[A] C:\Windows\svchost.exe.Trojan.Agent removal help

Inactive
By Jackie Treehorn
Oct 18, 2012
Topic Status:
Not open for further replies.
  1. Windows 7OS
    I've ran malware bytes and norton, they both find C:\Windows\svchost.exe.Trojan.Agent otherwise known as Trojan.Gen.2. After reboot it returns, both programs quarantine but doesn't destroy 100%. Please, Please help! I sincerely thank you in advance!

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Malware Bytes Log #1
    Database version: v2012.10.18.01
    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    KungFu Semi-Truckerz :: KUNGFUSEMI-TRUC [administrator]
    Protection: Disabled
    10/17/2012 10:05:16 PM
    mbam-log-2012-10-17 (22-05-16).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 350678
    Time elapsed: 39 minute(s), 48 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1344 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    (end)
    DDs Scan log #1
    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by KungFu Semi-Truckerz at 20:17:44 on 2012-10-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5885.4141 [GMT -4:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\AsHookDevice.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\SentrilockCardUtility\SentriLockCardUtility.exe
    C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~2\AD-AWA~1\AdAware.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\msiexec.exe
    C:\Windows\syswow64\MsiExec.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
    C:\Windows\explorer.exe
    C:\Users\KungFu Semi-Truckerz\Desktop\plsie518.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://igoogle.com/
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
    uRun: [Installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe" /I MFC-8460N LAN
    mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENTRI~1.LNK - C:\Windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1 192.168.1.1
    TCP: Interfaces\{2E81A283-E27E-40B0-976E-958A4BB15955} : DHCPNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-mStart Page = about:blank
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [SKDaemon.exe] C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; cdyjeshxea@cdyjeshxea.org; C:\Users\KungFu Semi-Truckerz\Application Data\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSviA64.sys [2012-10-19 513184]
    R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-5-29 256632]
    R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-2-3 57976]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-2-1 196608]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-7-9 11576]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-5 138912]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2012-2-1 139264]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-15 25928]
    R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\Windows\System32\drivers\NETGEARUHOST.sys [2012-3-20 16384]
    R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\Windows\System32\drivers\NETGEARUHUB.sys [2012-3-20 40960]
    R3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2012-7-31 70016]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-29 119416]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 116648]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 250808]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-3-14 21712]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 116648]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
    S3 Samsung UPD Service2;Samsung UPD Service2;C:\Windows\System32\SUPDSvc2.exe [2012-7-2 165456]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-29 119416]
    S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-5-29 60536]
    S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2011-12-19 84600]
    S3 SCR3xx USB Smart Card Reader64;SCR3xx USB Smart Card Reader64;C:\Windows\System32\drivers\S3XXx64.sys [2012-7-31 70016]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-2 1255736]
    S4 SBAMSvc;Ad-Aware; [x]
    .
    =============== Created Last 30 ================
    .
    2012-10-18 16:49:33 20480 ------w- C:\Windows\svchost.exe
    2012-10-17 14:14:48 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
    2012-10-17 01:42:35 -------- d-----w- C:\Users\KungFu Semi-Truckerz\AppData\Local\NPE
    2012-10-17 01:38:21 -------- d-----w- C:\FRST
    2012-10-15 19:23:08 129024 ----a-w- C:\Windows\RegBootClean64.exe
    2012-10-15 18:16:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-15 16:45:18 -------- d-----w- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
    2012-10-15 16:44:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-15 16:44:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 00:13:22 -------- d-----w- C:\Program Files\CCleaner
    2012-10-10 14:21:21 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 14:19:42 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-10-10 14:19:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-10-10 14:19:30 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-10-10 14:19:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-10 14:19:09 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-10 14:19:08 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-10 14:18:55 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-10 14:18:53 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 14:18:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-10 14:18:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-10 14:18:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 14:18:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-09 18:18:39 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-09-29 12:59:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-09-29 12:59:33 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-09-26 13:54:17 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-24 18:10:44 -------- d-----w- C:\Users\KungFu Semi-Truckerz\ZipForm
    2012-09-22 18:59:19 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
    .
    ==================== Find3M ====================
    .
    2012-10-09 14:31:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 14:31:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-05 18:21:22 60 ----a-w- C:\Windows\wpd99.drv
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-07-31 18:23:02 70016 ----a-w- C:\Windows\System32\drivers\S3XXx64.sys
    2012-07-28 07:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-07-28 06:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
    2012-07-26 23:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2012-07-26 23:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2012-07-26 23:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2012-07-26 23:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
    2012-07-26 23:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
    2012-07-26 19:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2012-07-26 19:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2012-07-26 19:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2012-07-26 19:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
    2012-07-26 19:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
    .
