Google results redirected and svchost trojan unable to be deleted

icog · March 14, 2012

I have run many scans with malwarebytes and each time I get this:

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

So I reboot and run malwarebytes again and it finds the same thing again, I cannot seem to get rid of this

Also, my google search results go to random sites, some other butterfly search engine site, and once even a youtube vid

Microsoft Security Essentials detected some alureon thing, and prompted me to download microsoft defender offline to get rid of it, which I did, from the microsoft site, but when I ran it nothing was found.

So since malwarebytes could not resolve this problem, I have decided to post here asking for help.

Here are the logs after I followed the instructions from the pinned thread:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by guon at 14:59:54 on 2012-03-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1257 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-netsvcs

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\windows\system32\sppsvc.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\taskhost.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\SearchProtocolHost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

uDefault_Page_URL = hxxp://start.toshiba.com

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{88C63E5F-E7B8-4C96-95BD-56785CD0C947} : DhcpNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-11-29 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-29 126392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-29 57216]

R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-14 21:59:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\offreg.dll

2012-03-14 12:15:46 -------- d-----w- C:\windows\Microsoft Antimalware

2012-03-14 12:15:41 -------- d-----w- C:\windows\Windows Defender Offline

2012-03-14 10:59:40 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d

2012-03-14 09:48:22 20480 ----a-w- C:\windows\svchost.exe

2012-03-14 08:31:51 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF458BA6-877C-4BBE-A003-52A395005412}\mpengine.dll

2012-03-14 07:11:34 -------- d-----w- C:\Program Files\CCleaner

2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7D0.tmp

2012-03-14 06:26:27 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\F7BF.tmp

2012-03-05 23:39:30 -------- d-----w- C:\Users\guon\jagexcache

2012-02-25 10:16:51 0 ----a-w- C:\windows\SysWow64\sho45D9.tmp

2012-02-25 09:55:08 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-02-25 09:55:08 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

2012-02-25 09:55:03 515584 ----a-w- C:\windows\System32\timedate.cpl

2012-02-25 09:55:02 478720 ----a-w- C:\windows\SysWow64\timedate.cpl

2012-02-25 09:55:01 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-02-25 09:54:31 498688 ----a-w- C:\windows\System32\drivers\afd.sys

2012-02-25 09:54:29 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll

2012-02-25 09:54:29 634880 ----a-w- C:\windows\System32\msvcrt.dll

2012-02-25 07:58:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-02-25 07:57:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll

.

==================== Find3M ====================

.

2012-03-05 23:33:46 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2011-12-20 13:10:18 0 ----a-w- C:\windows\SysWow64\sho99FC.tmp

.

============= FINISH: 15:00:41.65 ===============

Attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/5/2011 5:07:33 PM

System Uptime: 3/14/2012 2:54:53 PM (1 hours ago)

.

Motherboard: AMD | | Torpedo

Processor: AMD A6-3400M APU with Radeon™ HD Graphics | Socket FS1 | 1400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 282 GiB total, 226.269 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 12/30/2011 12:03:44 AM - Windows Update

RP31: 12/31/2011 7:02:27 PM - Windows Update

RP32: 1/4/2012 3:38:16 AM - Windows Update

RP33: 1/17/2012 6:39:21 PM - Windows Update

RP34: 1/17/2012 6:42:56 PM - Windows Update

RP35: 2/9/2012 2:15:10 AM - Windows Update

RP36: 2/24/2012 11:53:16 PM - Windows Update

RP37: 2/25/2012 1:57:35 AM - Windows Update

RP38: 2/25/2012 1:58:48 AM - Windows Update

RP39: 3/4/2012 3:50:36 PM - Windows Update

RP40: 3/11/2012 5:33:19 PM - Windows Update

RP41: 3/13/2012 2:49:12 PM - Windows Update

RP42: 3/13/2012 11:41:51 PM - Restore Operation

RP43: 3/14/2012 1:31:30 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

AMD VISION Engine Control Center

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Bandisoft MPEG-1 Decoder

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

D3DX10

Google Chrome

Google Update Helper

Java Auto Updater

Java™ 6 Update 25

Junk Mail filter update

Label@Once 1.0

League of Legends

Malwarebytes Anti-Malware version 1.60.0.1800

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

mIRC

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

Netwaiting

Nexon Game Manager

Pando Media Booster

PlayReady PC Runtime x86

Realtek USB 2.0 Reader Driver

Realtek WLAN Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype Launcher

StarCraft II

Steam

TOSHIBA Assist

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Vindictus

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/14/2012 4:05:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 3:46:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/14/2012 2:55:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 2:55:14 PM, Error: NetBT [4321] - The name "GUON-PC :0" could not be registered on the interface with IP address 192.168.1.71. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

