmbios - ok

08:47:47.0059 5444 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

08:47:47.0106 5444 MSTEE - ok

08:47:47.0324 5444 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

08:47:47.0355 5444 Mup - ok

08:47:47.0496 5444 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

08:47:47.0605 5444 NativeWifiP - ok

08:47:47.0917 5444 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120120.035\ENG64.SYS

08:47:47.0933 5444 NAVENG - ok

08:47:48.0229 5444 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120120.035\EX64.SYS

08:47:48.0401 5444 NAVEX15 - ok

08:47:48.0635 5444 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

08:47:48.0697 5444 NDIS - ok

08:47:48.0978 5444 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

08:47:49.0025 5444 NdisTapi - ok

08:47:49.0103 5444 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

08:47:49.0165 5444 Ndisuio - ok

08:47:49.0227 5444 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

08:47:49.0274 5444 NdisWan - ok

08:47:49.0274 5444 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

08:47:49.0321 5444 NDProxy - ok

08:47:49.0352 5444 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

08:47:49.0383 5444 NetBIOS - ok

08:47:49.0415 5444 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

08:47:49.0461 5444 netbt - ok

08:47:49.0602 5444 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

08:47:49.0633 5444 nfrd960 - ok

08:47:49.0727 5444 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

08:47:49.0789 5444 Npfs - ok

08:47:49.0898 5444 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

08:47:49.0992 5444 nsiproxy - ok

08:47:50.0319 5444 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

08:47:50.0413 5444 Ntfs - ok

08:47:50.0507 5444 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

08:47:50.0585 5444 Null - ok

08:47:50.0647 5444 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

08:47:50.0663 5444 nvraid - ok

08:47:50.0694 5444 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

08:47:50.0725 5444 nvstor - ok

08:47:50.0756 5444 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

08:47:50.0772 5444 nv_agp - ok

08:47:50.0819 5444 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys

08:47:50.0850 5444 NWADI - ok

08:47:50.0850 5444 NwlnkFlt - ok

08:47:50.0865 5444 NwlnkFwd - ok

08:47:50.0897 5444 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

08:47:50.0975 5444 ohci1394 - ok

08:47:51.0053 5444 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

08:47:51.0115 5444 Parport - ok

08:47:51.0224 5444 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

08:47:51.0240 5444 partmgr - ok

08:47:51.0271 5444 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys

08:47:51.0287 5444 PCASp50a64 - ok

08:47:51.0427 5444 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms

08:47:51.0599 5444 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok

08:47:51.0708 5444 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

08:47:51.0723 5444 pci - ok

08:47:51.0755 5444 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

08:47:51.0770 5444 pciide - ok

08:47:51.0801 5444 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

08:47:51.0817 5444 pcmcia - ok

08:47:51.0864 5444 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS

08:47:51.0895 5444 PCTINDIS5X64 - ok

08:47:51.0926 5444 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

08:47:52.0035 5444 PEAUTH - ok

08:47:52.0129 5444 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

08:47:52.0176 5444 PptpMiniport - ok

08:47:52.0191 5444 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

08:47:52.0223 5444 Processor - ok

08:47:52.0269 5444 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

08:47:52.0285 5444 PSched - ok

08:47:52.0332 5444 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

08:47:52.0394 5444 ql2300 - ok

08:47:52.0425 5444 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

08:47:52.0457 5444 ql40xx - ok

08:47:52.0488 5444 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

08:47:52.0503 5444 QWAVEdrv - ok

08:47:52.0535 5444 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

08:47:52.0581 5444 RasAcd - ok

08:47:52.0628 5444 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:47:52.0691 5444 Rasl2tp - ok

08:47:52.0706 5444 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

08:47:52.0769 5444 RasPppoe - ok

08:47:52.0784 5444 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

08:47:52.0831 5444 RasSstp - ok

08:47:52.0862 5444 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

08:47:52.0909 5444 rdbss - ok

08:47:52.0925 5444 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:47:52.0987 5444 RDPCDD - ok

08:47:53.0003 5444 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

08:47:53.0065 5444 rdpdr - ok

08:47:53.0065 5444 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

08:47:53.0112 5444 RDPENCDD - ok

08:47:53.0174 5444 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

08:47:53.0237 5444 RDPWD - ok

08:47:53.0283 5444 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

08:47:53.0315 5444 rspndr - ok

08:47:53.0361 5444 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys

08:47:53.0408 5444 RTL8169 - ok

08:47:53.0439 5444 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

08:47:53.0455 5444 sbp2port - ok

08:47:53.0517 5444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:47:53.0580 5444 secdrv - ok

