CaiBone

svchost.exe trojan.agent removal issues

10 posts in this topic

I first started noticing that there was some sort of issue with my laptop quite recently due to my browser and gaming being choppy and slow. After scanning my laptop with Malwarebytes, I noticed that it picked up two trojans that both had relations to svchost.exe.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Josh at 16:54:03 on 2012-03-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1471 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll

mWinlogon: Userinit=userinit.exe,

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D458837D-069C-404D-8972-33512EE45DCC} : DhcpNameServer = 192.168.1.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ponm2y5r.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-29 98208]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-2-6 748440]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-29 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-29 1817088]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-2-7 161432]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-11 20:32:10 20480 ----a-w- C:\Windows\svchost.exe

2012-03-11 17:46:46 -------- d-----w- C:\Users\Josh\AppData\Local\{66937F6F-F7AD-4B5F-B5BB-F2EEC7F4D700}

2012-03-11 17:46:30 -------- d-----w- C:\Users\Josh\AppData\Local\{1653D78A-2264-4A47-89DE-F790EBDC989F}

2012-03-10 18:56:02 0 ----a-w- C:\Windows\SysWow64\shoA0F.tmp

2012-03-10 18:23:14 -------- d-----w- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com

2012-03-10 18:22:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-10 18:22:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-10 16:34:48 -------- d-----w- C:\Users\Josh\AppData\Roaming\PCPro

2012-03-10 16:34:48 -------- d-----w- C:\Users\Josh\AppData\Roaming\PC Cleaners

2012-03-10 16:34:40 5276432 ----a-w- C:\Windows\uninst.exe

2012-03-10 16:34:37 -------- d-----w- C:\ProgramData\PC1Data

2012-03-10 16:23:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-10 16:23:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-10 16:18:35 -------- d-----w- C:\Users\Josh\AppData\Local\SvchostViewer

2012-03-10 16:05:02 -------- d-----w- C:\Users\Josh\AppData\Roaming\Moonchild Productions

2012-03-10 16:04:36 -------- d-----w- C:\Program Files (x86)\Pale Moon

2012-03-10 12:37:43 -------- d-----w- C:\Users\Josh\AppData\Local\{D49B439D-46AB-4D44-AC37-5E8E830381B3}

2012-03-10 12:37:04 -------- d-----w- C:\Users\Josh\AppData\Local\{DFF40EC8-DBC4-4B61-897C-E8F48895315E}

2012-03-09 18:49:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BAEDD24-587D-49EA-9334-3F05EAA635E1}\offreg.dll

2012-03-09 18:08:45 -------- d-----w- C:\Users\Josh\AppData\Local\{38D0920E-EB46-4052-875A-84745EBA7057}

2012-03-09 18:08:06 -------- d-----w- C:\Users\Josh\AppData\Local\{EE8C08AD-F35C-4BFA-A4A0-C4933FD70C89}

2012-03-09 17:44:25 -------- d-----w- C:\Fraps

2012-03-08 22:25:13 -------- d-----w- C:\Users\Josh\AppData\Local\{E91FBEF8-9C02-414E-90AF-BAB76EF6BAFA}

2012-03-08 22:24:59 -------- d-----w- C:\Users\Josh\AppData\Local\{2DBE4F96-1463-48DC-8FE7-38FD4FF78E27}

2012-03-08 21:05:14 -------- d-----w- C:\Users\Josh\AppData\Local\Mozilla

2012-03-08 10:23:27 -------- d-----w- C:\Users\Josh\AppData\Local\{3BFBCF1F-F480-4E4C-8DBD-8AFE1ED00C55}

2012-03-07 15:58:50 -------- d-----w- C:\Users\Josh\AppData\Local\{78C3B355-E8B2-4974-A4A8-F8A9690528F2}

2012-03-07 03:58:20 -------- d-----w- C:\Users\Josh\AppData\Local\{C4B8E71E-AD1B-4D66-A740-2EA189D91324}

2012-03-06 15:57:48 -------- d-----w- C:\Users\Josh\AppData\Local\{D5D905B0-7355-4907-AEA3-03C7E6B33C29}

2012-03-06 03:57:18 -------- d-----w- C:\Users\Josh\AppData\Local\{D598D131-6E2E-4CFA-8211-B37F066A59D2}

2012-03-06 03:57:05 -------- d-----w- C:\Users\Josh\AppData\Local\{E0678164-C448-4EEA-846A-A11A0A3F791A}

2012-03-05 15:56:33 -------- d-----w- C:\Users\Josh\AppData\Local\{36A37A98-A583-4C01-90B8-85101F8E7E44}

2012-03-05 15:56:21 -------- d-----w- C:\Users\Josh\AppData\Local\{7D7BF16F-36CB-4357-86EF-E213CF4F674A}

2012-03-05 03:56:05 -------- d-----w- C:\Users\Josh\AppData\Local\{B3561622-0611-42FC-83FD-90F8A2448F31}

2012-03-05 03:55:53 -------- d-----w- C:\Users\Josh\AppData\Local\{20E04D63-51F0-49CF-8CAE-987303FC3E30}

2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\IObit Toolbar

2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-03-05 01:50:55 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-03-04 21:04:35 -------- d-----w- C:\Users\Josh\AppData\Local\CyberLink

2012-03-04 20:50:08 -------- d-----r- C:\Program Files (x86)\Skype

2012-03-04 15:55:36 -------- d-----w- C:\Users\Josh\AppData\Local\{6C45F3B7-46F4-470E-830E-D715D1E2E3A9}

2012-03-04 15:55:24 -------- d-----w- C:\Users\Josh\AppData\Local\{3C000DD0-06E8-4B21-9C4D-5B65BABDE24D}

2012-03-04 05:58:17 -------- d-----w- C:\Users\Josh\AppData\Roaming\AVG2012

2012-03-04 05:57:00 -------- d--h--w- C:\ProgramData\Common Files

2012-03-04 05:56:18 -------- d-----w- C:\ProgramData\AVG2012

2012-03-04 05:55:00 -------- d-----w- C:\Program Files (x86)\AVG

2012-03-04 05:48:46 -------- d-----w- C:\ProgramData\MFAData

2012-03-04 05:37:23 -------- d-----r- C:\Sandbox

2012-03-04 01:26:57 -------- d-----w- C:\Users\Josh\AppData\Local\{5C1FE856-965F-4118-9AE0-0E13A0EA077F}

2012-03-04 01:26:46 -------- d-----w- C:\Users\Josh\AppData\Local\{6FA8289E-4FE2-4EF4-BFC4-B0CDDF182743}

2012-03-03 13:26:29 -------- d-----w- C:\Users\Josh\AppData\Local\{DF016CB9-4D2D-42C5-9A97-71E2DFC66D6D}

2012-03-03 13:26:16 -------- d-----w- C:\Users\Josh\AppData\Local\{9AEB4F4B-0AFE-4E9C-8EA8-02C524938BCD}