3/14/2012 2:48:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 2:20:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 12:07:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 1:24:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

3/14/2012 1:24:38 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/14/2012 1:21:17 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

3/14/2012 1:16:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/14/2012 1:10:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/13/2012 2:52:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1330.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/13/2012 11:47:19 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

3/13/2012 11:30:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/13/2012 11:26:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

3/12/2012 10:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user guon-PC\guon SID (S-1-5-21-2913796982-2414487537-1882358387-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/12/2012 1:42:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/11/2012 5:22:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Is there anything I can do to fix this? Thanks in advance for your help.

MrCharlie · March 16, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

icog · March 16, 2012

Hello, I have downloaded and ran Rougekiller, but everytime it gets to the part where it says "Reading MBR...", the program stops working and this is what I get:

After that it just closes, and the same thing happens everything I run it.

icog · March 16, 2012

In case the additional information is important, here it is:

MrCharlie · March 17, 2012

Try........

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

MrC

icog · March 17, 2012

Same thing happens

icog · March 17, 2012

I unchecked the box that said MBR scan and this is what I got

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: guon [Admin rights]

Mode: Scan -- Date: 03/16/2012 23:54:45

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1].txt >>

RKreport[1].txt

icog · March 17, 2012

I don't know if this will help, but I remembered when microsoft security essentials detected alureon, it was something like

MBR:: Alureon

MrCharlie · March 17, 2012

With these types of infections, during the process of removing it, the MBR could become corrupt and the computer won't boot back up.

Please be familiar with repairing the MBR if needed:

http://support.microsoft.com/kb/927392

---------------------------------------------------

Run RogueKiller again and click scan, make sure this process is killed:

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Then.......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

icog · March 17, 2012

I do not have the windows 7 installation disk, as this laptop came with windows 7, so im not sure how I can use bootrec.exe...

Everytime I scan in Roguekiller, I get in the report:

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Does that mean its not working? Should I just run TDSSKiller anyways?

MrCharlie · March 17, 2012

Yes, go ahead and run it, MrC

icog · March 17, 2012

16:05:03.0467 4020 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

16:05:04.0197 4020 ============================================================

16:05:04.0197 4020 Current date / time: 2012/03/17 16:05:04.0197

16:05:04.0197 4020 SystemInfo:

16:05:04.0197 4020

16:05:04.0197 4020 OS Version: 6.1.7601 ServicePack: 1.0

16:05:04.0197 4020 Product type: Workstation

16:05:04.0197 4020 ComputerName: GUON-PC

16:05:04.0197 4020 UserName: guon

16:05:04.0197 4020 Windows directory: C:\windows

16:05:04.0197 4020 System windows directory: C:\windows

16:05:04.0198 4020 Running under WOW64

16:05:04.0198 4020 Processor architecture: Intel x64

16:05:04.0198 4020 Number of processors: 4

16:05:04.0198 4020 Page size: 0x1000

16:05:04.0198 4020 Boot type: Normal boot

16:05:04.0198 4020 ============================================================

16:05:06.0073 4020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:05:06.0078 4020 \Device\Harddisk0\DR0:

16:05:06.0078 4020 MBR used

16:05:06.0078 4020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23442000

16:05:06.0103 4020 Initialize success

16:05:06.0103 4020 ============================================================

16:05:17.0164 5784 ============================================================

16:05:17.0164 5784 Scan started

16:05:17.0164 5784 Mode: Manual; SigCheck; TDLFS;

16:05:17.0164 5784 ============================================================

16:05:20.0932 5784 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

16:05:21.0027 5784 1394ohci - ok

16:05:21.0259 5784 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

16:05:21.0302 5784 ACPI - ok

16:05:21.0452 5784 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

16:05:21.0532 5784 AcpiPmi - ok

16:05:21.0954 5784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

16:05:21.0992 5784 adp94xx - ok

16:05:22.0207 5784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

16:05:22.0237 5784 adpahci - ok

16:05:22.0489 5784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

16:05:22.0514 5784 adpu320 - ok

16:05:22.0662 5784 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

16:05:22.0734 5784 AFD - ok

16:05:22.0947 5784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

16:05:22.0969 5784 agp440 - ok

16:05:23.0124 5784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

16:05:23.0147 5784 aliide - ok

16:05:23.0292 5784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

16:05:23.0312 5784 amdide - ok

16:05:23.0449 5784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

16:05:23.0492 5784 AmdK8 - ok

16:05:23.0809 5784 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\windows\system32\DRIVERS\atikmdag.sys

