Jump to content


Photo
- - - - -

svchost.exe trojan.agent removal issues


  • This topic is locked This topic is locked
9 replies to this topic

#1 CaiBone

CaiBone

    New Member

  • Members
  • Pip
  • 5 posts

Posted 11 March 2012 - 05:01 PM

I first started noticing that there was some sort of issue with my laptop quite recently due to my browser and gaming being choppy and slow. After scanning my laptop with Malwarebytes, I noticed that it picked up two trojans that both had relations to svchost.exe.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Josh at 16:54:03 on 2012-03-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1471 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D458837D-069C-404D-8972-33512EE45DCC} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ponm2y5r.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-29 98208]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-2-6 748440]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-29 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-29 1817088]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-2-7 161432]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-11 20:32:10 20480 ----a-w- C:\Windows\svchost.exe
2012-03-11 17:46:46 -------- d-----w- C:\Users\Josh\AppData\Local\{66937F6F-F7AD-4B5F-B5BB-F2EEC7F4D700}
2012-03-11 17:46:30 -------- d-----w- C:\Users\Josh\AppData\Local\{1653D78A-2264-4A47-89DE-F790EBDC989F}
2012-03-10 18:56:02 0 ----a-w- C:\Windows\SysWow64\shoA0F.tmp
2012-03-10 18:23:14 -------- d-----w- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-03-10 18:22:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-10 18:22:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-10 16:34:48 -------- d-----w- C:\Users\Josh\AppData\Roaming\PCPro
2012-03-10 16:34:48 -------- d-----w- C:\Users\Josh\AppData\Roaming\PC Cleaners
2012-03-10 16:34:40 5276432 ----a-w- C:\Windows\uninst.exe
2012-03-10 16:34:37 -------- d-----w- C:\ProgramData\PC1Data
2012-03-10 16:23:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-10 16:23:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-10 16:18:35 -------- d-----w- C:\Users\Josh\AppData\Local\SvchostViewer
2012-03-10 16:05:02 -------- d-----w- C:\Users\Josh\AppData\Roaming\Moonchild Productions
2012-03-10 16:04:36 -------- d-----w- C:\Program Files (x86)\Pale Moon
2012-03-10 12:37:43 -------- d-----w- C:\Users\Josh\AppData\Local\{D49B439D-46AB-4D44-AC37-5E8E830381B3}
2012-03-10 12:37:04 -------- d-----w- C:\Users\Josh\AppData\Local\{DFF40EC8-DBC4-4B61-897C-E8F48895315E}
2012-03-09 18:49:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BAEDD24-587D-49EA-9334-3F05EAA635E1}\offreg.dll
2012-03-09 18:08:45 -------- d-----w- C:\Users\Josh\AppData\Local\{38D0920E-EB46-4052-875A-84745EBA7057}
2012-03-09 18:08:06 -------- d-----w- C:\Users\Josh\AppData\Local\{EE8C08AD-F35C-4BFA-A4A0-C4933FD70C89}
2012-03-09 17:44:25 -------- d-----w- C:\Fraps
2012-03-08 22:25:13 -------- d-----w- C:\Users\Josh\AppData\Local\{E91FBEF8-9C02-414E-90AF-BAB76EF6BAFA}
2012-03-08 22:24:59 -------- d-----w- C:\Users\Josh\AppData\Local\{2DBE4F96-1463-48DC-8FE7-38FD4FF78E27}
2012-03-08 21:05:14 -------- d-----w- C:\Users\Josh\AppData\Local\Mozilla
2012-03-08 10:23:27 -------- d-----w- C:\Users\Josh\AppData\Local\{3BFBCF1F-F480-4E4C-8DBD-8AFE1ED00C55}
2012-03-07 15:58:50 -------- d-----w- C:\Users\Josh\AppData\Local\{78C3B355-E8B2-4974-A4A8-F8A9690528F2}
2012-03-07 03:58:20 -------- d-----w- C:\Users\Josh\AppData\Local\{C4B8E71E-AD1B-4D66-A740-2EA189D91324}
2012-03-06 15:57:48 -------- d-----w- C:\Users\Josh\AppData\Local\{D5D905B0-7355-4907-AEA3-03C7E6B33C29}
2012-03-06 03:57:18 -------- d-----w- C:\Users\Josh\AppData\Local\{D598D131-6E2E-4CFA-8211-B37F066A59D2}
2012-03-06 03:57:05 -------- d-----w- C:\Users\Josh\AppData\Local\{E0678164-C448-4EEA-846A-A11A0A3F791A}
2012-03-05 15:56:33 -------- d-----w- C:\Users\Josh\AppData\Local\{36A37A98-A583-4C01-90B8-85101F8E7E44}
2012-03-05 15:56:21 -------- d-----w- C:\Users\Josh\AppData\Local\{7D7BF16F-36CB-4357-86EF-E213CF4F674A}
2012-03-05 03:56:05 -------- d-----w- C:\Users\Josh\AppData\Local\{B3561622-0611-42FC-83FD-90F8A2448F31}
2012-03-05 03:55:53 -------- d-----w- C:\Users\Josh\AppData\Local\{20E04D63-51F0-49CF-8CAE-987303FC3E30}
2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-03-04 21:04:35 -------- d-----w- C:\Users\Josh\AppData\Local\CyberLink
2012-03-04 20:50:08 -------- d-----r- C:\Program Files (x86)\Skype
2012-03-04 15:55:36 -------- d-----w- C:\Users\Josh\AppData\Local\{6C45F3B7-46F4-470E-830E-D715D1E2E3A9}
2012-03-04 15:55:24 -------- d-----w- C:\Users\Josh\AppData\Local\{3C000DD0-06E8-4B21-9C4D-5B65BABDE24D}
2012-03-04 05:58:17 -------- d-----w- C:\Users\Josh\AppData\Roaming\AVG2012
2012-03-04 05:57:00 -------- d--h--w- C:\ProgramData\Common Files
2012-03-04 05:56:18 -------- d-----w- C:\ProgramData\AVG2012
2012-03-04 05:55:00 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-04 05:48:46 -------- d-----w- C:\ProgramData\MFAData
2012-03-04 05:37:23 -------- d-----r- C:\Sandbox
2012-03-04 01:26:57 -------- d-----w- C:\Users\Josh\AppData\Local\{5C1FE856-965F-4118-9AE0-0E13A0EA077F}
2012-03-04 01:26:46 -------- d-----w- C:\Users\Josh\AppData\Local\{6FA8289E-4FE2-4EF4-BFC4-B0CDDF182743}
2012-03-03 13:26:29 -------- d-----w- C:\Users\Josh\AppData\Local\{DF016CB9-4D2D-42C5-9A97-71E2DFC66D6D}
2012-03-03 13:26:16 -------- d-----w- C:\Users\Josh\AppData\Local\{9AEB4F4B-0AFE-4E9C-8EA8-02C524938BCD}