2012-03-03 10:10:32 -------- d-----w- C:\Users\Josh\VirtualBox VMs

2012-03-03 10:09:53 -------- d-----w- C:\Users\Josh\.VirtualBox

2012-03-03 10:07:46 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-03-03 10:07:34 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-03-03 01:25:49 -------- d-----w- C:\Users\Josh\AppData\Local\{12A1AD41-BA4E-4A50-9621-6743EE6B97D6}

2012-03-03 01:25:37 -------- d-----w- C:\Users\Josh\AppData\Local\{5689B987-6BBD-4B99-9C37-B15C734BAC9A}

2012-03-02 13:24:12 -------- d-----w- C:\Users\Josh\AppData\Local\{B58BDE50-482A-4162-90D0-937E40E2ECE1}

2012-03-02 13:24:00 -------- d-----w- C:\Users\Josh\AppData\Local\{D0629616-8807-48F2-B25F-AC04DAD4E6ED}

2012-03-02 01:23:45 -------- d-----w- C:\Users\Josh\AppData\Local\{069606B8-7478-49B8-BDF4-99442BE93D31}

2012-03-02 01:23:32 -------- d-----w- C:\Users\Josh\AppData\Local\{4C14C23B-5CFE-4061-99C4-2E6ACBCE1CA1}

2012-03-02 00:33:52 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-03-01 22:11:48 -------- d-----w- C:\Users\Josh\AppData\Local\SoftGrid Client

2012-03-01 22:11:47 -------- d-----w- C:\Users\Josh\AppData\Roaming\SoftGrid Client

2012-03-01 22:10:55 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-03-01 22:10:40 -------- d-----w- C:\Users\Josh\AppData\Roaming\TP

2012-02-29 02:40:52 -------- d-----w- C:\Users\Josh\Adobe Photoshop CS5.1

2012-02-29 02:39:03 -------- d-----w- C:\Users\Josh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-02-29 02:38:57 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2012-02-29 02:35:03 -------- d-----w- C:\Users\Josh\AppData\Local\{AD60CBA7-3E6A-4EB3-A83D-35C3DF039669}

2012-02-29 02:34:49 -------- d-----w- C:\Users\Josh\AppData\Local\{DEFF413A-08E0-462F-89B2-5E3F2593D04C}

2012-02-27 23:24:22 -------- d-----w- C:\Users\Josh\AppData\Local\{F4580F31-F553-41E5-BA53-E3C5F55B80C4}

2012-02-27 23:24:09 -------- d-----w- C:\Users\Josh\AppData\Local\{2065CEC6-2683-43A8-93D1-4D04E28ECB48}

2012-02-27 06:16:06 -------- d-----w- C:\Program Files\Sandboxie

2012-02-27 01:01:31 -------- d-----w- C:\Users\Josh\AppData\Local\{05228502-7B57-4C49-AA8B-EDBCED1DF0B1}

2012-02-27 01:01:19 -------- d-----w- C:\Users\Josh\AppData\Local\{5129E6C1-5D2E-40F7-9990-9ECD10AB846A}

2012-02-27 00:56:48 -------- d-----w- C:\Users\Josh\AppData\Local\{57F78409-1670-4A74-882F-64C367DC4D94}

2012-02-27 00:51:05 -------- d-----w- C:\Users\Josh\AppData\Local\{96A6534C-3DB1-40AF-AF65-609A2515D925}

2012-02-25 13:19:12 -------- d-----w- C:\Users\Josh\AppData\Local\{99789772-387D-4C79-BBF4-E23200AD4B84}

2012-02-25 13:18:59 -------- d-----w- C:\Users\Josh\AppData\Local\{4949208C-D009-4B9D-851B-0D638663539D}

2012-02-24 23:17:20 -------- d-----w- C:\Users\Josh\AppData\Local\{51428EC6-B7F4-4528-AC45-C0EB0C28C367}

2012-02-24 23:17:06 -------- d-----w- C:\Users\Josh\AppData\Local\{733FB9CB-09F8-4806-A8A6-AB63A66F3727}

2012-02-24 18:22:11 -------- d-----w- C:\Users\Josh\AppData\Local\CrashDumps

2012-02-24 18:21:57 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes

2012-02-24 18:21:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-24 07:14:28 -------- d-----w- C:\Users\Josh\AppData\Local\{21F2042B-3B05-4557-8745-86E34F24D8E6}

2012-02-24 07:14:16 -------- d-----w- C:\Users\Josh\AppData\Local\{0D078EEA-D294-4453-AB70-937FBDAFF8AD}

2012-02-23 19:14:01 -------- d-----w- C:\Users\Josh\AppData\Local\{6DFDC075-BBD1-4C09-BFFD-A26FDB7438E6}

2012-02-23 19:13:49 -------- d-----w- C:\Users\Josh\AppData\Local\{04636A87-F3B6-4AE9-B67F-0F47F64BFDC2}

2012-02-23 06:09:17 -------- d-----w- C:\Users\Josh\AppData\Local\{41E94126-270D-4D68-8FDB-2860056953B5}

2012-02-23 06:08:56 -------- d-----w- C:\Users\Josh\AppData\Local\{1B31417A-2EED-4C4A-9D4B-CC55B72F45B7}

2012-02-22 17:36:40 -------- d-----w- C:\Users\Josh\AppData\Local\{0A2A4226-1B6D-4CED-A163-B240215C7DF8}

2012-02-22 17:36:24 -------- d-----w- C:\Users\Josh\AppData\Local\{897019EC-0425-4FA5-9591-CFE07B3F271B}

2012-02-22 02:59:27 -------- d-----w- C:\Users\Josh\AppData\Local\{475A71A1-77C2-4C5A-8AEF-0E69E08E4C82}

2012-02-22 02:59:08 -------- d-----w- C:\Users\Josh\AppData\Local\{1C8D27BE-0CF6-4DFA-A6A2-6BE142145B77}

2012-02-21 14:58:51 -------- d-----w- C:\Users\Josh\AppData\Local\{D9A9DD5B-E54E-49D0-B78E-558AD947BCB1}

2012-02-21 14:58:39 -------- d-----w- C:\Users\Josh\AppData\Local\{94D61C80-676C-4109-9BF9-509792162E61}

2012-02-21 02:58:23 -------- d-----w- C:\Users\Josh\AppData\Local\{27D11705-83B1-4E86-AAEB-34DA610884B3}

2012-02-20 14:58:13 -------- d-----w- C:\Users\Josh\AppData\Local\{958036B8-F48E-45F2-926A-CF08C1601780}

2012-02-19 23:17:30 -------- d-----w- C:\Users\Josh\AppData\Local\{2E9BB19C-D6D5-44AB-8A4E-2310B683431A}

2012-02-19 23:17:18 -------- d-----w- C:\Users\Josh\AppData\Local\{0A94583D-117D-44BE-B2E9-1C4490BC8A97}