16:05:24.0189 5784 amdkmdag - ok

16:05:24.0359 5784 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\windows\system32\DRIVERS\atikmpag.sys

16:05:24.0414 5784 amdkmdap - ok

16:05:24.0614 5784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

16:05:24.0654 5784 AmdPPM - ok

16:05:24.0812 5784 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

16:05:24.0832 5784 amdsata - ok

16:05:24.0972 5784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

16:05:24.0997 5784 amdsbs - ok

16:05:25.0200 5784 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

16:05:25.0220 5784 amdxata - ok

16:05:25.0372 5784 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

16:05:25.0595 5784 AppID - ok

16:05:25.0752 5784 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

16:05:25.0777 5784 arc - ok

16:05:26.0145 5784 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

16:05:26.0170 5784 arcsas - ok

16:05:26.0302 5784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

16:05:26.0442 5784 AsyncMac - ok

16:05:26.0547 5784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

16:05:26.0567 5784 atapi - ok

16:05:26.0720 5784 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys

16:05:26.0762 5784 AtiHDAudioService - ok

16:05:26.0967 5784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

16:05:27.0020 5784 b06bdrv - ok

16:05:27.0170 5784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

16:05:27.0245 5784 b57nd60a - ok

16:05:27.0395 5784 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

16:05:27.0470 5784 Beep - ok

16:05:27.0652 5784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

16:05:27.0705 5784 blbdrive - ok

16:05:27.0845 5784 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

16:05:27.0927 5784 bowser - ok

16:05:28.0072 5784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

16:05:28.0127 5784 BrFiltLo - ok

16:05:28.0272 5784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

16:05:28.0310 5784 BrFiltUp - ok

16:05:28.0462 5784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

16:05:28.0510 5784 Brserid - ok

16:05:28.0660 5784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

16:05:28.0690 5784 BrSerWdm - ok

16:05:28.0840 5784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

16:05:28.0880 5784 BrUsbMdm - ok

16:05:29.0030 5784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

16:05:29.0060 5784 BrUsbSer - ok

16:05:29.0210 5784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

16:05:29.0250 5784 BTHMODEM - ok

16:05:29.0400 5784 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

16:05:29.0470 5784 cdfs - ok

16:05:29.0610 5784 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

16:05:29.0680 5784 cdrom - ok

16:05:29.0830 5784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

16:05:29.0880 5784 circlass - ok

16:05:30.0030 5784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

16:05:30.0060 5784 CLFS - ok

16:05:30.0230 5784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

16:05:30.0270 5784 CmBatt - ok

16:05:30.0380 5784 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

16:05:30.0420 5784 cmdide - ok

16:05:30.0580 5784 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

16:05:30.0640 5784 CNG - ok

16:05:30.0820 5784 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys

16:05:30.0900 5784 CnxtHdAudService - ok

16:05:31.0050 5784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

16:05:31.0070 5784 Compbatt - ok

16:05:31.0230 5784 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

16:05:31.0290 5784 CompositeBus - ok

16:05:31.0440 5784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

16:05:31.0460 5784 crcdisk - ok

16:05:31.0640 5784 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

16:05:31.0710 5784 DfsC - ok

16:05:31.0850 5784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

16:05:31.0930 5784 discache - ok

16:05:32.0080 5784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

16:05:32.0120 5784 Disk - ok

16:05:32.0280 5784 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

16:05:32.0320 5784 drmkaud - ok

16:05:32.0470 5784 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

16:05:32.0530 5784 DXGKrnl - ok

16:05:32.0670 5784 EagleX64 - ok

16:05:32.0780 5784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

16:05:32.0880 5784 ebdrv - ok

16:05:33.0060 5784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

16:05:33.0100 5784 elxstor - ok

16:05:33.0100 5784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

16:05:33.0150 5784 ErrDev - ok

16:05:33.0300 5784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

16:05:33.0370 5784 exfat - ok

16:05:33.0490 5784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

16:05:33.0550 5784 fastfat - ok

16:05:33.0690 5784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

16:05:33.0730 5784 fdc - ok

16:05:33.0880 5784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

16:05:33.0900 5784 FileInfo - ok

16:05:33.0930 5784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

16:05:33.0990 5784 Filetrace - ok

16:05:34.0120 5784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

16:05:34.0140 5784 flpydisk - ok

16:05:34.0250 5784 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

16:05:34.0310 5784 FltMgr - ok

16:05:34.0400 5784 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

16:05:34.0430 5784 FsDepends - ok

16:05:34.0510 5784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