2012-03-03 10:10:32 -------- d-----w- C:\Users\Josh\VirtualBox VMs
2012-03-03 10:09:53 -------- d-----w- C:\Users\Josh\.VirtualBox
2012-03-03 10:07:46 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-03-03 10:07:34 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-03-03 01:25:49 -------- d-----w- C:\Users\Josh\AppData\Local\{12A1AD41-BA4E-4A50-9621-6743EE6B97D6}
2012-03-03 01:25:37 -------- d-----w- C:\Users\Josh\AppData\Local\{5689B987-6BBD-4B99-9C37-B15C734BAC9A}
2012-03-02 13:24:12 -------- d-----w- C:\Users\Josh\AppData\Local\{B58BDE50-482A-4162-90D0-937E40E2ECE1}
2012-03-02 13:24:00 -------- d-----w- C:\Users\Josh\AppData\Local\{D0629616-8807-48F2-B25F-AC04DAD4E6ED}
2012-03-02 01:23:45 -------- d-----w- C:\Users\Josh\AppData\Local\{069606B8-7478-49B8-BDF4-99442BE93D31}
2012-03-02 01:23:32 -------- d-----w- C:\Users\Josh\AppData\Local\{4C14C23B-5CFE-4061-99C4-2E6ACBCE1CA1}
2012-03-02 00:33:52 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-03-01 22:11:48 -------- d-----w- C:\Users\Josh\AppData\Local\SoftGrid Client
2012-03-01 22:11:47 -------- d-----w- C:\Users\Josh\AppData\Roaming\SoftGrid Client
2012-03-01 22:10:55 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-01 22:10:40 -------- d-----w- C:\Users\Josh\AppData\Roaming\TP
2012-02-29 02:40:52 -------- d-----w- C:\Users\Josh\Adobe Photoshop CS5.1
2012-02-29 02:39:03 -------- d-----w- C:\Users\Josh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-29 02:38:57 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-02-29 02:35:03 -------- d-----w- C:\Users\Josh\AppData\Local\{AD60CBA7-3E6A-4EB3-A83D-35C3DF039669}
2012-02-29 02:34:49 -------- d-----w- C:\Users\Josh\AppData\Local\{DEFF413A-08E0-462F-89B2-5E3F2593D04C}
2012-02-27 23:24:22 -------- d-----w- C:\Users\Josh\AppData\Local\{F4580F31-F553-41E5-BA53-E3C5F55B80C4}
2012-02-27 23:24:09 -------- d-----w- C:\Users\Josh\AppData\Local\{2065CEC6-2683-43A8-93D1-4D04E28ECB48}
2012-02-27 06:16:06 -------- d-----w- C:\Program Files\Sandboxie
2012-02-27 01:01:31 -------- d-----w- C:\Users\Josh\AppData\Local\{05228502-7B57-4C49-AA8B-EDBCED1DF0B1}
2012-02-27 01:01:19 -------- d-----w- C:\Users\Josh\AppData\Local\{5129E6C1-5D2E-40F7-9990-9ECD10AB846A}
2012-02-27 00:56:48 -------- d-----w- C:\Users\Josh\AppData\Local\{57F78409-1670-4A74-882F-64C367DC4D94}
2012-02-27 00:51:05 -------- d-----w- C:\Users\Josh\AppData\Local\{96A6534C-3DB1-40AF-AF65-609A2515D925}
2012-02-25 13:19:12 -------- d-----w- C:\Users\Josh\AppData\Local\{99789772-387D-4C79-BBF4-E23200AD4B84}
2012-02-25 13:18:59 -------- d-----w- C:\Users\Josh\AppData\Local\{4949208C-D009-4B9D-851B-0D638663539D}
2012-02-24 23:17:20 -------- d-----w- C:\Users\Josh\AppData\Local\{51428EC6-B7F4-4528-AC45-C0EB0C28C367}
2012-02-24 23:17:06 -------- d-----w- C:\Users\Josh\AppData\Local\{733FB9CB-09F8-4806-A8A6-AB63A66F3727}
2012-02-24 18:22:11 -------- d-----w- C:\Users\Josh\AppData\Local\CrashDumps
2012-02-24 18:21:57 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-02-24 18:21:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-24 07:14:28 -------- d-----w- C:\Users\Josh\AppData\Local\{21F2042B-3B05-4557-8745-86E34F24D8E6}
2012-02-24 07:14:16 -------- d-----w- C:\Users\Josh\AppData\Local\{0D078EEA-D294-4453-AB70-937FBDAFF8AD}
2012-02-23 19:14:01 -------- d-----w- C:\Users\Josh\AppData\Local\{6DFDC075-BBD1-4C09-BFFD-A26FDB7438E6}
2012-02-23 19:13:49 -------- d-----w- C:\Users\Josh\AppData\Local\{04636A87-F3B6-4AE9-B67F-0F47F64BFDC2}
2012-02-23 06:09:17 -------- d-----w- C:\Users\Josh\AppData\Local\{41E94126-270D-4D68-8FDB-2860056953B5}
2012-02-23 06:08:56 -------- d-----w- C:\Users\Josh\AppData\Local\{1B31417A-2EED-4C4A-9D4B-CC55B72F45B7}
2012-02-22 17:36:40 -------- d-----w- C:\Users\Josh\AppData\Local\{0A2A4226-1B6D-4CED-A163-B240215C7DF8}
2012-02-22 17:36:24 -------- d-----w- C:\Users\Josh\AppData\Local\{897019EC-0425-4FA5-9591-CFE07B3F271B}
2012-02-22 02:59:27 -------- d-----w- C:\Users\Josh\AppData\Local\{475A71A1-77C2-4C5A-8AEF-0E69E08E4C82}
2012-02-22 02:59:08 -------- d-----w- C:\Users\Josh\AppData\Local\{1C8D27BE-0CF6-4DFA-A6A2-6BE142145B77}
2012-02-21 14:58:51 -------- d-----w- C:\Users\Josh\AppData\Local\{D9A9DD5B-E54E-49D0-B78E-558AD947BCB1}
2012-02-21 14:58:39 -------- d-----w- C:\Users\Josh\AppData\Local\{94D61C80-676C-4109-9BF9-509792162E61}
2012-02-21 02:58:23 -------- d-----w- C:\Users\Josh\AppData\Local\{27D11705-83B1-4E86-AAEB-34DA610884B3}
2012-02-20 14:58:13 -------- d-----w- C:\Users\Josh\AppData\Local\{958036B8-F48E-45F2-926A-CF08C1601780}
2012-02-19 23:17:30 -------- d-----w- C:\Users\Josh\AppData\Local\{2E9BB19C-D6D5-44AB-8A4E-2310B683431A}
2012-02-19 23:17:18 -------- d-----w- C:\Users\Josh\AppData\Local\{0A94583D-117D-44BE-B2E9-1C4490BC8A97}
2012-02-19 11:16:48 -------- d-----w- C:\Users\Josh\AppData\Local\{4B76EBF3-D73B-4A80-A1D5-7E9590B92F40}
2012-02-19 11:16:27 -------- d-----w- C:\Users\Josh\AppData\Local\{E1F483FC-0DED-4651-83AD-4B3A415307DA}
2012-02-18 17:45:08 -------- d-----w- C:\Users\Josh\AppData\Local\{13959802-FB66-41B5-8C4F-26AD13D099C3}
2012-02-18 17:44:55 -------- d-----w- C:\Users\Josh\AppData\Local\{94EC5C52-797A-4F90-9E1F-5CD9FDD816DD}
2012-02-18 05:40:18 -------- d-----w- C:\Users\Josh\AppData\Local\{19B3F9FD-F4BD-43B0-B195-56BB0B5D1D9C}
2012-02-18 05:40:06 -------- d-----w- C:\Users\Josh\AppData\Local\{568C2232-4699-47E6-9600-785090AAC5D1}