2012-02-19 11:16:48 -------- d-----w- C:\Users\Josh\AppData\Local\{4B76EBF3-D73B-4A80-A1D5-7E9590B92F40}

2012-02-19 11:16:27 -------- d-----w- C:\Users\Josh\AppData\Local\{E1F483FC-0DED-4651-83AD-4B3A415307DA}

2012-02-18 17:45:08 -------- d-----w- C:\Users\Josh\AppData\Local\{13959802-FB66-41B5-8C4F-26AD13D099C3}

2012-02-18 17:44:55 -------- d-----w- C:\Users\Josh\AppData\Local\{94EC5C52-797A-4F90-9E1F-5CD9FDD816DD}

2012-02-18 05:40:18 -------- d-----w- C:\Users\Josh\AppData\Local\{19B3F9FD-F4BD-43B0-B195-56BB0B5D1D9C}

2012-02-18 05:40:06 -------- d-----w- C:\Users\Josh\AppData\Local\{568C2232-4699-47E6-9600-785090AAC5D1}

2012-02-17 17:39:35 -------- d-----w- C:\Users\Josh\AppData\Local\{48CEC8F7-4705-4CF1-A765-B3FF9472EA03}

2012-02-17 17:39:22 -------- d-----w- C:\Users\Josh\AppData\Local\{9900846B-5CCE-4A35-AC00-0D427F20EBD4}

2012-02-17 05:38:52 -------- d-----w- C:\Users\Josh\AppData\Local\{54433E87-553A-44CD-BCCB-8C0F7208B1FD}

2012-02-17 05:38:38 -------- d-----w- C:\Users\Josh\AppData\Local\{E77CE1B2-A193-4E56-A954-B923B89149D2}

2012-02-17 04:39:09 -------- d-----w- C:\Users\Josh\eligium_v0_92_10_13_en

2012-02-16 17:38:09 -------- d-----w- C:\Users\Josh\AppData\Local\{714C97A4-CF45-48E2-A8F7-14D210B559B7}

2012-02-16 17:37:55 -------- d-----w- C:\Users\Josh\AppData\Local\{12707CEA-1AE6-488A-84CF-02FB10AB0D7D}

2012-02-16 16:04:35 -------- d-----w- C:\Users\Josh\eligium_0_90_1_en

2012-02-16 16:04:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\FOG Downloader

2012-02-16 05:37:26 -------- d-----w- C:\Users\Josh\AppData\Local\{A15E489D-100A-4A03-8155-5877E8C4D810}

2012-02-16 05:37:12 -------- d-----w- C:\Users\Josh\AppData\Local\{B7AEAEAA-F6C7-441B-BB3B-6BD85E5EB870}

2012-02-16 04:37:55 -------- d-----w- C:\Users\Josh\AppData\Local\{7BD76EDB-51C0-465B-B190-34537B549E3B}

2012-02-15 15:07:07 -------- d-----w- C:\Users\Josh\AppData\Local\{EDC53180-C987-47A4-8026-57187579C182}

2012-02-15 15:06:53 -------- d-----w- C:\Users\Josh\AppData\Local\{8EED2090-A417-451A-937D-5ADA74542499}

2012-02-15 03:06:39 -------- d-----w- C:\Users\Josh\AppData\Local\{A9B8CD7E-D647-4A75-BE9B-6EF30D519415}

2012-02-15 03:06:26 -------- d-----w- C:\Users\Josh\AppData\Local\{AD7517B4-9F10-4675-80A3-91F6B384B61D}

2012-02-14 15:06:09 -------- d-----w- C:\Users\Josh\AppData\Local\{B5AFD743-49A9-4156-B795-79381D663079}

2012-02-14 15:05:50 -------- d-----w- C:\Users\Josh\AppData\Local\{FF0914E6-19D4-45A3-8B85-48E8BAF2C03E}

2012-02-14 03:05:34 -------- d-----w- C:\Users\Josh\AppData\Local\{26D15584-EF02-4F2F-8F8F-12030E57F349}

2012-02-14 03:05:20 -------- d-----w- C:\Users\Josh\AppData\Local\{C430A3DF-52D3-4EB0-AC9B-6BF0FC9FA3BA}

2012-02-13 15:04:52 -------- d-----w- C:\Users\Josh\AppData\Local\{7EB52B0D-B171-45C2-9B20-D8C8B3E6ABE2}

2012-02-13 15:04:40 -------- d-----w- C:\Users\Josh\AppData\Local\{5CCA2265-5192-42CB-9A51-3E769CD1EC71}

2012-02-13 14:30:22 -------- d-----w- C:\Program Files (x86)\mwfre

2012-02-13 14:28:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\MCS2Launcher

2012-02-13 03:04:13 -------- d-----w- C:\Users\Josh\AppData\Local\{7FC0B2B6-A2F5-4A9F-B07A-7758873A8316}

2012-02-13 03:04:01 -------- d-----w- C:\Users\Josh\AppData\Local\{84B9950E-C393-4B0A-92FF-9916142B3B8B}

2012-02-12 15:03:32 -------- d-----w- C:\Users\Josh\AppData\Local\{0E9923FF-8485-4248-9302-8066260963FB}

2012-02-12 15:03:20 -------- d-----w- C:\Users\Josh\AppData\Local\{3357A0CC-B5F4-4657-90F7-7DA6DAC347C7}

2012-02-12 03:02:59 -------- d-----w- C:\Users\Josh\AppData\Local\{CCC3BE17-C6FB-41F4-9FBD-B5BBFCC0A4CB}

2012-02-12 03:02:35 -------- d-----w- C:\Users\Josh\AppData\Local\{E3C1A6F0-EA3B-47F7-8C08-F07543717E14}

2012-02-10 23:19:00 -------- d-----w- C:\Users\Josh\AppData\Local\{6E968A5C-8A6A-4145-B7C8-3B1616ACE857}

.

==================== Find3M ====================

.

2012-02-02 20:43:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-19 19:45:22 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2011-12-17 01:21:22 31576 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

.

============= FINISH: 16:55:41.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/31/2012 3:34:48 PM

System Uptime: 3/11/2012 3:30:44 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3676

Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 249.869 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.692 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Reader X MUI

Adobe Shockwave Player 11.5

Apple Application Support

Apple Software Update

Bandisoft MPEG-1 Decoder

Bing Bar

Blio

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink YouCam

D3DX10

Energy Star Digital Logo

ESU for Microsoft Windows 7

Fraps (remove only)

Game Booster 3

Hewlett-Packard ACLM.NET v1.1.2.0

HP CloudDrive

HP Customer Experience Enhancements

HP Documentation

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IObit Toolbar v5.0

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Mabinogi

Malwarebytes Anti-Malware version 1.60.1.1000

MCS2Launcher

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

Nexon Game Manager

Pale Moon 9.2 (x86 en-US)

Pando Media Booster

PlayReady PC Runtime x86

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Skype™ 4.2

Smart Defrag 2

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/8/2012 9:06:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a833a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030812-32651-01.