16:05:34.0530 5784 Fs_Rec - ok

16:05:34.0630 5784 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

16:05:34.0660 5784 fvevol - ok

16:05:34.0810 5784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

16:05:34.0840 5784 gagp30kx - ok

16:05:34.0980 5784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

16:05:35.0030 5784 hcw85cir - ok

16:05:35.0220 5784 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

16:05:35.0280 5784 HdAudAddService - ok

16:05:35.0450 5784 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

16:05:35.0490 5784 HDAudBus - ok

16:05:35.0610 5784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

16:05:35.0650 5784 HidBatt - ok

16:05:35.0760 5784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

16:05:35.0800 5784 HidBth - ok

16:05:35.0940 5784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

16:05:35.0980 5784 HidIr - ok

16:05:36.0150 5784 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

16:05:36.0310 5784 HidUsb - ok

16:05:36.0670 5784 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

16:05:36.0700 5784 HpSAMD - ok

16:05:36.0850 5784 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

16:05:36.0950 5784 HTTP - ok

16:05:37.0070 5784 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

16:05:37.0090 5784 hwpolicy - ok

16:05:37.0150 5784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

16:05:37.0190 5784 i8042prt - ok

16:05:37.0330 5784 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

16:05:37.0360 5784 iaStorV - ok

16:05:37.0530 5784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

16:05:37.0550 5784 iirsp - ok

16:05:37.0560 5784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

16:05:37.0580 5784 intelide - ok

16:05:37.0720 5784 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

16:05:37.0760 5784 intelppm - ok

16:05:37.0900 5784 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

16:05:37.0950 5784 IpFilterDriver - ok

16:05:38.0070 5784 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

16:05:38.0120 5784 IPMIDRV - ok

16:05:38.0180 5784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

16:05:38.0250 5784 IPNAT - ok

16:05:38.0370 5784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

16:05:38.0410 5784 IRENUM - ok

16:05:38.0420 5784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

16:05:38.0440 5784 isapnp - ok

16:05:38.0460 5784 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

16:05:38.0490 5784 iScsiPrt - ok

16:05:38.0620 5784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

16:05:38.0640 5784 kbdclass - ok

16:05:38.0770 5784 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

16:05:38.0810 5784 kbdhid - ok

16:05:38.0950 5784 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

16:05:38.0970 5784 KSecDD - ok

16:05:39.0210 5784 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

16:05:39.0260 5784 KSecPkg - ok

16:05:39.0400 5784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

16:05:39.0490 5784 ksthunk - ok

16:05:39.0650 5784 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys

16:05:39.0700 5784 L1C - ok

16:05:39.0850 5784 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

16:05:39.0920 5784 lltdio - ok

16:05:40.0070 5784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

16:05:40.0090 5784 LSI_FC - ok

16:05:40.0220 5784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

16:05:40.0240 5784 LSI_SAS - ok

16:05:40.0330 5784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

16:05:40.0360 5784 LSI_SAS2 - ok

16:05:40.0370 5784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

16:05:40.0390 5784 LSI_SCSI - ok

16:05:40.0450 5784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

16:05:40.0530 5784 luafv - ok

16:05:40.0650 5784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

16:05:40.0670 5784 megasas - ok

16:05:40.0840 5784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

16:05:40.0880 5784 MegaSR - ok

16:05:40.0890 5784 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

16:05:40.0950 5784 Modem - ok

16:05:41.0080 5784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

16:05:41.0150 5784 monitor - ok

16:05:41.0250 5784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

16:05:41.0280 5784 mouclass - ok

16:05:41.0410 5784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

16:05:41.0460 5784 mouhid - ok

16:05:41.0630 5784 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

16:05:41.0750 5784 mountmgr - ok

16:05:41.0950 5784 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys

16:05:42.0000 5784 MpFilter - ok

16:05:42.0110 5784 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

16:05:42.0140 5784 mpio - ok

16:05:42.0290 5784 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys

16:05:42.0330 5784 MpNWMon - ok

16:05:42.0430 5784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

16:05:42.0520 5784 mpsdrv - ok

16:05:42.0640 5784 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

16:05:42.0680 5784 MRxDAV - ok

16:05:42.0790 5784 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

16:05:42.0870 5784 mrxsmb - ok

16:05:42.0990 5784 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

16:05:43.0030 5784 mrxsmb10 - ok

16:05:43.0140 5784 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

16:05:43.0190 5784 mrxsmb20 - ok

16:05:43.0200 5784 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

16:05:43.0220 5784 msahci - ok

16:05:43.0250 5784 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