2012-02-17 17:39:35 -------- d-----w- C:\Users\Josh\AppData\Local\{48CEC8F7-4705-4CF1-A765-B3FF9472EA03}
2012-02-17 17:39:22 -------- d-----w- C:\Users\Josh\AppData\Local\{9900846B-5CCE-4A35-AC00-0D427F20EBD4}
2012-02-17 05:38:52 -------- d-----w- C:\Users\Josh\AppData\Local\{54433E87-553A-44CD-BCCB-8C0F7208B1FD}
2012-02-17 05:38:38 -------- d-----w- C:\Users\Josh\AppData\Local\{E77CE1B2-A193-4E56-A954-B923B89149D2}
2012-02-17 04:39:09 -------- d-----w- C:\Users\Josh\eligium_v0_92_10_13_en
2012-02-16 17:38:09 -------- d-----w- C:\Users\Josh\AppData\Local\{714C97A4-CF45-48E2-A8F7-14D210B559B7}
2012-02-16 17:37:55 -------- d-----w- C:\Users\Josh\AppData\Local\{12707CEA-1AE6-488A-84CF-02FB10AB0D7D}
2012-02-16 16:04:35 -------- d-----w- C:\Users\Josh\eligium_0_90_1_en
2012-02-16 16:04:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\FOG Downloader
2012-02-16 05:37:26 -------- d-----w- C:\Users\Josh\AppData\Local\{A15E489D-100A-4A03-8155-5877E8C4D810}
2012-02-16 05:37:12 -------- d-----w- C:\Users\Josh\AppData\Local\{B7AEAEAA-F6C7-441B-BB3B-6BD85E5EB870}
2012-02-16 04:37:55 -------- d-----w- C:\Users\Josh\AppData\Local\{7BD76EDB-51C0-465B-B190-34537B549E3B}
2012-02-15 15:07:07 -------- d-----w- C:\Users\Josh\AppData\Local\{EDC53180-C987-47A4-8026-57187579C182}
2012-02-15 15:06:53 -------- d-----w- C:\Users\Josh\AppData\Local\{8EED2090-A417-451A-937D-5ADA74542499}
2012-02-15 03:06:39 -------- d-----w- C:\Users\Josh\AppData\Local\{A9B8CD7E-D647-4A75-BE9B-6EF30D519415}
2012-02-15 03:06:26 -------- d-----w- C:\Users\Josh\AppData\Local\{AD7517B4-9F10-4675-80A3-91F6B384B61D}
2012-02-14 15:06:09 -------- d-----w- C:\Users\Josh\AppData\Local\{B5AFD743-49A9-4156-B795-79381D663079}
2012-02-14 15:05:50 -------- d-----w- C:\Users\Josh\AppData\Local\{FF0914E6-19D4-45A3-8B85-48E8BAF2C03E}
2012-02-14 03:05:34 -------- d-----w- C:\Users\Josh\AppData\Local\{26D15584-EF02-4F2F-8F8F-12030E57F349}
2012-02-14 03:05:20 -------- d-----w- C:\Users\Josh\AppData\Local\{C430A3DF-52D3-4EB0-AC9B-6BF0FC9FA3BA}
2012-02-13 15:04:52 -------- d-----w- C:\Users\Josh\AppData\Local\{7EB52B0D-B171-45C2-9B20-D8C8B3E6ABE2}
2012-02-13 15:04:40 -------- d-----w- C:\Users\Josh\AppData\Local\{5CCA2265-5192-42CB-9A51-3E769CD1EC71}
2012-02-13 14:30:22 -------- d-----w- C:\Program Files (x86)\mwfre
2012-02-13 14:28:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\MCS2Launcher
2012-02-13 03:04:13 -------- d-----w- C:\Users\Josh\AppData\Local\{7FC0B2B6-A2F5-4A9F-B07A-7758873A8316}
2012-02-13 03:04:01 -------- d-----w- C:\Users\Josh\AppData\Local\{84B9950E-C393-4B0A-92FF-9916142B3B8B}
2012-02-12 15:03:32 -------- d-----w- C:\Users\Josh\AppData\Local\{0E9923FF-8485-4248-9302-8066260963FB}
2012-02-12 15:03:20 -------- d-----w- C:\Users\Josh\AppData\Local\{3357A0CC-B5F4-4657-90F7-7DA6DAC347C7}
2012-02-12 03:02:59 -------- d-----w- C:\Users\Josh\AppData\Local\{CCC3BE17-C6FB-41F4-9FBD-B5BBFCC0A4CB}
2012-02-12 03:02:35 -------- d-----w- C:\Users\Josh\AppData\Local\{E3C1A6F0-EA3B-47F7-8C08-F07543717E14}
2012-02-10 23:19:00 -------- d-----w- C:\Users\Josh\AppData\Local\{6E968A5C-8A6A-4145-B7C8-3B1616ACE857}
.
==================== Find3M ====================
.
2012-02-02 20:43:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 19:45:22 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-12-17 01:21:22 31576 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
.
============= FINISH: 16:55:41.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2012 3:34:48 PM
System Uptime: 3/11/2012 3:30:44 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3676
Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 249.869 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.692 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Bandisoft MPEG-1 Decoder
Bing Bar
Blio
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
D3DX10
Energy Star Digital Logo
ESU for Microsoft Windows 7
Fraps (remove only)
Game Booster 3
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
IObit Toolbar v5.0
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Mabinogi
Malwarebytes Anti-Malware version 1.60.1.1000
MCS2Launcher
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nexon Game Manager
Pale Moon 9.2 (x86 en-US)
Pando Media Booster
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Skype™ 4.2
Smart Defrag 2
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 9:06:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a833a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-32651-01.
3/8/2012 9:05:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
3/8/2012 4:22:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.
3/8/2012 3:26:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
3/11/2012 3:30:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/11/2012 3:05:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/11/2012 3:05:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/11/2012 3:05:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/11/2012 3:04:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 3:03:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 2:04:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2012 2:03:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
3/10/2012 11:19:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/10/2012 11:09:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/10/2012 1:08:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================