    ============= FINISH: 20:18:28.51 ===============
  4. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Thank You so much! I hope it's posted correctly *nerd*
  5. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    GMER? Attach.txt?
    Any particular reason you ran MBAM from safe mode?

    [​IMG]
  6. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Safemode MBAM was before your instruction. GMER didn't produce a log
    Dumb question, should I post a non-safe mode MBAM scan?
  7. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/1/2012 7:32:45 PM
    System Uptime: 10/19/2012 3:03:52 PM (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | CM5571
    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | LGA775 | 2700/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 373 GiB total, 326.506 GiB free.
    D: is FIXED (NTFS) - 551 GiB total, 316.817 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP112: 10/12/2012 8:50:20 PM - Windows Update
    RP113: 10/13/2012 6:10:11 PM - Windows Update
    RP114: 10/13/2012 8:01:28 PM - Windows Update
    RP115: 10/13/2012 8:03:42 PM - Windows Update
    RP116: 10/14/2012 3:00:29 AM - Windows Update
    RP117: 10/15/2012 3:00:54 AM - Windows Update
    RP118: 10/15/2012 3:01:03 AM - Windows Backup
    RP119: 10/15/2012 7:41:16 PM - Windows Backup
    RP120: 10/16/2012 10:33:58 AM - Windows Update
    RP121: 10/17/2012 11:06:19 AM - Windows Update
    RP122: 10/17/2012 10:00:26 PM - Windows Update
    RP123: 10/18/2012 8:41:02 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    AI Manager
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUSUpdate
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    Atheros Ethernet Utility
    Bonjour
    Brother MFL-Pro Suite
    CCleaner
    Compatibility Pack for the 2007 Office system
    Crown Print Monitor+
    D3DX10
    DriverAgent by eSupport.com
    EPU-4 Engine
    Google Chrome Frame
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    J2SE Runtime Environment 5.0
    Java(TM) 6 Update 30 (64-bit)
    Junk Mail filter update
    KONICA MINOLTA magicolor 5430DL
    KONICA MINOLTA magicolor 5430DL Printer Driver Software
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office XP Standard for Students and Teachers
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Movie Maker
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Suite
    Pdf995
    Photo Common
    Photo Gallery
    QuickTime
    Realtek High Definition Audio Driver
    RollerCoaster Tycoon 2
    Samsung ML-1710 Series
    Samsung Universal Print Driver
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Sentrilock Card Utility
    swMSM
    Touch Manager
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader64) SmartCardReader (11/07/2006 4.35.00.01)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/19/2012 10:37:20 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    10/18/2012 8:41:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
    10/18/2012 4:02:23 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 12:46:40 PM, Error: Service Control Manager [7038] - The msiserver service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/18/2012 12:46:40 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not start due to a logon failure.
    10/18/2012 12:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/18/2012 10:17:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 1:27:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/18/2012 1:27:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/18/2012 1:05:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/17/2012 11:02:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffff80000004, 0xfffffa80069e42b4, 0x0000000000000001, 0xfffff88000b95400). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-32619-01.
    10/17/2012 10:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/17/2012 10:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/17/2012 10:02:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/17/2012 10:02:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/17/2012 10:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/17/2012 10:02:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/17/2012 10:02:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
    10/16/2012 1:05:37 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_ATTRIBUTE: The request is not supported. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 03 01 01 00
    10/15/2012 9:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/15/2012 9:09:11 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    10/15/2012 9:09:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
    10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    10/15/2012 8:39:19 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/15/2012 8:39:17 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    10/15/2012 7:46:21 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 7:46:21 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 3:24:54 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    10/15/2012 3:24:51 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 3:24:51 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    10/15/2012 3:24:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/15/2012 3:23:05 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
    10/15/2012 2:08:26 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/15/2012 2:08:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    10/15/2012 2:08:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/15/2012 2:02:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/15/2012 1:49:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cb1174). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-29983-01.
    10/12/2012 10:21:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a013e22000, 0x0000000000000000, 0xfffff80002d1a9ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101212-60075-01.
    .