3/8/2012 9:05:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

3/8/2012 4:22:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.

3/8/2012 3:26:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

3/11/2012 3:30:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/11/2012 3:05:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/11/2012 3:05:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/11/2012 3:05:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/11/2012 3:04:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/11/2012 3:04:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 3:03:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 2:04:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/11/2012 2:03:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

3/10/2012 11:19:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

3/10/2012 11:09:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

3/10/2012 1:08:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

I was confused since this thread http://forums.malwarebytes.org/index.php?showtopic=9573 said include both, but the log said not to post the second one unless it was instructed to.

've tried recently updating my computer just to make sure it's not an infection or anything, it's still taking up 99-100% of my CPU while MBAM claims there's two trojans under the "svchost.exe" name. Any and all help will be appreciated. Thank you. :)

Share this post


Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Thank you for the welcome.

10:49:12.0158 1088 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

10:49:12.0564 1088 ============================================================

10:49:12.0564 1088 Current date / time: 2012/03/14 10:49:12.0564

10:49:12.0564 1088 SystemInfo:

10:49:12.0564 1088

10:49:12.0564 1088 OS Version: 6.1.7601 ServicePack: 1.0

10:49:12.0564 1088 Product type: Workstation

10:49:12.0564 1088 ComputerName: JOSH-HP

10:49:12.0564 1088 UserName: Josh

10:49:12.0564 1088 Windows directory: C:\Windows

10:49:12.0564 1088 System windows directory: C:\Windows

10:49:12.0564 1088 Running under WOW64

10:49:12.0564 1088 Processor architecture: Intel x64

10:49:12.0564 1088 Number of processors: 2

10:49:12.0564 1088 Page size: 0x1000

10:49:12.0564 1088 Boot type: Normal boot

10:49:12.0564 1088 ============================================================

10:49:13.0999 1088 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:49:14.0014 1088 \Device\Harddisk0\DR0:

10:49:14.0014 1088 MBR used

10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2386C800

10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D0800, BlocksNum 0x1B2A000

10:49:14.0014 1088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

10:49:14.0264 1088 Initialize success

10:49:14.0264 1088 ============================================================

10:49:33.0358 0296 ============================================================

10:49:33.0358 0296 Scan started

10:49:33.0358 0296 Mode: Manual; SigCheck; TDLFS;

10:49:33.0358 0296 ============================================================

10:49:36.0166 0296 1394hub - ok

10:49:36.0541 0296 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:49:36.0697 0296 1394ohci - ok

10:49:37.0040 0296 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:49:37.0071 0296 ACPI - ok

10:49:37.0617 0296 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:49:37.0758 0296 AcpiPmi - ok

10:49:38.0070 0296 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:49:38.0163 0296 adp94xx - ok

10:49:38.0397 0296 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:49:38.0413 0296 adpahci - ok

10:49:38.0881 0296 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:49:38.0912 0296 adpu320 - ok

10:49:39.0177 0296 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys

10:49:39.0598 0296 AFD - ok

10:49:39.0786 0296 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:49:39.0801 0296 agp440 - ok

10:49:40.0035 0296 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:49:40.0035 0296 aliide - ok

10:49:40.0238 0296 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:49:40.0254 0296 amdide - ok

10:49:40.0441 0296 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:49:40.0472 0296 AmdK8 - ok

10:49:40.0659 0296 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:49:40.0706 0296 AmdPPM - ok

10:49:40.0878 0296 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

10:49:40.0893 0296 amdsata - ok

10:49:41.0190 0296 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:49:41.0268 0296 amdsbs - ok

10:49:41.0502 0296 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

10:49:41.0502 0296 amdxata - ok

10:49:41.0798 0296 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:49:41.0860 0296 AppID - ok

10:49:42.0141 0296 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:49:42.0157 0296 arc - ok

10:49:42.0547 0296 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:49:42.0547 0296 arcsas - ok

10:49:43.0099 0296 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:49:43.0309 0296 AsyncMac - ok

10:49:43.0569 0296 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:49:43.0579 0296 atapi - ok

10:49:44.0049 0296 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:49:44.0199 0296 b06bdrv - ok

10:49:44.0649 0296 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:49:44.0739 0296 b57nd60a - ok

10:49:45.0059 0296 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:49:45.0189 0296 BCM43XX - ok

10:49:45.0489 0296 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:49:45.0559 0296 Beep - ok

10:49:45.0769 0296 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

10:49:45.0789 0296 blbdrive - ok

10:49:46.0029 0296 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

10:49:46.0069 0296 bowser - ok

10:49:46.0469 0296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:49:46.0519 0296 BrFiltLo - ok

10:49:46.0789 0296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:49:46.0839 0296 BrFiltUp - ok

10:49:47.0519 0296 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:49:47.0709 0296 Brserid - ok

10:49:47.0949 0296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:49:48.0049 0296 BrSerWdm - ok

10:49:48.0455 0296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:49:48.0527 0296 BrUsbMdm - ok

10:49:48.0835 0296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:49:48.0922 0296 BrUsbSer - ok

10:49:49.0451 0296 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:49:49.0514 0296 BTHMODEM - ok

10:49:50.0016 0296 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:49:50.0111 0296 cdfs - ok

10:49:50.0506 0296 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:49:50.0589 0296 cdrom - ok

10:49:51.0171 0296 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:49:51.0253 0296 circlass - ok

10:49:51.0685 0296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:49:51.0716 0296 CLFS - ok

10:49:52.0233 0296 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

10:49:52.0257 0296 clwvd - ok

10:49:52.0900 0296 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:49:52.0971 0296 CmBatt - ok

10:49:53.0202 0296 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:49:53.0235 0296 cmdide - ok

10:49:53.0662 0296 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

10:49:53.0751 0296 CNG - ok

10:49:53.0983 0296 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:49:53.0993 0296 Compbatt - ok

10:49:54.0130 0296 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:49:54.0195 0296 CompositeBus - ok

10:49:54.0532 0296 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:49:54.0560 0296 crcdisk - ok

10:49:54.0925 0296 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

10:49:54.0937 0296 dc3d - ok

10:49:55.0199 0296 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:49:55.0276 0296 DfsC - ok

10:49:55.0466 0296 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:49:55.0519 0296 discache - ok

10:49:55.0878 0296 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:49:55.0898 0296 Disk - ok

10:49:56.0184 0296 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:49:56.0567 0296 drmkaud - ok

10:49:57.0196 0296 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:49:57.0229 0296 DXGKrnl - ok

10:49:57.0409 0296 EagleX64 - ok

10:49:57.0736 0296 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:49:57.0897 0296 ebdrv - ok

10:49:58.0391 0296 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:49:58.0416 0296 elxstor - ok