I was confused since this thread http://forums.malwar...?showtopic=9573 said include both, but the log said not to post the second one unless it was instructed to.

've tried recently updating my computer just to make sure it's not an infection or anything, it's still taking up 99-100% of my CPU while MBAM claims there's two trojans under the "svchost.exe" name. Any and all help will be appreciated. Thank you. :)

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 13 March 2012 - 03:56 PM

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".



DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.



Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 CaiBone

CaiBone

    New Member

  • Members
  • Pip
  • 5 posts

Posted 14 March 2012 - 10:56 AM

Thank you for the welcome.


10:49:12.0158 1088 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
10:49:12.0564 1088 ============================================================
10:49:12.0564 1088 Current date / time: 2012/03/14 10:49:12.0564
10:49:12.0564 1088 SystemInfo:
10:49:12.0564 1088
10:49:12.0564 1088 OS Version: 6.1.7601 ServicePack: 1.0
10:49:12.0564 1088 Product type: Workstation
10:49:12.0564 1088 ComputerName: JOSH-HP
10:49:12.0564 1088 UserName: Josh
10:49:12.0564 1088 Windows directory: C:\Windows
10:49:12.0564 1088 System windows directory: C:\Windows
10:49:12.0564 1088 Running under WOW64
10:49:12.0564 1088 Processor architecture: Intel x64
10:49:12.0564 1088 Number of processors: 2
10:49:12.0564 1088 Page size: 0x1000
10:49:12.0564 1088 Boot type: Normal boot
10:49:12.0564 1088 ============================================================
10:49:13.0999 1088 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:49:14.0014 1088 \Device\Harddisk0\DR0:
10:49:14.0014 1088 MBR used
10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2386C800
10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D0800, BlocksNum 0x1B2A000
10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
10:49:14.0264 1088 Initialize success
10:49:14.0264 1088 ============================================================
10:49:33.0358 0296 ============================================================
10:49:33.0358 0296 Scan started
10:49:33.0358 0296 Mode: Manual; SigCheck; TDLFS;
10:49:33.0358 0296 ============================================================
10:49:36.0166 0296 1394hub - ok
10:49:36.0541 0296 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:49:36.0697 0296 1394ohci - ok
10:49:37.0040 0296 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:49:37.0071 0296 ACPI - ok
10:49:37.0617 0296 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:49:37.0758 0296 AcpiPmi - ok
10:49:38.0070 0296 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:49:38.0163 0296 adp94xx - ok
10:49:38.0397 0296 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:49:38.0413 0296 adpahci - ok
10:49:38.0881 0296 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:49:38.0912 0296 adpu320 - ok
10:49:39.0177 0296 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
10:49:39.0598 0296 AFD - ok
10:49:39.0786 0296 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:49:39.0801 0296 agp440 - ok
10:49:40.0035 0296 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:49:40.0035 0296 aliide - ok
10:49:40.0238 0296 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:49:40.0254 0296 amdide - ok
10:49:40.0441 0296 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:49:40.0472 0296 AmdK8 - ok
10:49:40.0659 0296 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:49:40.0706 0296 AmdPPM - ok
10:49:40.0878 0296 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
10:49:40.0893 0296 amdsata - ok
10:49:41.0190 0296 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:49:41.0268 0296 amdsbs - ok
10:49:41.0502 0296 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
10:49:41.0502 0296 amdxata - ok
10:49:41.0798 0296 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:49:41.0860 0296 AppID - ok
10:49:42.0141 0296 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:49:42.0157 0296 arc - ok
10:49:42.0547 0296 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:49:42.0547 0296 arcsas - ok
10:49:43.0099 0296 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:49:43.0309 0296 AsyncMac - ok
10:49:43.0569 0296 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:49:43.0579 0296 atapi - ok
10:49:44.0049 0296 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:49:44.0199 0296 b06bdrv - ok
10:49:44.0649 0296 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:49:44.0739 0296 b57nd60a - ok
10:49:45.0059 0296 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:49:45.0189 0296 BCM43XX - ok
10:49:45.0489 0296 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:49:45.0559 0296 Beep - ok
10:49:45.0769 0296 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:49:45.0789 0296 blbdrive - ok
10:49:46.0029 0296 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
10:49:46.0069 0296 bowser - ok
10:49:46.0469 0296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:49:46.0519 0296 BrFiltLo - ok
10:49:46.0789 0296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:49:46.0839 0296 BrFiltUp - ok
10:49:47.0519 0296 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:49:47.0709 0296 Brserid - ok
10:49:47.0949 0296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:49:48.0049 0296 BrSerWdm - ok
10:49:48.0455 0296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:49:48.0527 0296 BrUsbMdm - ok
10:49:48.0835 0296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:49:48.0922 0296 BrUsbSer - ok
10:49:49.0451 0296 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:49:49.0514 0296 BTHMODEM - ok
10:49:50.0016 0296 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:49:50.0111 0296 cdfs - ok
10:49:50.0506 0296 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:49:50.0589 0296 cdrom - ok
10:49:51.0171 0296 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:49:51.0253 0296 circlass - ok
10:49:51.0685 0296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:49:51.0716 0296 CLFS - ok
10:49:52.0233 0296 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:49:52.0257 0296 clwvd - ok
10:49:52.0900 0296 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:49:52.0971 0296 CmBatt - ok
10:49:53.0202 0296 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:49:53.0235 0296 cmdide - ok
10:49:53.0662 0296 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:49:53.0751 0296 CNG - ok
10:49:53.0983 0296 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:49:53.0993 0296 Compbatt - ok
10:49:54.0130 0296 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:49:54.0195 0296 CompositeBus - ok
10:49:54.0532 0296 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:49:54.0560 0296 crcdisk - ok
10:49:54.0925 0296 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
10:49:54.0937 0296 dc3d - ok
10:49:55.0199 0296 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:49:55.0276 0296 DfsC - ok
10:49:55.0466 0296 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:49:55.0519 0296 discache - ok
10:49:55.0878 0296 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:49:55.0898 0296 Disk - ok
10:49:56.0184 0296 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:49:56.0567 0296 drmkaud - ok
10:49:57.0196 0296 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:49:57.0229 0296 DXGKrnl - ok
10:49:57.0409 0296 EagleX64 - ok
10:49:57.0736 0296 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:49:57.0897 0296 ebdrv - ok
10:49:58.0391 0296 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:49:58.0416 0296 elxstor - ok
10:49:58.0642 0296 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:49:58.0722 0296 ErrDev - ok
10:49:59.0006 0296 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:49:59.0111 0296 exfat - ok