    ==== End Of File ===========================
  8. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    21:03:02.0944 2152 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    21:03:04.0988 2152 ============================================================
    21:03:04.0988 2152 Current date / time: 2012/10/19 21:03:04.0988
    21:03:04.0988 2152 SystemInfo:
    21:03:04.0988 2152
    21:03:04.0988 2152 OS Version: 6.1.7601 ServicePack: 1.0
    21:03:04.0988 2152 Product type: Workstation
    21:03:04.0988 2152 ComputerName: KUNGFUSEMI-TRUC
    21:03:04.0988 2152 UserName: KungFu Semi-Truckerz
    21:03:04.0988 2152 Windows directory: C:\Windows
    21:03:04.0988 2152 System windows directory: C:\Windows
    21:03:04.0988 2152 Running under WOW64
    21:03:04.0988 2152 Processor architecture: Intel x64
    21:03:04.0988 2152 Number of processors: 2
    21:03:04.0988 2152 Page size: 0x1000
    21:03:04.0988 2152 Boot type: Normal boot
    21:03:04.0988 2152 ============================================================
    21:03:07.0115 2152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:03:07.0135 2152 ============================================================
    21:03:07.0135 2152 \Device\Harddisk0\DR0:
    21:03:07.0135 2152 MBR partitions:
    21:03:07.0135 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1
    21:03:07.0135 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DCB32B
    21:03:07.0135 2152 ============================================================
    21:03:07.0155 2152 C: <-> \Device\Harddisk0\DR0\Partition1
    21:03:07.0225 2152 D: <-> \Device\Harddisk0\DR0\Partition2
    21:03:07.0225 2152 ============================================================
    21:03:07.0225 2152 Initialize success
    21:03:07.0225 2152 ============================================================
    21:03:09.0560 2428 ============================================================
    21:03:09.0560 2428 Scan started
    21:03:09.0560 2428 Mode: Manual;
    21:03:09.0560 2428 ============================================================
    21:03:11.0136 2428 ================ Scan system memory ========================
    21:03:11.0136 2428 System memory - ok
    21:03:11.0136 2428 ================ Scan services =============================
    21:03:11.0370 2428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:03:11.0370 2428 1394ohci - ok
    21:03:11.0401 2428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:03:11.0417 2428 ACPI - ok
    21:03:11.0432 2428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:03:11.0432 2428 AcpiPmi - ok
    21:03:11.0510 2428 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    21:03:11.0526 2428 Ad-Aware Service - ok
    21:03:11.0620 2428 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:03:11.0620 2428 AdobeARMservice - ok
    21:03:11.0729 2428 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:03:11.0729 2428 AdobeFlashPlayerUpdateSvc - ok
    21:03:11.0776 2428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    21:03:11.0776 2428 adp94xx - ok
    21:03:11.0822 2428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    21:03:11.0822 2428 adpahci - ok
    21:03:11.0854 2428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    21:03:11.0854 2428 adpu320 - ok
    21:03:11.0885 2428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:03:11.0885 2428 AeLookupSvc - ok
    21:03:11.0916 2428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:03:11.0932 2428 AFD - ok
    21:03:11.0963 2428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:03:11.0963 2428 agp440 - ok
    21:03:11.0994 2428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:03:11.0994 2428 ALG - ok
    21:03:12.0010 2428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:03:12.0010 2428 aliide - ok
    21:03:12.0025 2428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:03:12.0041 2428 amdide - ok
    21:03:12.0056 2428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    21:03:12.0056 2428 AmdK8 - ok
    21:03:12.0072 2428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:03:12.0072 2428 AmdPPM - ok
    21:03:12.0103 2428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:03:12.0103 2428 amdsata - ok
    21:03:12.0134 2428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    21:03:12.0134 2428 amdsbs - ok
    21:03:12.0150 2428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:03:12.0150 2428 amdxata - ok
    21:03:12.0181 2428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:03:12.0181 2428 AppID - ok
    21:03:12.0197 2428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:03:12.0197 2428 AppIDSvc - ok
    21:03:12.0228 2428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:03:12.0244 2428 Appinfo - ok
    21:03:12.0290 2428 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:03:12.0290 2428 Apple Mobile Device - ok
    21:03:12.0306 2428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    21:03:12.0322 2428 arc - ok
    21:03:12.0337 2428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    21:03:12.0337 2428 arcsas - ok
    21:03:12.0384 2428 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    21:03:12.0384 2428 AsIO - ok
    21:03:12.0415 2428 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
    21:03:12.0415 2428 AsUpIO - ok
    21:03:12.0431 2428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:03:12.0431 2428 AsyncMac - ok
    21:03:12.0446 2428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:03:12.0446 2428 atapi - ok