10:49:58.0642 0296 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:49:58.0722 0296 ErrDev - ok

10:49:59.0006 0296 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:49:59.0111 0296 exfat - ok

10:49:59.0299 0296 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:49:59.0405 0296 fastfat - ok

10:49:59.0720 0296 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:49:59.0804 0296 fdc - ok

10:50:00.0145 0296 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:50:00.0176 0296 FileInfo - ok

10:50:00.0578 0296 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:50:00.0669 0296 Filetrace - ok

10:50:00.0905 0296 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:50:00.0935 0296 flpydisk - ok

10:50:01.0122 0296 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:50:01.0159 0296 FltMgr - ok

10:50:01.0411 0296 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:50:01.0441 0296 FsDepends - ok

10:50:01.0665 0296 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys

10:50:01.0697 0296 fssfltr - ok

10:50:01.0900 0296 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:50:01.0910 0296 Fs_Rec - ok

10:50:01.0981 0296 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:50:02.0029 0296 fvevol - ok

10:50:02.0188 0296 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:50:02.0210 0296 gagp30kx - ok

10:50:02.0571 0296 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:50:02.0579 0296 GEARAspiWDM - ok

10:50:02.0851 0296 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:50:02.0925 0296 hcw85cir - ok

10:50:03.0167 0296 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:50:03.0208 0296 HdAudAddService - ok

10:50:03.0455 0296 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:50:03.0493 0296 HDAudBus - ok

10:50:03.0677 0296 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:50:03.0723 0296 HidBatt - ok

10:50:04.0026 0296 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:50:04.0068 0296 HidBth - ok

10:50:04.0515 0296 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:50:04.0578 0296 HidIr - ok

10:50:04.0776 0296 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:50:04.0840 0296 HidUsb - ok

10:50:05.0162 0296 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:50:05.0179 0296 HpSAMD - ok

10:50:05.0467 0296 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:50:05.0526 0296 HTTP - ok

10:50:05.0841 0296 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:50:05.0853 0296 hwpolicy - ok

10:50:06.0037 0296 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:50:06.0060 0296 i8042prt - ok

10:50:06.0294 0296 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys

10:50:06.0309 0296 iaStor - ok

10:50:06.0705 0296 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

10:50:06.0750 0296 iaStorV - ok

10:50:07.0946 0296 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:50:08.0266 0296 igfx - ok

10:50:08.0627 0296 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:50:08.0643 0296 iirsp - ok

10:50:09.0134 0296 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys

10:50:09.0189 0296 IntcAzAudAddService - ok

10:50:09.0540 0296 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:50:09.0587 0296 intelide - ok

10:50:09.0797 0296 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:50:09.0839 0296 intelppm - ok

10:50:10.0053 0296 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:50:10.0105 0296 IpFilterDriver - ok

10:50:10.0256 0296 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:50:10.0371 0296 IPMIDRV - ok

10:50:10.0666 0296 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:50:10.0744 0296 IPNAT - ok

10:50:10.0901 0296 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:50:10.0930 0296 IRENUM - ok

10:50:11.0033 0296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:50:11.0055 0296 isapnp - ok

10:50:11.0166 0296 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:50:11.0195 0296 iScsiPrt - ok

10:50:11.0348 0296 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:50:11.0359 0296 kbdclass - ok

10:50:11.0640 0296 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:50:11.0720 0296 kbdhid - ok

10:50:12.0000 0296 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

10:50:12.0023 0296 KSecDD - ok

10:50:12.0215 0296 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

10:50:12.0228 0296 KSecPkg - ok

10:50:12.0736 0296 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:50:12.0815 0296 ksthunk - ok

10:50:13.0093 0296 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:50:13.0155 0296 lltdio - ok

10:50:13.0351 0296 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:50:13.0376 0296 LSI_FC - ok

10:50:13.0561 0296 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:50:13.0583 0296 LSI_SAS - ok

10:50:13.0797 0296 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:50:13.0816 0296 LSI_SAS2 - ok

10:50:14.0191 0296 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:50:14.0221 0296 LSI_SCSI - ok

10:50:14.0683 0296 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:50:14.0755 0296 luafv - ok

10:50:14.0959 0296 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:50:14.0968 0296 MBAMProtector - ok

10:50:15.0245 0296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:50:15.0268 0296 megasas - ok

10:50:15.0662 0296 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:50:15.0698 0296 MegaSR - ok

10:50:16.0036 0296 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:50:16.0157 0296 Modem - ok

10:50:16.0469 0296 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:50:16.0501 0296 monitor - ok

10:50:16.0726 0296 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:50:16.0737 0296 mouclass - ok

10:50:17.0037 0296 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:50:17.0066 0296 mouhid - ok

10:50:17.0196 0296 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:50:17.0208 0296 mountmgr - ok

10:50:17.0370 0296 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:50:17.0384 0296 mpio - ok

10:50:17.0513 0296 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:50:17.0565 0296 mpsdrv - ok

10:50:17.0692 0296 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:50:17.0721 0296 MRxDAV - ok

10:50:17.0962 0296 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:50:18.0020 0296 mrxsmb - ok

10:50:18.0366 0296 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:50:18.0456 0296 mrxsmb10 - ok

10:50:18.0667 0296 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:50:18.0737 0296 mrxsmb20 - ok

10:50:19.0123 0296 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:50:19.0132 0296 msahci - ok

10:50:19.0398 0296 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:50:19.0414 0296 msdsm - ok

10:50:19.0793 0296 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:50:19.0843 0296 Msfs - ok

10:50:20.0371 0296 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:50:20.0471 0296 mshidkmdf - ok

10:50:20.0868 0296 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:50:20.0877 0296 msisadrv - ok

10:50:21.0301 0296 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:50:21.0358 0296 MSKSSRV - ok

10:50:21.0723 0296 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:50:21.0824 0296 MSPCLOCK - ok

10:50:22.0091 0296 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:50:22.0179 0296 MSPQM - ok

10:50:22.0345 0296 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:50:22.0369 0296 MsRPC - ok

10:50:22.0669 0296 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:50:22.0679 0296 mssmbios - ok

10:50:23.0044 0296 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:50:23.0118 0296 MSTEE - ok

10:50:23.0492 0296 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:50:23.0545 0296 MTConfig - ok

10:50:23.0779 0296 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:50:23.0793 0296 Mup - ok

10:50:24.0136 0296 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:50:24.0176 0296 NativeWifiP - ok

10:50:24.0474 0296 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:50:24.0511 0296 NDIS - ok

10:50:24.0791 0296 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:50:24.0856 0296 NdisCap - ok

10:50:25.0202 0296 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:50:25.0297 0296 NdisTapi - ok

10:50:25.0503 0296 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:50:25.0577 0296 Ndisuio - ok

10:50:25.0809 0296 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:50:25.0858 0296 NdisWan - ok