10:49:59.0299 0296 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:49:59.0405 0296 fastfat - ok
10:49:59.0720 0296 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:49:59.0804 0296 fdc - ok
10:50:00.0145 0296 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:50:00.0176 0296 FileInfo - ok
10:50:00.0578 0296 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:50:00.0669 0296 Filetrace - ok
10:50:00.0905 0296 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:50:00.0935 0296 flpydisk - ok
10:50:01.0122 0296 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:50:01.0159 0296 FltMgr - ok
10:50:01.0411 0296 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:50:01.0441 0296 FsDepends - ok
10:50:01.0665 0296 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
10:50:01.0697 0296 fssfltr - ok
10:50:01.0900 0296 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:50:01.0910 0296 Fs_Rec - ok
10:50:01.0981 0296 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:50:02.0029 0296 fvevol - ok
10:50:02.0188 0296 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:50:02.0210 0296 gagp30kx - ok
10:50:02.0571 0296 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:50:02.0579 0296 GEARAspiWDM - ok
10:50:02.0851 0296 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:50:02.0925 0296 hcw85cir - ok
10:50:03.0167 0296 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:50:03.0208 0296 HdAudAddService - ok
10:50:03.0455 0296 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:50:03.0493 0296 HDAudBus - ok
10:50:03.0677 0296 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:50:03.0723 0296 HidBatt - ok
10:50:04.0026 0296 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:50:04.0068 0296 HidBth - ok
10:50:04.0515 0296 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:50:04.0578 0296 HidIr - ok
10:50:04.0776 0296 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:50:04.0840 0296 HidUsb - ok
10:50:05.0162 0296 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:50:05.0179 0296 HpSAMD - ok
10:50:05.0467 0296 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:50:05.0526 0296 HTTP - ok
10:50:05.0841 0296 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:50:05.0853 0296 hwpolicy - ok
10:50:06.0037 0296 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:50:06.0060 0296 i8042prt - ok
10:50:06.0294 0296 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
10:50:06.0309 0296 iaStor - ok
10:50:06.0705 0296 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
10:50:06.0750 0296 iaStorV - ok
10:50:07.0946 0296 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:50:08.0266 0296 igfx - ok
10:50:08.0627 0296 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:50:08.0643 0296 iirsp - ok
10:50:09.0134 0296 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
10:50:09.0189 0296 IntcAzAudAddService - ok
10:50:09.0540 0296 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:50:09.0587 0296 intelide - ok
10:50:09.0797 0296 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:50:09.0839 0296 intelppm - ok
10:50:10.0053 0296 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:50:10.0105 0296 IpFilterDriver - ok
10:50:10.0256 0296 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:50:10.0371 0296 IPMIDRV - ok
10:50:10.0666 0296 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:50:10.0744 0296 IPNAT - ok
10:50:10.0901 0296 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:50:10.0930 0296 IRENUM - ok
10:50:11.0033 0296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:50:11.0055 0296 isapnp - ok
10:50:11.0166 0296 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:50:11.0195 0296 iScsiPrt - ok
10:50:11.0348 0296 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:50:11.0359 0296 kbdclass - ok
10:50:11.0640 0296 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:50:11.0720 0296 kbdhid - ok
10:50:12.0000 0296 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:50:12.0023 0296 KSecDD - ok
10:50:12.0215 0296 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:50:12.0228 0296 KSecPkg - ok
10:50:12.0736 0296 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:50:12.0815 0296 ksthunk - ok
10:50:13.0093 0296 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:50:13.0155 0296 lltdio - ok
10:50:13.0351 0296 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:50:13.0376 0296 LSI_FC - ok
10:50:13.0561 0296 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:50:13.0583 0296 LSI_SAS - ok
10:50:13.0797 0296 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:50:13.0816 0296 LSI_SAS2 - ok
10:50:14.0191 0296 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:50:14.0221 0296 LSI_SCSI - ok
10:50:14.0683 0296 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:50:14.0755 0296 luafv - ok
10:50:14.0959 0296 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:50:14.0968 0296 MBAMProtector - ok
10:50:15.0245 0296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:50:15.0268 0296 megasas - ok
10:50:15.0662 0296 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:50:15.0698 0296 MegaSR - ok
10:50:16.0036 0296 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:50:16.0157 0296 Modem - ok
10:50:16.0469 0296 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:50:16.0501 0296 monitor - ok
10:50:16.0726 0296 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:50:16.0737 0296 mouclass - ok
10:50:17.0037 0296 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:50:17.0066 0296 mouhid - ok
10:50:17.0196 0296 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:50:17.0208 0296 mountmgr - ok
10:50:17.0370 0296 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:50:17.0384 0296 mpio - ok
10:50:17.0513 0296 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:50:17.0565 0296 mpsdrv - ok
10:50:17.0692 0296 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:50:17.0721 0296 MRxDAV - ok
10:50:17.0962 0296 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:50:18.0020 0296 mrxsmb - ok
10:50:18.0366 0296 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:50:18.0456 0296 mrxsmb10 - ok
10:50:18.0667 0296 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:50:18.0737 0296 mrxsmb20 - ok
10:50:19.0123 0296 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:50:19.0132 0296 msahci - ok
10:50:19.0398 0296 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:50:19.0414 0296 msdsm - ok
10:50:19.0793 0296 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:50:19.0843 0296 Msfs - ok
10:50:20.0371 0296 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:50:20.0471 0296 mshidkmdf - ok
10:50:20.0868 0296 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:50:20.0877 0296 msisadrv - ok
10:50:21.0301 0296 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:50:21.0358 0296 MSKSSRV - ok
10:50:21.0723 0296 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:50:21.0824 0296 MSPCLOCK - ok
10:50:22.0091 0296 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:50:22.0179 0296 MSPQM - ok
10:50:22.0345 0296 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:50:22.0369 0296 MsRPC - ok
10:50:22.0669 0296 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:50:22.0679 0296 mssmbios - ok
10:50:23.0044 0296 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:50:23.0118 0296 MSTEE - ok
10:50:23.0492 0296 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:50:23.0545 0296 MTConfig - ok
10:50:23.0779 0296 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:50:23.0793 0296 Mup - ok
10:50:24.0136 0296 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:50:24.0176 0296 NativeWifiP - ok
10:50:24.0474 0296 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:50:24.0511 0296 NDIS - ok
10:50:24.0791 0296 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:50:24.0856 0296 NdisCap - ok