16:05:43.0270 5784 msdsm - ok

16:05:43.0410 5784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

16:05:43.0480 5784 Msfs - ok

16:05:43.0600 5784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

16:05:43.0680 5784 mshidkmdf - ok

16:05:43.0780 5784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

16:05:43.0800 5784 msisadrv - ok

16:05:43.0960 5784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

16:05:44.0030 5784 MSKSSRV - ok

16:05:44.0200 5784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

16:05:44.0260 5784 MSPCLOCK - ok

16:05:44.0400 5784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

16:05:44.0490 5784 MSPQM - ok

16:05:44.0600 5784 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

16:05:44.0640 5784 MsRPC - ok

16:05:44.0730 5784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

16:05:44.0750 5784 mssmbios - ok

16:05:44.0790 5784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

16:05:44.0860 5784 MSTEE - ok

16:05:44.0970 5784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

16:05:45.0010 5784 MTConfig - ok

16:05:45.0120 5784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

16:05:45.0160 5784 Mup - ok

16:05:45.0350 5784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

16:05:45.0410 5784 NativeWifiP - ok

16:05:45.0570 5784 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

16:05:45.0630 5784 NDIS - ok

16:05:45.0760 5784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

16:05:45.0840 5784 NdisCap - ok

16:05:45.0970 5784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

16:05:46.0050 5784 NdisTapi - ok

16:05:46.0200 5784 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

16:05:46.0290 5784 Ndisuio - ok

16:05:46.0400 5784 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

16:05:46.0480 5784 NdisWan - ok

16:05:46.0590 5784 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

16:05:46.0660 5784 NDProxy - ok

16:05:46.0790 5784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

16:05:46.0850 5784 NetBIOS - ok

16:05:47.0020 5784 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

16:05:47.0110 5784 NetBT - ok

16:05:47.0330 5784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

16:05:47.0360 5784 nfrd960 - ok

16:05:47.0520 5784 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys

16:05:47.0560 5784 NisDrv - ok

16:05:47.0720 5784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

16:05:47.0790 5784 Npfs - ok

16:05:47.0900 5784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

16:05:47.0980 5784 nsiproxy - ok

16:05:48.0120 5784 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

16:05:48.0190 5784 Ntfs - ok

16:05:48.0310 5784 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

16:05:48.0390 5784 Null - ok

16:05:48.0510 5784 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

16:05:48.0550 5784 nvraid - ok

16:05:48.0670 5784 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

16:05:48.0700 5784 nvstor - ok

16:05:48.0740 5784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

16:05:48.0770 5784 nv_agp - ok

16:05:48.0860 5784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

16:05:48.0910 5784 ohci1394 - ok

16:05:48.0940 5784 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

16:05:48.0980 5784 Parport - ok

16:05:49.0090 5784 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

16:05:49.0130 5784 partmgr - ok

16:05:49.0160 5784 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

16:05:49.0190 5784 pci - ok

16:05:49.0320 5784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

16:05:49.0350 5784 pciide - ok

16:05:49.0460 5784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

16:05:49.0490 5784 pcmcia - ok

16:05:49.0530 5784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

16:05:49.0550 5784 pcw - ok

16:05:49.0650 5784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

16:05:49.0740 5784 PEAUTH - ok

16:05:49.0890 5784 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

16:05:49.0930 5784 PGEffect - ok

16:05:50.0110 5784 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

16:05:50.0200 5784 PptpMiniport - ok

16:05:50.0310 5784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

16:05:50.0360 5784 Processor - ok

16:05:50.0430 5784 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

16:05:50.0520 5784 Psched - ok

16:05:50.0650 5784 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

16:05:50.0680 5784 QIOMem - ok

16:05:50.0860 5784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

16:05:50.0920 5784 ql2300 - ok

16:05:51.0040 5784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

16:05:51.0070 5784 ql40xx - ok

16:05:51.0090 5784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

16:05:51.0130 5784 QWAVEdrv - ok

16:05:51.0170 5784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

16:05:51.0220 5784 RasAcd - ok

16:05:51.0380 5784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

16:05:51.0440 5784 RasAgileVpn - ok

16:05:51.0690 5784 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

16:05:51.0780 5784 Rasl2tp - ok

16:05:51.0950 5784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

16:05:52.0010 5784 RasPppoe - ok

16:05:52.0150 5784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

16:05:52.0230 5784 RasSstp - ok

16:05:52.0370 5784 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

16:05:52.0450 5784 rdbss - ok