10:50:26.0198 0296 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:50:26.0265 0296 NDProxy - ok

10:50:26.0610 0296 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:50:26.0689 0296 NetBIOS - ok

10:50:26.0972 0296 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:50:27.0078 0296 NetBT - ok

10:50:27.0326 0296 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:50:27.0345 0296 nfrd960 - ok

10:50:27.0638 0296 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:50:27.0715 0296 Npfs - ok

10:50:27.0872 0296 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:50:27.0935 0296 nsiproxy - ok

10:50:28.0163 0296 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

10:50:28.0208 0296 Ntfs - ok

10:50:28.0388 0296 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:50:28.0479 0296 Null - ok

10:50:28.0656 0296 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

10:50:28.0686 0296 NVENETFD - ok

10:50:28.0833 0296 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

10:50:28.0847 0296 nvraid - ok

10:50:29.0003 0296 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

10:50:29.0029 0296 nvstor - ok

10:50:29.0180 0296 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:50:29.0208 0296 nv_agp - ok

10:50:29.0340 0296 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:50:29.0355 0296 ohci1394 - ok

10:50:29.0612 0296 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:50:29.0644 0296 Parport - ok

10:50:29.0876 0296 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:50:29.0887 0296 partmgr - ok

10:50:30.0142 0296 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:50:30.0162 0296 pci - ok

10:50:30.0370 0296 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:50:30.0404 0296 pciide - ok

10:50:30.0742 0296 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:50:30.0763 0296 pcmcia - ok

10:50:31.0177 0296 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:50:31.0188 0296 pcw - ok

10:50:31.0431 0296 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:50:31.0544 0296 PEAUTH - ok

10:50:32.0017 0296 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:50:32.0083 0296 PptpMiniport - ok

10:50:32.0369 0296 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:50:32.0399 0296 Processor - ok

10:50:32.0583 0296 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:50:32.0626 0296 Psched - ok

10:50:32.0810 0296 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:50:32.0880 0296 ql2300 - ok

10:50:33.0195 0296 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:50:33.0225 0296 ql40xx - ok

10:50:33.0408 0296 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:50:33.0458 0296 QWAVEdrv - ok

10:50:33.0630 0296 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:50:33.0710 0296 RasAcd - ok

10:50:34.0006 0296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:50:34.0057 0296 RasAgileVpn - ok

10:50:34.0289 0296 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:50:34.0340 0296 Rasl2tp - ok

10:50:34.0691 0296 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:50:34.0772 0296 RasPppoe - ok

10:50:35.0151 0296 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:50:35.0221 0296 RasSstp - ok

10:50:35.0467 0296 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:50:35.0528 0296 rdbss - ok

10:50:35.0862 0296 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

10:50:35.0899 0296 rdpbus - ok

10:50:36.0069 0296 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:50:36.0132 0296 RDPCDD - ok

10:50:36.0447 0296 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:50:36.0507 0296 RDPENCDD - ok

10:50:36.0725 0296 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:50:36.0762 0296 RDPREFMP - ok

10:50:37.0004 0296 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:50:37.0051 0296 RDPWD - ok

10:50:37.0254 0296 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:50:37.0280 0296 rdyboost - ok

10:50:37.0608 0296 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

10:50:37.0619 0296 RSPCIESTOR - ok

10:50:37.0868 0296 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:50:37.0941 0296 rspndr - ok

10:50:38.0230 0296 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:50:38.0244 0296 RTL8167 - ok

10:50:38.0640 0296 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

10:50:38.0665 0296 RTL8192Ce - ok

10:50:38.0954 0296 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

10:50:38.0960 0296 SASDIFSV - ok

10:50:39.0214 0296 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

10:50:39.0221 0296 SASKUTIL - ok

10:50:39.0348 0296 SbieDrv (554cb4c2e076cc0960d9e5590e4c7fa5) C:\Program Files\Sandboxie\SbieDrv.sys

10:50:39.0361 0296 SbieDrv - ok

10:50:39.0527 0296 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:50:39.0540 0296 sbp2port - ok

10:50:39.0694 0296 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:50:39.0743 0296 scfilter - ok

10:50:39.0946 0296 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

10:50:39.0989 0296 sdbus - ok

10:50:40.0213 0296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:50:40.0272 0296 secdrv - ok

10:50:40.0556 0296 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:50:40.0591 0296 Serenum - ok

10:50:40.0737 0296 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:50:40.0786 0296 Serial - ok

10:50:41.0255 0296 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:50:41.0302 0296 sermouse - ok

10:50:41.0728 0296 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:50:41.0767 0296 sffdisk - ok

10:50:41.0923 0296 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:50:41.0961 0296 sffp_mmc - ok

10:50:42.0168 0296 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:50:42.0225 0296 sffp_sd - ok

10:50:42.0714 0296 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:50:42.0771 0296 sfloppy - ok

10:50:43.0370 0296 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:50:43.0390 0296 Sftfs - ok

10:50:43.0856 0296 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:50:43.0867 0296 Sftplay - ok

10:50:44.0291 0296 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:50:44.0297 0296 Sftredir - ok

10:50:44.0685 0296 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:50:44.0692 0296 Sftvol - ok

10:50:44.0895 0296 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:50:44.0929 0296 SiSRaid2 - ok

10:50:45.0105 0296 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:50:45.0125 0296 SiSRaid4 - ok

10:50:45.0383 0296 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys

10:50:45.0389 0296 SmartDefragDriver - ok

10:50:45.0690 0296 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:50:45.0753 0296 Smb - ok

10:50:46.0101 0296 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:50:46.0112 0296 spldr - ok

10:50:46.0375 0296 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys

10:50:46.0445 0296 srv - ok

10:50:46.0692 0296 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys

10:50:46.0754 0296 srv2 - ok

10:50:47.0074 0296 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

10:50:47.0108 0296 SrvHsfHDA - ok

10:50:47.0741 0296 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

10:50:47.0858 0296 SrvHsfV92 - ok

10:50:48.0068 0296 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

10:50:48.0101 0296 SrvHsfWinac - ok

10:50:48.0312 0296 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys

10:50:48.0414 0296 srvnet - ok

10:50:48.0718 0296 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:50:48.0739 0296 stexstor - ok

10:50:48.0884 0296 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:50:48.0894 0296 swenum - ok

10:50:49.0120 0296 SynTP (ec4dca6539eb97376f1a1743d209d842) C:\Windows\system32\DRIVERS\SynTP.sys

10:50:49.0152 0296 SynTP - ok

10:50:49.0537 0296 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys

10:50:49.0624 0296 Tcpip - ok

10:50:50.0115 0296 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys

10:50:50.0157 0296 TCPIP6 - ok

10:50:50.0406 0296 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:50:50.0471 0296 tcpipreg - ok

10:50:50.0862 0296 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:50:50.0971 0296 TDPIPE - ok