08:47:53.0673 5444 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

08:47:53.0736 5444 Serenum - ok

08:47:53.0907 5444 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

08:47:54.0017 5444 Serial - ok

08:47:54.0157 5444 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

08:47:54.0251 5444 sermouse - ok

08:47:54.0453 5444 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

08:47:54.0516 5444 sffdisk - ok

08:47:54.0703 5444 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

08:47:54.0765 5444 sffp_mmc - ok

08:47:54.0984 5444 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

08:47:55.0077 5444 sffp_sd - ok

08:47:55.0202 5444 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

08:47:55.0311 5444 sfloppy - ok

08:47:55.0530 5444 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

08:47:55.0545 5444 SiSRaid2 - ok

08:47:55.0592 5444 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

08:47:55.0608 5444 SiSRaid4 - ok

08:47:55.0639 5444 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

08:47:55.0701 5444 Smb - ok

08:47:55.0857 5444 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS

08:47:55.0873 5444 SMR210 - ok

08:47:55.0982 5444 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

08:47:56.0013 5444 spldr - ok

08:47:56.0091 5444 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS

08:47:56.0123 5444 SRTSP - ok

08:47:56.0263 5444 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS

08:47:56.0279 5444 SRTSPX - ok

08:47:56.0341 5444 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys

08:47:56.0372 5444 srv - ok

08:47:56.0450 5444 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys

08:47:56.0481 5444 srv2 - ok

08:47:56.0497 5444 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys

08:47:56.0528 5444 srvnet - ok

08:47:56.0544 5444 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

08:47:56.0575 5444 SSPORT - ok

08:47:56.0637 5444 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

08:47:56.0684 5444 StillCam - ok

08:47:56.0871 5444 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

08:47:56.0903 5444 swenum - ok

08:47:57.0043 5444 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

08:47:57.0074 5444 Symc8xx - ok

08:47:57.0527 5444 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS

08:47:57.0558 5444 SymDS - ok

08:47:58.0213 5444 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS

08:47:58.0307 5444 SymEFA - ok

08:47:58.0541 5444 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

08:47:58.0556 5444 SymEvent - ok

08:47:58.0603 5444 SYMFW - ok

08:47:59.0040 5444 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS

08:47:59.0055 5444 SymIRON - ok

08:47:59.0336 5444 SYMNDISV - ok

08:47:59.0835 5444 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS

08:47:59.0898 5444 SYMTDIv - ok

08:48:00.0147 5444 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

08:48:00.0225 5444 Sym_hi - ok

08:48:00.0319 5444 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

08:48:00.0350 5444 Sym_u3 - ok

08:48:00.0631 5444 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys

08:48:00.0740 5444 Tcpip - ok

08:48:01.0239 5444 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys

08:48:01.0317 5444 Tcpip6 - ok

08:48:01.0411 5444 tcpipBM - ok

08:48:01.0598 5444 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

08:48:01.0661 5444 tcpipreg - ok

08:48:01.0941 5444 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

08:48:02.0051 5444 TDPIPE - ok

08:48:02.0238 5444 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

08:48:02.0331 5444 TDTCP - ok

08:48:02.0659 5444 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

08:48:02.0721 5444 tdx - ok

08:48:03.0345 5444 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

08:48:03.0377 5444 TermDD - ok

08:48:03.0595 5444 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:48:03.0657 5444 tssecsrv - ok

08:48:03.0689 5444 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

08:48:03.0735 5444 tunmp - ok

08:48:03.0767 5444 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

08:48:03.0829 5444 tunnel - ok

08:48:03.0860 5444 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

08:48:03.0876 5444 uagp35 - ok

08:48:03.0954 5444 udfs (655156d84ec37559ee230b888a4f23c5) C:\Windows\system32\DRIVERS\udfs.sys