    21:03:12.0493 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:03:12.0509 2428 AudioEndpointBuilder - ok
    21:03:12.0524 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:03:12.0524 2428 AudioSrv - ok
    21:03:12.0556 2428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:03:12.0571 2428 AxInstSV - ok
    21:03:12.0602 2428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    21:03:12.0618 2428 b06bdrv - ok
    21:03:12.0649 2428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:03:12.0649 2428 b57nd60a - ok
    21:03:12.0680 2428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:03:12.0696 2428 BDESVC - ok
    21:03:12.0712 2428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:03:12.0727 2428 Beep - ok
    21:03:12.0774 2428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:03:12.0790 2428 BFE - ok
    21:03:12.0930 2428 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
    21:03:12.0977 2428 BHDrvx64 - ok
    21:03:13.0024 2428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:03:13.0039 2428 BITS - ok
    21:03:13.0055 2428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:03:13.0055 2428 blbdrive - ok
    21:03:13.0117 2428 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:03:13.0127 2428 Bonjour Service - ok
    21:03:13.0157 2428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:03:13.0157 2428 bowser - ok
    21:03:13.0187 2428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:03:13.0187 2428 BrFiltLo - ok
    21:03:13.0197 2428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:03:13.0207 2428 BrFiltUp - ok
    21:03:13.0237 2428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:03:13.0237 2428 Browser - ok
    21:03:13.0267 2428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:03:13.0277 2428 Brserid - ok
    21:03:13.0297 2428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:03:13.0307 2428 BrSerWdm - ok
    21:03:13.0317 2428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:03:13.0317 2428 BrUsbMdm - ok
    21:03:13.0347 2428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:03:13.0347 2428 BrUsbSer - ok
    21:03:13.0367 2428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    21:03:13.0367 2428 BTHMODEM - ok
    21:03:13.0417 2428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:03:13.0427 2428 bthserv - ok
    21:03:13.0447 2428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:03:13.0447 2428 cdfs - ok
    21:03:13.0497 2428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:03:13.0497 2428 cdrom - ok
    21:03:13.0537 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:03:13.0537 2428 CertPropSvc - ok
    21:03:13.0567 2428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:03:13.0567 2428 circlass - ok
    21:03:13.0607 2428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:03:13.0617 2428 CLFS - ok
    21:03:13.0677 2428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:03:13.0687 2428 clr_optimization_v2.0.50727_32 - ok
    21:03:13.0752 2428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:03:13.0757 2428 clr_optimization_v2.0.50727_64 - ok
    21:03:13.0825 2428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:03:13.0830 2428 clr_optimization_v4.0.30319_32 - ok
    21:03:13.0857 2428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:03:13.0862 2428 clr_optimization_v4.0.30319_64 - ok
    21:03:13.0872 2428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:03:13.0882 2428 CmBatt - ok
    21:03:13.0907 2428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:03:13.0910 2428 cmdide - ok
    21:03:13.0952 2428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:03:13.0962 2428 CNG - ok
    21:03:13.0975 2428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:03:13.0975 2428 Compbatt - ok
    21:03:14.0015 2428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:03:14.0015 2428 CompositeBus - ok
    21:03:14.0035 2428 COMSysApp - ok
    21:03:14.0045 2428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    21:03:14.0045 2428 crcdisk - ok
    21:03:14.0085 2428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:03:14.0085 2428 CryptSvc - ok
    21:03:14.0135 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:03:14.0145 2428 DcomLaunch - ok
    21:03:14.0165 2428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:03:14.0175 2428 defragsvc - ok
    21:03:14.0235 2428 [ 4B7C99C585A7BE24BE410389071D9F14 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
    21:03:14.0235 2428 Device Handle Service - ok
    21:03:14.0265 2428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:03:14.0265 2428 DfsC - ok
    21:03:14.0305 2428 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
    21:03:14.0315 2428 DgiVecp - ok
    21:03:14.0335 2428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:03:14.0335 2428 Dhcp - ok
    21:03:14.0355 2428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:03:14.0355 2428 discache - ok
    21:03:14.0375 2428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    21:03:14.0385 2428 Disk - ok
    21:03:14.0425 2428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:03:14.0425 2428 Dnscache - ok
    21:03:14.0465 2428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:03:14.0475 2428 dot3svc - ok
    21:03:14.0505 2428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:03:14.0515 2428 DPS - ok
    21:03:14.0535 2428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:03:14.0535 2428 drmkaud - ok
    21:03:14.0587 2428 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
    21:03:14.0597 2428 DrvAgent64 - ok