10:50:51.0251 0296 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:50:51.0363 0296 TDTCP - ok

10:50:51.0678 0296 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:50:51.0724 0296 tdx - ok

10:50:52.0095 0296 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:50:52.0105 0296 TermDD - ok

10:50:52.0391 0296 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:50:52.0447 0296 tssecsrv - ok

10:50:52.0769 0296 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:50:52.0810 0296 TsUsbFlt - ok

10:50:53.0021 0296 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:50:53.0065 0296 TsUsbGD - ok

10:50:53.0417 0296 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:50:53.0470 0296 tunnel - ok

10:50:53.0666 0296 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:50:53.0692 0296 uagp35 - ok

10:50:54.0005 0296 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:50:54.0144 0296 udfs - ok

10:50:54.0440 0296 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:50:54.0461 0296 uliagpkx - ok

10:50:54.0880 0296 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:50:54.0956 0296 umbus - ok

10:50:55.0215 0296 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:50:55.0242 0296 UmPass - ok

10:50:55.0487 0296 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

10:50:55.0544 0296 USBAAPL64 - ok

10:50:55.0711 0296 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

10:50:55.0732 0296 usbccgp - ok

10:50:55.0918 0296 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:50:55.0973 0296 usbcir - ok

10:50:56.0163 0296 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

10:50:56.0227 0296 usbehci - ok

10:50:56.0483 0296 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

10:50:56.0530 0296 usbhub - ok

10:50:56.0702 0296 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

10:50:56.0729 0296 usbohci - ok

10:50:57.0165 0296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

10:50:57.0215 0296 usbprint - ok

10:50:57.0492 0296 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:50:57.0538 0296 USBSTOR - ok

10:50:57.0730 0296 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

10:50:57.0762 0296 usbuhci - ok

10:50:58.0033 0296 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

10:50:58.0053 0296 usbvideo - ok

10:50:58.0267 0296 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

10:50:58.0278 0296 VBoxNetAdp - ok

10:50:58.0481 0296 VBoxNetFlt - ok

10:50:58.0731 0296 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:50:58.0741 0296 vdrvroot - ok

10:50:59.0057 0296 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:50:59.0089 0296 vga - ok

10:50:59.0400 0296 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:50:59.0473 0296 VgaSave - ok

10:50:59.0859 0296 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:50:59.0885 0296 vhdmp - ok

10:51:00.0226 0296 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:51:00.0245 0296 viaide - ok

10:51:00.0424 0296 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:51:00.0447 0296 volmgr - ok

10:51:00.0900 0296 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:51:00.0937 0296 volmgrx - ok

10:51:01.0470 0296 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:51:01.0497 0296 volsnap - ok

10:51:01.0907 0296 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:51:01.0953 0296 vsmraid - ok

10:51:02.0181 0296 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:51:02.0435 0296 vwifibus - ok

10:51:02.0782 0296 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:51:02.0816 0296 vwififlt - ok

10:51:03.0014 0296 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:51:03.0045 0296 vwifimp - ok

10:51:03.0334 0296 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:51:03.0349 0296 WacomPen - ok

10:51:03.0730 0296 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:51:03.0840 0296 WANARP - ok

10:51:03.0930 0296 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:51:03.0970 0296 Wanarpv6 - ok

10:51:04.0380 0296 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:51:04.0403 0296 Wd - ok

10:51:04.0685 0296 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:51:04.0720 0296 Wdf01000 - ok

10:51:05.0071 0296 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:51:05.0124 0296 WfpLwf - ok

10:51:05.0383 0296 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:51:05.0394 0296 WIMMount - ok

10:51:05.0758 0296 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:51:05.0810 0296 WinUsb - ok

10:51:05.0968 0296 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:51:06.0003 0296 WmiAcpi - ok

10:51:06.0308 0296 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:51:06.0358 0296 ws2ifsl - ok

10:51:06.0576 0296 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:51:06.0655 0296 WudfPf - ok

10:51:07.0180 0296 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:51:07.0244 0296 WUDFRd - ok

10:51:07.0716 0296 X6va005 - ok

10:51:07.0778 0296 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

10:51:07.0823 0296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:51:07.0823 0296 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:51:08.0038 0296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:51:08.0038 0296 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:51:08.0111 0296 Boot (0x1200) (507e807416ebd850e4c474f974754acc) \Device\Harddisk0\DR0\Partition0

10:51:08.0131 0296 \Device\Harddisk0\DR0\Partition0 - ok

10:51:08.0174 0296 Boot (0x1200) (209c31f802055abe95109f1db49143dc) \Device\Harddisk0\DR0\Partition1

10:51:08.0205 0296 \Device\Harddisk0\DR0\Partition1 - ok

10:51:08.0271 0296 Boot (0x1200) (37d09a2ca450c254f28e96d27c0c94f1) \Device\Harddisk0\DR0\Partition2

10:51:08.0275 0296 \Device\Harddisk0\DR0\Partition2 - ok

10:51:08.0354 0296 Boot (0x1200) (0c776de3831cac4a20318ca041035a6f) \Device\Harddisk0\DR0\Partition3

10:51:08.0358 0296 \Device\Harddisk0\DR0\Partition3 - ok

10:51:08.0359 0296 ============================================================

10:51:08.0359 0296 Scan finished

10:51:08.0359 0296 ============================================================

10:51:08.0378 4168 Detected object count: 2

10:51:08.0378 4168 Actual detected object count: 2

10:52:04.0519 4168 \Device\Harddisk0\DR0\# - copied to quarantine

10:52:04.0519 4168 \Device\Harddisk0\DR0 - copied to quarantine

10:52:04.0565 4168 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:52:04.0567 4168 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:52:04.0573 4168 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:52:04.0578 4168 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:52:04.0597 4168 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:52:04.0608 4168 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:52:04.0609 4168 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:52:04.0610 4168 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:52:04.0612 4168 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:52:04.0616 4168 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:52:04.0619 4168 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:52:04.0621 4168 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:52:04.0638 4168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:52:04.0675 4168 \Device\Harddisk0\DR0 - ok

10:52:05.0165 4168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:52:05.0166 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:52:05.0166 4168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:52:24.0049 3860 Deinitialize success

Share this post


Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

ComboFix 12-03-14.01 - Josh 03/14/2012 13:51:26.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1945 [GMT -5:00]

Running from: c:\users\Josh\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))

.

.