08:48:04.0016 5444 udfs - ok

08:48:04.0063 5444 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

08:48:04.0094 5444 uliagpkx - ok

08:48:04.0110 5444 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

08:48:04.0141 5444 uliahci - ok

08:48:04.0172 5444 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

08:48:04.0203 5444 UlSata - ok

08:48:04.0250 5444 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

08:48:04.0281 5444 ulsata2 - ok

08:48:04.0328 5444 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

08:48:04.0391 5444 umbus - ok

08:48:04.0609 5444 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

08:48:04.0625 5444 USBAAPL64 - ok

08:48:04.0968 5444 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys

08:48:05.0046 5444 usbaudio - ok

08:48:05.0155 5444 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

08:48:05.0217 5444 usbccgp - ok

08:48:05.0280 5444 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

08:48:05.0389 5444 usbcir - ok

08:48:05.0576 5444 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

08:48:05.0654 5444 usbehci - ok

08:48:06.0138 5444 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

08:48:06.0200 5444 usbhub - ok

08:48:06.0309 5444 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

08:48:06.0403 5444 usbohci - ok

08:48:06.0450 5444 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

08:48:06.0528 5444 usbprint - ok

08:48:06.0653 5444 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:48:06.0715 5444 USBSTOR - ok

08:48:06.0949 5444 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

08:48:07.0011 5444 usbuhci - ok

08:48:07.0261 5444 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

08:48:07.0355 5444 vga - ok

08:48:07.0667 5444 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

08:48:07.0729 5444 VgaSave - ok

08:48:08.0275 5444 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

08:48:08.0306 5444 viaide - ok

08:48:08.0540 5444 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

08:48:08.0571 5444 volmgr - ok

08:48:08.0696 5444 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

08:48:08.0727 5444 volmgrx - ok

08:48:09.0180 5444 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

08:48:09.0211 5444 volsnap - ok

08:48:09.0289 5444 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

08:48:09.0305 5444 vsmraid - ok

08:48:09.0336 5444 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

08:48:09.0429 5444 WacomPen - ok

08:48:09.0726 5444 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

08:48:09.0773 5444 Wanarp - ok

08:48:09.0773 5444 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

08:48:09.0835 5444 Wanarpv6 - ok

08:48:10.0225 5444 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

08:48:10.0256 5444 Wd - ok

08:48:10.0412 5444 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

08:48:10.0490 5444 Wdf01000 - ok

08:48:10.0646 5444 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

08:48:10.0677 5444 WmiAcpi - ok

08:48:10.0755 5444 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

08:48:10.0818 5444 WpdUsb - ok

08:48:10.0833 5444 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

08:48:10.0896 5444 ws2ifsl - ok

08:48:10.0943 5444 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:48:11.0005 5444 WUDFRd - ok

08:48:11.0052 5444 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0

08:48:11.0738 5444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:48:11.0738 5444 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:48:11.0754 5444 Boot (0x1200) (10ae98a51f9fb3f6b50df97093c98d81) \Device\Harddisk0\DR0\Partition0

08:48:11.0754 5444 \Device\Harddisk0\DR0\Partition0 - ok

08:48:11.0785 5444 Boot (0x1200) (ae9e0dd5680a3aa25f69fdaf663aa004) \Device\Harddisk0\DR0\Partition1

08:48:11.0832 5444 \Device\Harddisk0\DR0\Partition1 - ok

08:48:11.0832 5444 ============================================================

08:48:11.0832 5444 Scan finished

08:48:11.0832 5444 ============================================================

08:48:11.0847 5696 Detected object count: 1

08:48:11.0847 5696 Actual detected object count: 1

08:48:42.0751 5696 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:48:42.0751 5696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:49:14.0528 5988 Deinitialize success

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[dmaier]

Thank you...Combofix found and quarantined the file and fixed the problem.

[LDTate]

Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
     
  2. Click once on the Security tab
     
  3. Click once on the Internet icon so it becomes highlighted.
     
  4. Click once on the Custom Level button.
     
  5. Change the Download signed ActiveX controls to Prompt
     
  6. Change the Download unsigned ActiveX controls to Disable
     
  7. Change the Initialize and script ActiveX controls not marked as safe to Disable
     
  8. Change the Installation of desktop items to Prompt
     
  9. Change the Launching programs and files in an IFRAME to Prompt
     
  10. Change the Navigate sub-frames across different domains to Prompt
      
  11. When all these settings have been made, click on the OK button.
      
  12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
      
  13. Next press the Apply button and then the OK to exit the Internet Properties page.
      

  [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

  Without a firewall your computer is succeptible to being hacked and taken over.

  I am very serious about this and see it happen almost every day with my clients.

  Simply using a Firewall in its default configuration can lower your risk greatly.

  [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

  •Free browser plug-in for Internet Explorer and Firefox

  •Real-time safety ratings

  •Ideal for Facebook, Twitter and LinkedIn

  [*] JAVA Click this link and click on the Free JAVA Download

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

  This will ensure your computer has always the latest security updates available installed on your computer.

  If there are new updates to install, install them immediately, reboot your computer, and revisit the site

  until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!