    21:03:14.0627 2428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:03:14.0637 2428 DXGKrnl - ok
    21:03:14.0667 2428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:03:14.0677 2428 EapHost - ok
    21:03:14.0757 2428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    21:03:14.0837 2428 ebdrv - ok
    21:03:14.0877 2428 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    21:03:14.0887 2428 eeCtrl - ok
    21:03:14.0917 2428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:03:14.0927 2428 EFS - ok
    21:03:14.0972 2428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:03:14.0984 2428 ehRecvr - ok
    21:03:15.0029 2428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:03:15.0034 2428 ehSched - ok
    21:03:15.0072 2428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    21:03:15.0089 2428 elxstor - ok
    21:03:15.0137 2428 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    21:03:15.0139 2428 EraserUtilRebootDrv - ok
    21:03:15.0207 2428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:03:15.0212 2428 ErrDev - ok
    21:03:15.0272 2428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:03:15.0284 2428 EventSystem - ok
    21:03:15.0312 2428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:03:15.0317 2428 exfat - ok
    21:03:15.0344 2428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:03:15.0352 2428 fastfat - ok
    21:03:15.0409 2428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:03:15.0422 2428 Fax - ok
    21:03:15.0454 2428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:03:15.0457 2428 fdc - ok
    21:03:15.0477 2428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:03:15.0479 2428 fdPHost - ok
    21:03:15.0494 2428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:03:15.0499 2428 FDResPub - ok
    21:03:15.0524 2428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:03:15.0527 2428 FileInfo - ok
    21:03:15.0544 2428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:03:15.0547 2428 Filetrace - ok
    21:03:15.0574 2428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:03:15.0577 2428 flpydisk - ok
    21:03:15.0614 2428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:03:15.0634 2428 FltMgr - ok
    21:03:15.0699 2428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:03:15.0722 2428 FontCache - ok
    21:03:15.0782 2428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:03:15.0794 2428 FontCache3.0.0.0 - ok
    21:03:15.0809 2428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:03:15.0812 2428 FsDepends - ok
    21:03:15.0834 2428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:03:15.0839 2428 Fs_Rec - ok
    21:03:15.0887 2428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:03:15.0899 2428 fvevol - ok
    21:03:15.0954 2428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:03:15.0959 2428 gagp30kx - ok
    21:03:16.0017 2428 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:03:16.0019 2428 GEARAspiWDM - ok
    21:03:16.0109 2428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:03:16.0129 2428 gpsvc - ok
    21:03:16.0269 2428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:03:16.0274 2428 gupdate - ok
    21:03:16.0392 2428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:03:16.0394 2428 gupdatem - ok
    21:03:16.0422 2428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:03:16.0434 2428 hcw85cir - ok
    21:03:16.0539 2428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:03:16.0547 2428 HdAudAddService - ok
    21:03:16.0579 2428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:03:16.0582 2428 HDAudBus - ok
    21:03:16.0604 2428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    21:03:16.0607 2428 HidBatt - ok
    21:03:16.0627 2428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    21:03:16.0629 2428 HidBth - ok
    21:03:16.0644 2428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:03:16.0647 2428 HidIr - ok
    21:03:16.0659 2428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    21:03:16.0664 2428 hidserv - ok
    21:03:16.0684 2428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    21:03:16.0687 2428 HidUsb - ok
    21:03:16.0729 2428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:03:16.0732 2428 hkmsvc - ok
    21:03:16.0767 2428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:03:16.0774 2428 HomeGroupListener - ok
    21:03:16.0807 2428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:03:16.0814 2428 HomeGroupProvider - ok
    21:03:16.0842 2428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:03:16.0847 2428 HpSAMD - ok
    21:03:16.0892 2428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:03:16.0914 2428 HTTP - ok
    21:03:16.0947 2428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:03:16.0949 2428 hwpolicy - ok
    21:03:16.0964 2428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:03:16.0967 2428 i8042prt - ok
    21:03:17.0004 2428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:03:17.0014 2428 iaStorV - ok
    21:03:17.0064 2428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:03:17.0079 2428 idsvc - ok
    21:03:17.0159 2428 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSvia64.sys
    21:03:17.0169 2428 IDSVia64 - ok
    21:03:17.0399 2428 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:03:17.0603 2428 igfx - ok
    21:03:17.0628 2428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    21:03:17.0630 2428 iirsp - ok
    21:03:17.0665 2428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:03:17.0680 2428 IKEEXT - ok