2012-03-14 19:02 . 2012-03-14 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-14 15:52 . 2012-03-14 15:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-10 20:30 . 2012-03-10 20:30 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer

2012-03-10 20:30 . 2012-03-10 20:30 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer

2012-03-10 18:56 . 2012-03-10 18:56 0 ----a-w- c:\windows\SysWow64\shoA0F.tmp

2012-03-10 18:23 . 2012-03-10 18:23 -------- d-----w- c:\users\Josh\AppData\Roaming\SUPERAntiSpyware.com

2012-03-10 18:22 . 2012-03-10 18:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-10 18:22 . 2012-03-10 18:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-10 16:34 . 2012-03-10 17:21 -------- d-----w- c:\users\Josh\AppData\Roaming\PCPro

2012-03-10 16:34 . 2012-03-10 16:34 -------- d-----w- c:\users\Josh\AppData\Roaming\PC Cleaners

2012-03-10 16:34 . 2012-03-10 16:20 5276432 ----a-w- c:\windows\uninst.exe

2012-03-10 16:34 . 2012-03-10 16:34 -------- d-----w- c:\programdata\PC1Data

2012-03-10 16:23 . 2012-03-10 16:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-10 16:23 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-10 16:18 . 2012-03-10 16:18 -------- d-----w- c:\users\Josh\AppData\Local\SvchostViewer

2012-03-10 16:05 . 2012-03-10 16:05 -------- d-----w- c:\users\Josh\AppData\Roaming\Moonchild Productions

2012-03-10 16:04 . 2012-03-11 17:50 -------- d-----w- c:\program files (x86)\Pale Moon

2012-03-09 17:44 . 2012-03-09 17:46 -------- d-----w- C:\Fraps

2012-03-08 21:05 . 2012-03-08 21:05 -------- d-----w- c:\users\Josh\AppData\Local\Mozilla

2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\Application Updater

2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-03-05 01:50 . 2012-03-05 01:50 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\programdata\CyberLink

2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Public\CyberLink

2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Josh\AppData\Roaming\CyberLink

2012-03-04 21:04 . 2012-03-04 21:04 -------- d-----w- c:\users\Josh\AppData\Local\CyberLink

2012-03-04 20:50 . 2012-03-09 04:25 -------- d-----w- c:\users\Josh\AppData\Roaming\Skype

2012-03-04 20:50 . 2012-03-04 20:50 -------- d-----r- c:\program files (x86)\Skype

2012-03-04 20:49 . 2012-03-04 20:50 -------- d-----w- c:\programdata\Skype

2012-03-04 05:58 . 2012-03-04 05:58 -------- d-----w- c:\users\Josh\AppData\Roaming\AVG2012

2012-03-04 05:57 . 2012-03-04 05:57 -------- d--h--w- c:\programdata\Common Files

2012-03-04 05:56 . 2012-03-10 16:49 -------- d-----w- c:\programdata\AVG2012

2012-03-04 05:55 . 2012-03-04 05:55 -------- d-----w- c:\program files (x86)\AVG

2012-03-04 05:48 . 2012-03-09 18:48 -------- d-----w- c:\programdata\MFAData

2012-03-04 05:37 . 2012-03-04 05:37 -------- d-----r- C:\Sandbox

2012-03-03 10:10 . 2012-03-03 10:10 -------- d-----w- c:\users\Josh\VirtualBox VMs

2012-03-03 10:09 . 2012-03-03 10:17 -------- d-----w- c:\users\Josh\.VirtualBox

2012-03-03 10:07 . 2011-12-19 19:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-03-03 10:07 . 2011-12-19 19:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-03-02 00:33 . 2012-03-02 00:34 -------- d-----w- c:\programdata\VirtualizedApplications

2012-03-01 22:11 . 2012-03-01 22:11 -------- d-----w- c:\users\Josh\AppData\Local\SoftGrid Client

2012-03-01 22:11 . 2012-03-03 20:16 -------- d-----w- c:\users\Josh\AppData\Roaming\SoftGrid Client

2012-03-01 22:10 . 2012-03-01 22:11 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-03-01 22:10 . 2012-03-01 22:11 -------- d-----w- c:\users\Josh\AppData\Roaming\TP

2012-02-29 02:40 . 2012-02-29 02:44 -------- d-----w- c:\users\Josh\Adobe Photoshop CS5.1

2012-02-29 02:39 . 2012-02-29 02:39 -------- d-----w- c:\users\Josh\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-02-29 02:38 . 2012-02-29 02:38 -------- d-----w- c:\program files (x86)\Adobe Download Assistant

2012-02-29 02:38 . 2012-02-29 02:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-02-27 06:16 . 2012-02-27 06:16 -------- d-----w- c:\program files\Sandboxie

2012-02-24 18:22 . 2012-03-04 05:45 -------- d-----w- c:\users\Josh\AppData\Local\CrashDumps

2012-02-24 18:21 . 2012-02-24 18:21 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes

2012-02-24 18:21 . 2012-02-24 18:21 -------- d-----w- c:\programdata\Malwarebytes

2012-02-17 04:39 . 2012-02-17 04:42 -------- d-----w- c:\users\Josh\eligium_v0_92_10_13_en

2012-02-16 16:04 . 2012-02-17 09:04 -------- d-----w- c:\users\Josh\AppData\Roaming\FOG Downloader

2012-02-16 16:04 . 2012-02-16 16:09 -------- d-----w- c:\users\Josh\eligium_0_90_1_en

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 16:09 . 2011-10-29 21:12 1145960 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys

2012-02-02 20:43 . 2012-02-02 20:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-01 01:22 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-17 12:39 . 2012-02-01 11:46 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BAEDD24-587D-49EA-9334-3F05EAA635E1}\mpengine.dll

2011-12-19 19:45 . 2011-12-19 19:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-12-17 01:21 . 2012-02-07 05:24 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 X6va005;X6va005;c:\users\Josh\AppData\Local\Temp\0057F44.tmp [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-14 c:\windows\Tasks\HPCeeScheduleForJosh.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ponm2y5r.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Josh\AppData\Local\Temp\0057F44.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4195352143-2297769381-447194898-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):1c,7c,b6,11,6e,4b,db,be,21,8e,57,86,90,1d,c4,b2,66,26,b2,43,6c,

d4,fe,06,20,35,0f,e7,29,cf,56,93,b8,ec,f2,2a,9a,f8,9a,96,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-4195352143-2297769381-447194898-1000_Classes\Wow6432Node\CLSID\{95b485a1-ba09-455c-aef8-a03e8319d3b1}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000043

"Therad"=dword:00000024

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,43,c9,d9,ba,9f,76,c1,0e,a3,60,45,c5,f5,2e,74,2e,92,32,65,02,e1,fe,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-03-14 14:29:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-14 19:29

.

Pre-Run: 268,303,921,152 bytes free

Post-Run: 268,349,292,544 bytes free

.

- - End Of File - - AC1A42A4A52B7964A96CA666B5971E4A

Excellent. Before the previous scan things were slow, choppy, and my browser would stop responding frequently. Now everything is pretty smooth as far as I can tell. My computer restarts and boots up faster.

Share this post


Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\users\Josh\AppData\Local\Temp\0057F44.tmp

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Share this post


Link to post
Share on other sites

To enable the viewing of hidden and protected system files in Windows 7 please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Share this post


Link to post
Share on other sites

Do you still need help with this?

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.