10:50:25.0202 0296 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:50:25.0297 0296 NdisTapi - ok
10:50:25.0503 0296 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:50:25.0577 0296 Ndisuio - ok
10:50:25.0809 0296 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:50:25.0858 0296 NdisWan - ok
10:50:26.0198 0296 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:50:26.0265 0296 NDProxy - ok
10:50:26.0610 0296 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:50:26.0689 0296 NetBIOS - ok
10:50:26.0972 0296 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:50:27.0078 0296 NetBT - ok
10:50:27.0326 0296 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:50:27.0345 0296 nfrd960 - ok
10:50:27.0638 0296 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:50:27.0715 0296 Npfs - ok
10:50:27.0872 0296 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:50:27.0935 0296 nsiproxy - ok
10:50:28.0163 0296 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
10:50:28.0208 0296 Ntfs - ok
10:50:28.0388 0296 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:50:28.0479 0296 Null - ok
10:50:28.0656 0296 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:50:28.0686 0296 NVENETFD - ok
10:50:28.0833 0296 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
10:50:28.0847 0296 nvraid - ok
10:50:29.0003 0296 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
10:50:29.0029 0296 nvstor - ok
10:50:29.0180 0296 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:50:29.0208 0296 nv_agp - ok
10:50:29.0340 0296 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:50:29.0355 0296 ohci1394 - ok
10:50:29.0612 0296 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:50:29.0644 0296 Parport - ok
10:50:29.0876 0296 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:50:29.0887 0296 partmgr - ok
10:50:30.0142 0296 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:50:30.0162 0296 pci - ok
10:50:30.0370 0296 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:50:30.0404 0296 pciide - ok
10:50:30.0742 0296 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:50:30.0763 0296 pcmcia - ok
10:50:31.0177 0296 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:50:31.0188 0296 pcw - ok
10:50:31.0431 0296 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:50:31.0544 0296 PEAUTH - ok
10:50:32.0017 0296 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:50:32.0083 0296 PptpMiniport - ok
10:50:32.0369 0296 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:50:32.0399 0296 Processor - ok
10:50:32.0583 0296 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:50:32.0626 0296 Psched - ok
10:50:32.0810 0296 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:50:32.0880 0296 ql2300 - ok
10:50:33.0195 0296 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:50:33.0225 0296 ql40xx - ok
10:50:33.0408 0296 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:50:33.0458 0296 QWAVEdrv - ok
10:50:33.0630 0296 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:50:33.0710 0296 RasAcd - ok
10:50:34.0006 0296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:50:34.0057 0296 RasAgileVpn - ok
10:50:34.0289 0296 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:50:34.0340 0296 Rasl2tp - ok
10:50:34.0691 0296 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:50:34.0772 0296 RasPppoe - ok
10:50:35.0151 0296 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:50:35.0221 0296 RasSstp - ok
10:50:35.0467 0296 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:50:35.0528 0296 rdbss - ok
10:50:35.0862 0296 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:50:35.0899 0296 rdpbus - ok
10:50:36.0069 0296 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:50:36.0132 0296 RDPCDD - ok
10:50:36.0447 0296 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:50:36.0507 0296 RDPENCDD - ok
10:50:36.0725 0296 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:50:36.0762 0296 RDPREFMP - ok
10:50:37.0004 0296 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:50:37.0051 0296 RDPWD - ok
10:50:37.0254 0296 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:50:37.0280 0296 rdyboost - ok
10:50:37.0608 0296 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
10:50:37.0619 0296 RSPCIESTOR - ok
10:50:37.0868 0296 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:50:37.0941 0296 rspndr - ok
10:50:38.0230 0296 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:50:38.0244 0296 RTL8167 - ok
10:50:38.0640 0296 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
10:50:38.0665 0296 RTL8192Ce - ok
10:50:38.0954 0296 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:50:38.0960 0296 SASDIFSV - ok
10:50:39.0214 0296 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:50:39.0221 0296 SASKUTIL - ok
10:50:39.0348 0296 SbieDrv (554cb4c2e076cc0960d9e5590e4c7fa5) C:\Program Files\Sandboxie\SbieDrv.sys
10:50:39.0361 0296 SbieDrv - ok
10:50:39.0527 0296 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:50:39.0540 0296 sbp2port - ok
10:50:39.0694 0296 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:50:39.0743 0296 scfilter - ok
10:50:39.0946 0296 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
10:50:39.0989 0296 sdbus - ok
10:50:40.0213 0296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:50:40.0272 0296 secdrv - ok
10:50:40.0556 0296 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:50:40.0591 0296 Serenum - ok
10:50:40.0737 0296 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:50:40.0786 0296 Serial - ok
10:50:41.0255 0296 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:50:41.0302 0296 sermouse - ok
10:50:41.0728 0296 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:50:41.0767 0296 sffdisk - ok
10:50:41.0923 0296 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:50:41.0961 0296 sffp_mmc - ok
10:50:42.0168 0296 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:50:42.0225 0296 sffp_sd - ok
10:50:42.0714 0296 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:50:42.0771 0296 sfloppy - ok
10:50:43.0370 0296 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:50:43.0390 0296 Sftfs - ok
10:50:43.0856 0296 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:50:43.0867 0296 Sftplay - ok
10:50:44.0291 0296 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:50:44.0297 0296 Sftredir - ok
10:50:44.0685 0296 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:50:44.0692 0296 Sftvol - ok
10:50:44.0895 0296 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:50:44.0929 0296 SiSRaid2 - ok
10:50:45.0105 0296 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:50:45.0125 0296 SiSRaid4 - ok
10:50:45.0383 0296 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:50:45.0389 0296 SmartDefragDriver - ok
10:50:45.0690 0296 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:50:45.0753 0296 Smb - ok
10:50:46.0101 0296 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:50:46.0112 0296 spldr - ok
10:50:46.0375 0296 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
10:50:46.0445 0296 srv - ok
10:50:46.0692 0296 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
10:50:46.0754 0296 srv2 - ok
10:50:47.0074 0296 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:50:47.0108 0296 SrvHsfHDA - ok
10:50:47.0741 0296 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:50:47.0858 0296 SrvHsfV92 - ok
10:50:48.0068 0296 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:50:48.0101 0296 SrvHsfWinac - ok
10:50:48.0312 0296 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
10:50:48.0414 0296 srvnet - ok
10:50:48.0718 0296 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:50:48.0739 0296 stexstor - ok
10:50:48.0884 0296 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:50:48.0894 0296 swenum - ok
10:50:49.0120 0296 SynTP (ec4dca6539eb97376f1a1743d209d842) C:\Windows\system32\DRIVERS\SynTP.sys