    21:03:17.0735 2428 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:03:17.0780 2428 IntcAzAudAddService - ok
    21:03:17.0818 2428 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    21:03:17.0823 2428 IntcHdmiAddService - ok
    21:03:17.0845 2428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:03:17.0848 2428 intelide - ok
    21:03:17.0865 2428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:03:17.0883 2428 intelppm - ok
    21:03:17.0905 2428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:03:17.0920 2428 IPBusEnum - ok
    21:03:17.0948 2428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:03:17.0950 2428 IpFilterDriver - ok
    21:03:17.0998 2428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:03:18.0008 2428 iphlpsvc - ok
    21:03:18.0043 2428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:03:18.0045 2428 IPMIDRV - ok
    21:03:18.0065 2428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:03:18.0070 2428 IPNAT - ok
    21:03:18.0143 2428 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:03:18.0155 2428 iPod Service - ok
    21:03:18.0175 2428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:03:18.0178 2428 IRENUM - ok
    21:03:18.0198 2428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:03:18.0200 2428 isapnp - ok
    21:03:18.0225 2428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:03:18.0233 2428 iScsiPrt - ok
    21:03:18.0248 2428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    21:03:18.0250 2428 kbdclass - ok
    21:03:18.0270 2428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    21:03:18.0273 2428 kbdhid - ok
    21:03:18.0285 2428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:03:18.0290 2428 KeyIso - ok
    21:03:18.0313 2428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:03:18.0315 2428 KSecDD - ok
    21:03:18.0340 2428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:03:18.0343 2428 KSecPkg - ok
    21:03:18.0358 2428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:03:18.0360 2428 ksthunk - ok
    21:03:18.0403 2428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:03:18.0420 2428 KtmRm - ok
    21:03:18.0453 2428 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
    21:03:18.0455 2428 L1E - ok
    21:03:18.0485 2428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:03:18.0493 2428 LanmanServer - ok
    21:03:18.0520 2428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:03:18.0525 2428 LanmanWorkstation - ok
    21:03:18.0558 2428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:03:18.0560 2428 lltdio - ok
    21:03:18.0590 2428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:03:18.0613 2428 lltdsvc - ok
    21:03:18.0630 2428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:03:18.0635 2428 lmhosts - ok
    21:03:18.0663 2428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:03:18.0668 2428 LSI_FC - ok
    21:03:18.0685 2428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:03:18.0688 2428 LSI_SAS - ok
    21:03:18.0705 2428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:03:18.0710 2428 LSI_SAS2 - ok
    21:03:18.0728 2428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:03:18.0733 2428 LSI_SCSI - ok
    21:03:18.0765 2428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:03:18.0768 2428 luafv - ok
    21:03:18.0820 2428 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:03:18.0823 2428 MBAMProtector - ok
    21:03:18.0870 2428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:03:18.0875 2428 MBAMScheduler - ok
    21:03:18.0910 2428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    21:03:18.0923 2428 MBAMService - ok
    21:03:18.0953 2428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:03:18.0968 2428 Mcx2Svc - ok
    21:03:18.0988 2428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    21:03:18.0990 2428 megasas - ok
    21:03:19.0013 2428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    21:03:19.0020 2428 MegaSR - ok
    21:03:19.0043 2428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:03:19.0048 2428 MMCSS - ok
    21:03:19.0063 2428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:03:19.0065 2428 Modem - ok
    21:03:19.0093 2428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:03:19.0098 2428 monitor - ok
    21:03:19.0125 2428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    21:03:19.0128 2428 mouclass - ok
    21:03:19.0138 2428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:03:19.0140 2428 mouhid - ok
    21:03:19.0178 2428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    21:03:20.0459 2428 NetBT - ok
    21:03:20.0486 2428 [ 5167CA339A8A36FEC32B03EC8FDBBF64 ] NETGEARUHOST C:\Windows\system32\DRIVERS\NETGEARUHOST.sys21:03:19.0180 2428 mountmgr - ok
    21:03:19.0215 2428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:03:19.0218 2428 mpio - ok
    21:03:19.0250 2428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:03:19.0253 2428 mpsdrv - ok
    21:03:19.0293 2428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:03:19.0308 2428 MpsSvc - ok
    21:03:19.0340 2428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:03:19.0343 2428 MRxDAV - ok
    21:03:19.0378 2428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:03:19.0383 2428 mrxsmb - ok
    21:03:19.0400 2428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:03:19.0420 2428 mrxsmb10 - ok
    21:03:19.0438 2428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:03:19.0443 2428 mrxsmb20 - ok
    21:03:19.0460 2428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:03:19.0463 2428 msahci - ok