16:05:52.0550 5784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

16:05:52.0600 5784 rdpbus - ok

16:05:52.0730 5784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

16:05:52.0810 5784 RDPCDD - ok

16:05:52.0940 5784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

16:05:53.0010 5784 RDPENCDD - ok

16:05:53.0140 5784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

16:05:53.0200 5784 RDPREFMP - ok

16:05:53.0240 5784 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

16:05:53.0290 5784 RDPWD - ok

16:05:53.0400 5784 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

16:05:53.0440 5784 rdyboost - ok

16:05:53.0590 5784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

16:05:53.0680 5784 rspndr - ok

16:05:53.0820 5784 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

16:05:53.0860 5784 RSUSBSTOR - ok

16:05:53.0880 5784 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys

16:05:53.0910 5784 RSUSBVSTOR - ok

16:05:54.0070 5784 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

16:05:54.0130 5784 RTL8192Ce - ok

16:05:54.0200 5784 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

16:05:54.0220 5784 SASDIFSV - ok

16:05:54.0220 5784 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

16:05:54.0240 5784 SASKUTIL - ok

16:05:54.0350 5784 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

16:05:54.0380 5784 sbp2port - ok

16:05:54.0390 5784 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

16:05:54.0450 5784 scfilter - ok

16:05:54.0590 5784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

16:05:54.0650 5784 secdrv - ok

16:05:54.0790 5784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

16:05:54.0840 5784 Serenum - ok

16:05:54.0980 5784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

16:05:55.0030 5784 Serial - ok

16:05:55.0190 5784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

16:05:55.0230 5784 sermouse - ok

16:05:55.0370 5784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

16:05:55.0420 5784 sffdisk - ok

16:05:55.0530 5784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

16:05:55.0570 5784 sffp_mmc - ok

16:05:55.0690 5784 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

16:05:55.0730 5784 sffp_sd - ok

16:05:55.0850 5784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

16:05:55.0900 5784 sfloppy - ok

16:05:56.0070 5784 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

16:05:56.0120 5784 Sftfs - ok

16:05:56.0240 5784 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

16:05:56.0270 5784 Sftplay - ok

16:05:56.0370 5784 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

16:05:56.0410 5784 Sftredir - ok

16:05:56.0430 5784 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

16:05:56.0450 5784 Sftvol - ok

16:05:56.0770 5784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

16:05:56.0800 5784 SiSRaid2 - ok

16:05:56.0850 5784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

16:05:56.0860 5784 SiSRaid4 - ok

16:05:56.0900 5784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

16:05:56.0960 5784 Smb - ok

16:05:57.0100 5784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

16:05:57.0130 5784 spldr - ok

16:05:57.0260 5784 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

16:05:57.0330 5784 srv - ok

16:05:57.0460 5784 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

16:05:57.0540 5784 srv2 - ok

16:05:57.0690 5784 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

16:05:57.0740 5784 SrvHsfHDA - ok

16:05:57.0880 5784 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

16:05:57.0950 5784 SrvHsfV92 - ok

16:05:58.0080 5784 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

16:05:58.0130 5784 SrvHsfWinac - ok

16:05:58.0270 5784 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

16:05:58.0330 5784 srvnet - ok

16:05:58.0480 5784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

16:05:58.0510 5784 stexstor - ok

16:05:58.0640 5784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

16:05:58.0680 5784 swenum - ok

16:05:58.0880 5784 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

16:05:58.0940 5784 SynTP - ok

16:05:59.0120 5784 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

16:05:59.0190 5784 Tcpip - ok

16:05:59.0380 5784 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

16:05:59.0440 5784 TCPIP6 - ok

16:05:59.0560 5784 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

16:05:59.0640 5784 tcpipreg - ok

16:05:59.0790 5784 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

16:05:59.0830 5784 tdcmdpst - ok

16:05:59.0940 5784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

16:06:00.0020 5784 TDPIPE - ok

16:06:00.0130 5784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

16:06:00.0210 5784 TDTCP - ok

16:06:00.0330 5784 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

16:06:00.0390 5784 tdx - ok

16:06:00.0520 5784 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

16:06:00.0550 5784 TermDD - ok

16:06:00.0720 5784 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

16:06:00.0780 5784 tssecsrv - ok

16:06:00.0930 5784 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

16:06:00.0980 5784 TsUsbFlt - ok

16:06:01.0090 5784 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

16:06:01.0150 5784 TsUsbGD - ok

16:06:01.0290 5784 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

16:06:01.0370 5784 tunnel - ok

16:06:01.0530 5784 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:06:01.0560 5784 TVALZ - ok