10:50:49.0152 0296 SynTP - ok
10:50:49.0537 0296 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
10:50:49.0624 0296 Tcpip - ok
10:50:50.0115 0296 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
10:50:50.0157 0296 TCPIP6 - ok
10:50:50.0406 0296 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:50:50.0471 0296 tcpipreg - ok
10:50:50.0862 0296 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:50:50.0971 0296 TDPIPE - ok
10:50:51.0251 0296 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:50:51.0363 0296 TDTCP - ok
10:50:51.0678 0296 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:50:51.0724 0296 tdx - ok
10:50:52.0095 0296 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:50:52.0105 0296 TermDD - ok
10:50:52.0391 0296 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:50:52.0447 0296 tssecsrv - ok
10:50:52.0769 0296 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:50:52.0810 0296 TsUsbFlt - ok
10:50:53.0021 0296 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:50:53.0065 0296 TsUsbGD - ok
10:50:53.0417 0296 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:50:53.0470 0296 tunnel - ok
10:50:53.0666 0296 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:50:53.0692 0296 uagp35 - ok
10:50:54.0005 0296 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:50:54.0144 0296 udfs - ok
10:50:54.0440 0296 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:50:54.0461 0296 uliagpkx - ok
10:50:54.0880 0296 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:50:54.0956 0296 umbus - ok
10:50:55.0215 0296 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:50:55.0242 0296 UmPass - ok
10:50:55.0487 0296 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:50:55.0544 0296 USBAAPL64 - ok
10:50:55.0711 0296 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
10:50:55.0732 0296 usbccgp - ok
10:50:55.0918 0296 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:50:55.0973 0296 usbcir - ok
10:50:56.0163 0296 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
10:50:56.0227 0296 usbehci - ok
10:50:56.0483 0296 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
10:50:56.0530 0296 usbhub - ok
10:50:56.0702 0296 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
10:50:56.0729 0296 usbohci - ok
10:50:57.0165 0296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
10:50:57.0215 0296 usbprint - ok
10:50:57.0492 0296 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:50:57.0538 0296 USBSTOR - ok
10:50:57.0730 0296 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
10:50:57.0762 0296 usbuhci - ok
10:50:58.0033 0296 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:50:58.0053 0296 usbvideo - ok
10:50:58.0267 0296 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:50:58.0278 0296 VBoxNetAdp - ok
10:50:58.0481 0296 VBoxNetFlt - ok
10:50:58.0731 0296 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:50:58.0741 0296 vdrvroot - ok
10:50:59.0057 0296 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:50:59.0089 0296 vga - ok
10:50:59.0400 0296 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:50:59.0473 0296 VgaSave - ok
10:50:59.0859 0296 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:50:59.0885 0296 vhdmp - ok
10:51:00.0226 0296 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:51:00.0245 0296 viaide - ok
10:51:00.0424 0296 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:51:00.0447 0296 volmgr - ok
10:51:00.0900 0296 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:51:00.0937 0296 volmgrx - ok
10:51:01.0470 0296 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:51:01.0497 0296 volsnap - ok
10:51:01.0907 0296 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:51:01.0953 0296 vsmraid - ok
10:51:02.0181 0296 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:51:02.0435 0296 vwifibus - ok
10:51:02.0782 0296 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:51:02.0816 0296 vwififlt - ok
10:51:03.0014 0296 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:51:03.0045 0296 vwifimp - ok
10:51:03.0334 0296 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:51:03.0349 0296 WacomPen - ok
10:51:03.0730 0296 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:03.0840 0296 WANARP - ok
10:51:03.0930 0296 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:03.0970 0296 Wanarpv6 - ok
10:51:04.0380 0296 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:51:04.0403 0296 Wd - ok
10:51:04.0685 0296 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:51:04.0720 0296 Wdf01000 - ok
10:51:05.0071 0296 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:51:05.0124 0296 WfpLwf - ok
10:51:05.0383 0296 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:51:05.0394 0296 WIMMount - ok
10:51:05.0758 0296 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:51:05.0810 0296 WinUsb - ok
10:51:05.0968 0296 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:51:06.0003 0296 WmiAcpi - ok
10:51:06.0308 0296 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:51:06.0358 0296 ws2ifsl - ok
10:51:06.0576 0296 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:51:06.0655 0296 WudfPf - ok
10:51:07.0180 0296 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:07.0244 0296 WUDFRd - ok
10:51:07.0716 0296 X6va005 - ok
10:51:07.0778 0296 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
10:51:07.0823 0296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:51:07.0823 0296 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:51:08.0038 0296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:51:08.0038 0296 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:51:08.0111 0296 Boot (0x1200) (507e807416ebd850e4c474f974754acc) \Device\Harddisk0\DR0\Partition0
10:51:08.0131 0296 \Device\Harddisk0\DR0\Partition0 - ok
10:51:08.0174 0296 Boot (0x1200) (209c31f802055abe95109f1db49143dc) \Device\Harddisk0\DR0\Partition1
10:51:08.0205 0296 \Device\Harddisk0\DR0\Partition1 - ok
10:51:08.0271 0296 Boot (0x1200) (37d09a2ca450c254f28e96d27c0c94f1) \Device\Harddisk0\DR0\Partition2
10:51:08.0275 0296 \Device\Harddisk0\DR0\Partition2 - ok
10:51:08.0354 0296 Boot (0x1200) (0c776de3831cac4a20318ca041035a6f) \Device\Harddisk0\DR0\Partition3
10:51:08.0358 0296 \Device\Harddisk0\DR0\Partition3 - ok
10:51:08.0359 0296 ============================================================
10:51:08.0359 0296 Scan finished
10:51:08.0359 0296 ============================================================
10:51:08.0378 4168 Detected object count: 2
10:51:08.0378 4168 Actual detected object count: 2
10:52:04.0519 4168 \Device\Harddisk0\DR0\# - copied to quarantine
10:52:04.0519 4168 \Device\Harddisk0\DR0 - copied to quarantine
10:52:04.0565 4168 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:52:04.0567 4168 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:52:04.0573 4168 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:52:04.0578 4168 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:52:04.0597 4168 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:52:04.0608 4168 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:52:04.0609 4168 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:52:04.0610 4168 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:52:04.0612 4168 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:52:04.0616 4168 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:52:04.0619 4168 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:52:04.0621 4168 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:52:04.0638 4168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:52:04.0675 4168 \Device\Harddisk0\DR0 - ok
10:52:05.0165 4168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:52:05.0166 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:52:05.0166 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:52:24.0049 3860 Deinitialize success