    21:03:19.0483 2428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:03:19.0488 2428 msdsm - ok
    21:03:19.0503 2428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:03:19.0508 2428 MSDTC - ok
    21:03:19.0545 2428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:03:19.0548 2428 Msfs - ok
    21:03:19.0560 2428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:03:19.0574 2428 mshidkmdf - ok
    21:03:19.0604 2428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:03:19.0606 2428 msisadrv - ok
    21:03:19.0641 2428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:03:19.0654 2428 MSiSCSI - ok
    21:03:19.0661 2428 msiserver - ok
    21:03:19.0686 2428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:03:19.0689 2428 MSKSSRV - ok
    21:03:19.0704 2428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:03:19.0706 2428 MSPCLOCK - ok
    21:03:19.0724 2428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:03:19.0726 2428 MSPQM - ok
    21:03:19.0754 2428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:03:19.0761 2428 MsRPC - ok
    21:03:19.0799 2428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:03:19.0811 2428 mssmbios - ok
    21:03:19.0831 2428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:03:19.0834 2428 MSTEE - ok
    21:03:19.0851 2428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    21:03:19.0854 2428 MTConfig - ok
    21:03:19.0891 2428 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    21:03:19.0894 2428 MTsensor - ok
    21:03:19.0911 2428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:03:19.0914 2428 Mup - ok
    21:03:19.0959 2428 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
    21:03:19.0961 2428 N360 - ok
    21:03:20.0001 2428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:03:20.0011 2428 napagent - ok
    21:03:20.0046 2428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:03:20.0051 2428 NativeWifiP - ok
    21:03:20.0101 2428 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\ENG64.SYS
    21:03:20.0106 2428 NAVENG - ok
    21:03:20.0159 2428 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\EX64.SYS
    21:03:20.0204 2428 NAVEX15 - ok
    21:03:20.0249 2428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:03:20.0264 2428 NDIS - ok
    21:03:20.0286 2428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:03:20.0291 2428 NdisCap - ok
    21:03:20.0311 2428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:03:20.0314 2428 NdisTapi - ok
    21:03:20.0346 2428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:03:20.0351 2428 Ndisuio - ok
    21:03:20.0379 2428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:03:20.0384 2428 NdisWan - ok
    21:03:20.0411 2428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:03:20.0416 2428 NDProxy - ok
    21:03:20.0431 2428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:03:20.0436 2428 NetBIOS - ok
    21:03:20.0454 2428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:03:20.0489 2428 NETGEARUHOST - ok
    21:03:20.0516 2428 [ A6068421D3A33255F9D77DFDE29C8416 ] NETGEARUHUB C:\Windows\system32\DRIVERS\NETGEARUHUB.sys
    21:03:20.0519 2428 NETGEARUHUB - ok
    21:03:20.0534 2428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:03:20.0536 2428 Netlogon - ok
    21:03:20.0569 2428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:03:20.0576 2428 Netman - ok
    21:03:20.0594 2428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:03:20.0604 2428 netprofm - ok
    21:03:20.0629 2428 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    21:03:20.0639 2428 netr28x - ok
    21:03:20.0664 2428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:03:20.0669 2428 NetTcpPortSharing - ok
    21:03:20.0696 2428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    21:03:20.0699 2428 nfrd960 - ok
    21:03:20.0734 2428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:03:20.0741 2428 NlaSvc - ok
    21:03:20.0759 2428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:03:20.0761 2428 Npfs - ok
    21:03:20.0779 2428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:03:20.0781 2428 nsi - ok
    21:03:20.0791 2428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:03:20.0794 2428 nsiproxy - ok
    21:03:20.0861 2428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:03:20.0896 2428 Ntfs - ok
    21:03:20.0909 2428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:03:20.0911 2428 Null - ok
    21:03:20.0939 2428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:03:20.0944 2428 nvraid - ok
    21:03:20.0976 2428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:03:20.0979 2428 nvstor - ok
    21:03:20.0996 2428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:03:21.0001 2428 nv_agp - ok
    21:03:21.0016 2428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:03:21.0021 2428 ohci1394 - ok
    21:03:21.0046 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:03:21.0054 2428 p2pimsvc - ok
    21:03:21.0074 2428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:03:21.0081 2428 p2psvc - ok
    21:03:21.0104 2428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    21:03:21.0116 2428 Parport - ok
    21:03:21.0136 2428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:03:21.0139 2428 partmgr - ok
    21:03:21.0156 2428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:03:21.0161 2428 PcaSvc - ok
    21:03:21.0176 2428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:03:21.0181 2428 pci - ok
    21:03:21.0191 2428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:03:21.0194 2428 pciide - ok