16:06:01.0670 5784 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

16:06:01.0710 5784 TVALZFL - ok

16:06:01.0840 5784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

16:06:01.0890 5784 uagp35 - ok

16:06:01.0940 5784 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

16:06:02.0010 5784 udfs - ok

16:06:02.0150 5784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

16:06:02.0180 5784 uliagpkx - ok

16:06:02.0270 5784 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

16:06:02.0310 5784 umbus - ok

16:06:02.0470 5784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

16:06:02.0510 5784 UmPass - ok

16:06:02.0620 5784 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

16:06:02.0640 5784 usbccgp - ok

16:06:02.0780 5784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

16:06:02.0830 5784 usbcir - ok

16:06:02.0940 5784 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

16:06:02.0990 5784 usbehci - ok

16:06:03.0130 5784 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

16:06:03.0200 5784 usbhub - ok

16:06:03.0310 5784 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

16:06:03.0400 5784 usbohci - ok

16:06:03.0510 5784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

16:06:03.0560 5784 usbprint - ok

16:06:03.0680 5784 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

16:06:03.0750 5784 USBSTOR - ok

16:06:03.0870 5784 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

16:06:03.0910 5784 usbuhci - ok

16:06:04.0050 5784 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

16:06:04.0080 5784 usbvideo - ok

16:06:04.0200 5784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

16:06:04.0230 5784 vdrvroot - ok

16:06:04.0380 5784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

16:06:04.0420 5784 vga - ok

16:06:04.0530 5784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

16:06:04.0590 5784 VgaSave - ok

16:06:04.0710 5784 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

16:06:04.0750 5784 vhdmp - ok

16:06:04.0860 5784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

16:06:04.0880 5784 viaide - ok

16:06:04.0990 5784 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

16:06:05.0010 5784 volmgr - ok

16:06:05.0130 5784 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

16:06:05.0160 5784 volmgrx - ok

16:06:05.0270 5784 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

16:06:05.0300 5784 volsnap - ok

16:06:05.0430 5784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

16:06:05.0470 5784 vsmraid - ok

16:06:05.0490 5784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

16:06:05.0530 5784 vwifibus - ok

16:06:05.0640 5784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

16:06:05.0710 5784 vwififlt - ok

16:06:05.0840 5784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

16:06:05.0890 5784 WacomPen - ok

16:06:06.0020 5784 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

16:06:06.0120 5784 WANARP - ok

16:06:06.0140 5784 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

16:06:06.0190 5784 Wanarpv6 - ok

16:06:06.0320 5784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

16:06:06.0360 5784 Wd - ok

16:06:06.0400 5784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

16:06:06.0430 5784 Wdf01000 - ok

16:06:06.0560 5784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

16:06:06.0620 5784 WfpLwf - ok

16:06:06.0660 5784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

16:06:06.0670 5784 WIMMount - ok

16:06:06.0820 5784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

16:06:06.0850 5784 WmiAcpi - ok

16:06:06.0990 5784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

16:06:07.0050 5784 ws2ifsl - ok

16:06:07.0170 5784 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

16:06:07.0250 5784 WudfPf - ok

16:06:07.0380 5784 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

16:06:07.0470 5784 WUDFRd - ok

16:06:07.0500 5784 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0

16:06:07.0540 5784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

16:06:07.0540 5784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

16:06:08.0260 5784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:06:08.0260 5784 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:06:08.0300 5784 Boot (0x1200) (4124e21a58780cad6e982fcc688fbafb) \Device\Harddisk0\DR0\Partition0

16:06:08.0300 5784 \Device\Harddisk0\DR0\Partition0 - ok

16:06:08.0300 5784 ============================================================

16:06:08.0300 5784 Scan finished

16:06:08.0300 5784 ============================================================

16:06:08.0320 4036 Detected object count: 2

16:06:08.0320 4036 Actual detected object count: 2

16:06:52.0020 4036 \Device\Harddisk0\DR0\# - copied to quarantine

16:06:52.0020 4036 \Device\Harddisk0\DR0 - copied to quarantine

16:06:54.0070 4036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:06:54.0320 4036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

16:06:54.0410 4036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

16:06:54.0600 4036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

16:06:54.0730 4036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

16:06:57.0680 4036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

16:06:57.0840 4036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

16:06:57.0890 4036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

16:06:57.0900 4036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

16:06:57.0960 4036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

16:06:57.0970 4036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

16:06:58.0120 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

16:06:58.0120 4036 \Device\Harddisk0\DR0 - ok

16:06:58.0610 4036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:06:58.0610 4036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:07:58.0681 2320 Deinitialize success

And after the cure, microsoft security essentials detected threats from the quarantined files, should I just ignore that?