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 14 March 2012 - 12:11 PM

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 CaiBone

CaiBone

    New Member

  • Members
  • Pip
  • 5 posts

Posted 14 March 2012 - 03:45 PM

ComboFix 12-03-14.01 - Josh 03/14/2012 13:51:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1945 [GMT -5:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 19:02 . 2012-03-14 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 15:52 . 2012-03-14 15:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 20:30 . 2012-03-10 20:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-03-10 20:30 . 2012-03-10 20:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-03-10 18:56 . 2012-03-10 18:56 0 ----a-w- c:\windows\SysWow64\shoA0F.tmp
2012-03-10 18:23 . 2012-03-10 18:23 -------- d-----w- c:\users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-03-10 18:22 . 2012-03-10 18:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-10 18:22 . 2012-03-10 18:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-10 16:34 . 2012-03-10 17:21 -------- d-----w- c:\users\Josh\AppData\Roaming\PCPro
2012-03-10 16:34 . 2012-03-10 16:34 -------- d-----w- c:\users\Josh\AppData\Roaming\PC Cleaners
2012-03-10 16:34 . 2012-03-10 16:20 5276432 ----a-w- c:\windows\uninst.exe
2012-03-10 16:34 . 2012-03-10 16:34 -------- d-----w- c:\programdata\PC1Data
2012-03-10 16:23 . 2012-03-10 16:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-10 16:23 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 16:18 . 2012-03-10 16:18 -------- d-----w- c:\users\Josh\AppData\Local\SvchostViewer
2012-03-10 16:05 . 2012-03-10 16:05 -------- d-----w- c:\users\Josh\AppData\Roaming\Moonchild Productions
2012-03-10 16:04 . 2012-03-11 17:50 -------- d-----w- c:\program files (x86)\Pale Moon
2012-03-09 17:44 . 2012-03-09 17:46 -------- d-----w- C:\Fraps
2012-03-08 21:05 . 2012-03-08 21:05 -------- d-----w- c:\users\Josh\AppData\Local\Mozilla
2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\programdata\CyberLink
2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Public\CyberLink
2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Josh\AppData\Roaming\CyberLink
2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Josh\AppData\Local\CyberLink
2012-03-04 20:50 . 2012-03-09 04:25 -------- d-----w- c:\users\Josh\AppData\Roaming\Skype
2012-03-04 20:50 . 2012-03-04 20:50 -------- d-----r- c:\program files (x86)\Skype
2012-03-04 20:49 . 2012-03-04 20:50 -------- d-----w- c:\programdata\Skype
2012-03-04 05:58 . 2012-03-04 05:58 -------- d-----w- c:\users\Josh\AppData\Roaming\AVG2012
2012-03-04 05:57 . 2012-03-04 05:57 -------- d--h--w- c:\programdata\Common Files
2012-03-04 05:56 . 2012-03-10 16:49 -------- d-----w- c:\programdata\AVG2012
2012-03-04 05:55 . 2012-03-04 05:55 -------- d-----w- c:\program files (x86)\AVG
2012-03-04 05:48 . 2012-03-09 18:48 -------- d-----w- c:\programdata\MFAData
2012-03-04 05:37 . 2012-03-04 05:37 -------- d-----r- C:\Sandbox
2012-03-03 10:10 . 2012-03-03 10:10 -------- d-----w- c:\users\Josh\VirtualBox VMs
2012-03-03 10:09 . 2012-03-03 10:17 -------- d-----w- c:\users\Josh\.VirtualBox
2012-03-03 10:07 . 2011-12-19 19:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-03 10:07 . 2011-12-19 19:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-02 00:33 . 2012-03-02 00:34 -------- d-----w- c:\programdata\VirtualizedApplications
2012-03-01 22:11 . 2012-03-01 22:11 -------- d-----w- c:\users\Josh\AppData\Local\SoftGrid Client
2012-03-01 22:11 . 2012-03-03 20:16 -------- d-----w- c:\users\Josh\AppData\Roaming\SoftGrid Client
2012-03-01 22:10 . 2012-03-01 22:11 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-01 22:10 . 2012-03-01 22:11 -------- d-----w- c:\users\Josh\AppData\Roaming\TP
2012-02-29 02:40 . 2012-02-29 02:44 -------- d-----w- c:\users\Josh\Adobe Photoshop CS5.1
2012-02-29 02:39 . 2012-02-29 02:39 -------- d-----w- c:\users\Josh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-29 02:38 . 2012-02-29 02:38 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-02-29 02:38 . 2012-02-29 02:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-27 06:16 . 2012-02-27 06:16 -------- d-----w- c:\program files\Sandboxie
2012-02-24 18:22 . 2012-03-04 05:45 -------- d-----w- c:\users\Josh\AppData\Local\CrashDumps
2012-02-24 18:21 . 2012-02-24 18:21 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-02-24 18:21 . 2012-02-24 18:21 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 04:39 . 2012-02-17 04:42 -------- d-----w- c:\users\Josh\eligium_v0_92_10_13_en
2012-02-16 16:04 . 2012-02-17 09:04 -------- d-----w- c:\users\Josh\AppData\Roaming\FOG Downloader
2012-02-16 16:04 . 2012-02-16 16:09 -------- d-----w- c:\users\Josh\eligium_0_90_1_en
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 16:09 . 2011-10-29 21:12 1145960 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2012-02-02 20:43 . 2012-02-02 20:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-01 01:22 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 12:39 . 2012-02-01 11:46 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BAEDD24-587D-49EA-9334-3F05EAA635E1}\mpengine.dll
2011-12-19 19:45 . 2011-12-19 19:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-17 01:21 . 2012-02-07 05:24 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 X6va005;X6va005;c:\users\Josh\AppData\Local\Temp\0057F44.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ponm2y5r.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Josh\AppData\Local\Temp\0057F44.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4195352143-2297769381-447194898-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1c,7c,b6,11,6e,4b,db,be,21,8e,57,86,90,1d,c4,b2,66,26,b2,43,6c,
d4,fe,06,20,35,0f,e7,29,cf,56,93,b8,ec,f2,2a,9a,f8,9a,96,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4195352143-2297769381-447194898-1000_Classes\Wow6432Node\CLSID\{95b485a1-ba09-455c-aef8-a03e8319d3b1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,43,c9,d9,ba,9f,76,c1,0e,a3,60,45,c5,f5,2e,74,2e,92,32,65,02,e1,fe,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-03-14 14:29:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-14 19:29
.
Pre-Run: 268,303,921,152 bytes free
Post-Run: 268,349,292,544 bytes free
.
- - End Of File - - AC1A42A4A52B7964A96CA666B5971E4A

Excellent. Before the previous scan things were slow, choppy, and my browser would stop responding frequently. Now everything is pretty smooth as far as I can tell. My computer restarts and boots up faster.

#6 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 14 March 2012 - 03:49 PM

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:
c:\users\Josh\AppData\Local\Temp\0057F44.tmp

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.
http://virusscan.jotti.org
http://www.kaspersky...anforvirus.html
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 CaiBone

CaiBone

    New Member

  • Members
  • Pip
  • 5 posts

Posted 15 March 2012 - 12:32 PM

Hmmm. I can't seem to find that file.

#8 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 March 2012 - 01:54 PM

To enable the viewing of hidden and protected system files in Windows 7 please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 18 March 2012 - 06:32 PM

Do you still need help with this?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 21 March 2012 - 03:20 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users