MrCharlie · March 17, 2012

And after the cure, microsoft security essentials detected threats from the quarantined files, should I just ignore that?

Yes

--------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

icog · March 18, 2012

ComboFix 12-03-17.01 - guon 03/17/2012 16:56:41.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2535.1507 [GMT -7:00]

Running from: c:\users\guon\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\guon\AppData\Roaming\mIRC\logs\status.log

c:\windows\svchost.exe

.

((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))

.

2012-03-18 00:06 . 2012-03-18 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-17 23:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA4D9D03-84A5-4E71-A767-16FAC6D0B4CC}\mpengine.dll

2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-17 22:31 . 2012-03-17 22:31 -------- d-----w- c:\users\guon\AppData\Local\Diagnostics

2012-03-17 04:17 . 2012-03-17 04:17 -------- d-----w- c:\users\guon\AppData\Local\Adobe

2012-03-14 12:15 . 2012-03-14 14:22 -------- d-----w- c:\windows\Microsoft Antimalware

2012-03-14 12:15 . 2012-03-14 12:15 -------- d-----w- c:\windows\Windows Defender Offline

2012-03-14 10:59 . 2012-03-14 10:59 -------- d-----w- C:\77dfcb876f953fe5af21558b3a67713d

2012-03-14 07:11 . 2012-03-14 08:19 -------- d-----w- c:\program files\CCleaner

2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7D0.tmp

2012-03-14 06:26 . 2012-03-14 06:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F7BF.tmp

2012-03-05 23:39 . 2012-03-05 23:39 -------- d-----w- c:\users\guon\jagexcache

2012-03-05 23:33 . 2012-03-05 23:33 -------- d-----w- c:\windows\system32\Macromed

2012-02-25 10:16 . 2012-02-25 10:16 0 ----a-w- c:\windows\SysWow64\sho45D9.tmp

2012-02-25 09:55 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-25 09:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-25 09:55 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-25 09:55 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-25 09:55 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-25 09:54 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-25 09:54 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-25 09:54 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-25 07:58 . 2011-12-06 01:39 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-02-25 07:57 . 2012-02-25 07:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2202123-A88F-4B6F-8E9F-0FBCD97DA295}\gapaengine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-05 23:33 . 2011-07-27 01:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-08 07:13 . 2011-12-07 07:05 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-20 13:10 . 2011-12-20 13:10 0 ----a-w- c:\windows\SysWow64\sho99FC.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-06 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-26 336384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-06-28 828856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 09:41]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mail.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\guon\AppData\Roaming\Mozilla\Firefox\Profiles\evhns1a8.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-17 17:23:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-18 00:23

.

Pre-Run: 241,738,182,656 bytes free

Post-Run: 241,325,166,592 bytes free

.

- - End Of File - - DB69AA01DC6408B2993EB89701F99DB9

Now I can't open any of my files/programs at all, is that normal?

I get a "Illegal operation attempted on a registry key that has been marked for deletion" message.

icog · March 18, 2012

Now I can't open any of my files/programs at all, is that normal?
I get a "Illegal operation attempted on a registry key that has been marked for deletion" message.

Never mind this, a restart got everything to work.

MrCharlie · March 18, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

icog · March 18, 2012

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.18.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

guon :: GUON-PC [administrator]

3/18/2012 4:40:08 PM

mbam-log-2012-03-18 (16-40-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 194108

Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · March 18, 2012

How is t now?? MrC

icog · March 19, 2012

Seems to be fine, I havent had any problems yet.

Could you possibly give me some tips/advice on what programs are good for real time protection so this does not happen again?

Thanks a lot for your help

MrCharlie · March 19, 2012

Good, a little cleanup to do:

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

---------------------

You have older versions of Java on the system that are vulnerable to malware:

Please go to your control panels add/remove programs and uninstall these:

Java Auto Updater

Java™ 6 Update 25

Then download and install the latest version: Java™ 6 Update 31

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

icog · March 20, 2012

Will try the things in the preventive maintenance, thanks.

And thanks again for all your help.

Maurice Naggar · March 20, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Google results redirected and svchost trojan unable to be deleted

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information