    21:03:21.0216 2428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:03:21.0224 2428 pcmcia - ok
    21:03:21.0241 2428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:03:21.0246 2428 pcw - ok
    21:03:21.0269 2428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:03:21.0279 2428 PEAUTH - ok
    21:03:21.0344 2428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:03:21.0349 2428 PerfHost - ok
    21:03:21.0421 2428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:03:21.0459 2428 pla - ok
    21:03:21.0496 2428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:03:21.0506 2428 PlugPlay - ok
    21:03:21.0536 2428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:03:21.0566 2428 PNRPAutoReg - ok
    21:03:21.0604 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:03:21.0609 2428 PNRPsvc - ok
    21:03:21.0664 2428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:03:21.0674 2428 PolicyAgent - ok
    21:03:21.0704 2428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:03:21.0709 2428 Power - ok
    21:03:21.0724 2428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:03:21.0729 2428 PptpMiniport - ok
    21:03:21.0744 2428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:03:21.0746 2428 Processor - ok
    21:03:21.0791 2428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:03:21.0796 2428 ProfSvc - ok
    21:03:21.0809 2428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:03:21.0809 2428 ProtectedStorage - ok
    21:03:21.0856 2428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:03:21.0859 2428 Psched - ok
    21:03:21.0901 2428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    21:03:21.0944 2428 ql2300 - ok
    21:03:21.0961 2428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    21:03:21.0966 2428 ql40xx - ok
    21:03:21.0989 2428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:03:22.0006 2428 QWAVE - ok
    21:03:22.0031 2428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:03:22.0034 2428 QWAVEdrv - ok
    21:03:22.0074 2428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:03:22.0084 2428 RasAcd - ok
    21:03:22.0134 2428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
  10. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    21:03:22.0139 2428 RasAgileVpn - ok
    21:03:22.0159 2428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:03:22.0199 2428 RasAuto - ok
    21:03:22.0236 2428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:03:22.0261 2428 Rasl2tp - ok
    21:03:22.0284 2428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:03:22.0294 2428 RasMan - ok
    21:03:22.0319 2428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:03:22.0324 2428 RasPppoe - ok
    21:03:22.0349 2428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:03:22.0354 2428 RasSstp - ok
    21:03:22.0389 2428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:03:22.0396 2428 rdbss - ok
    21:03:22.0419 2428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    21:03:22.0421 2428 rdpbus - ok
    21:03:22.0441 2428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:03:22.0444 2428 RDPCDD - ok
    21:03:22.0466 2428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:03:22.0469 2428 RDPENCDD - ok
    21:03:22.0489 2428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:03:22.0491 2428 RDPREFMP - ok
    21:03:22.0519 2428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:03:22.0524 2428 RDPWD - ok
    21:03:22.0566 2428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:03:22.0571 2428 rdyboost - ok
    21:03:22.0591 2428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:03:22.0609 2428 RemoteAccess - ok
    21:03:22.0626 2428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:03:22.0634 2428 RemoteRegistry - ok
    21:03:22.0656 2428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:03:22.0659 2428 RpcEptMapper - ok
    21:03:22.0671 2428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:03:22.0681 2428 RpcLocator - ok
    21:03:22.0721 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:03:22.0729 2428 RpcSs - ok
    21:03:22.0746 2428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:03:22.0751 2428 rspndr - ok
    21:03:22.0799 2428 [ EABC640DD0E22C0AE213BE60FDECDF05 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
    21:03:22.0801 2428 S3XXx64 - ok
    21:03:22.0814 2428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:03:22.0816 2428 SamSs - ok
    21:03:22.0871 2428 [ 2C31378A5695526E99ADAB928157B992 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
    21:03:22.0894 2428 Samsung UPD Service2 - ok
    21:03:22.0931 2428 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    21:03:22.0934 2428 sbapifs - ok
    21:03:22.0974 2428 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
    21:03:22.0979 2428 SbFw - ok
    21:03:23.0004 2428 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
    21:03:23.0009 2428 SBFWIMCL - ok
    21:03:23.0029 2428 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
    21:03:23.0031 2428 SBFWIMCLMP - ok
    21:03:23.0054 2428 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
    21:03:23.0056 2428 sbhips - ok
    21:03:23.0086 2428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:03:23.0089 2428 sbp2port - ok
    21:03:23.0109 2428 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    21:03:23.0111 2428 SBRE - ok
    21:03:23.0131 2428 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
    21:03:23.0134 2428 sbwtis - ok
    21:03:23.0156 2428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:03:23.0161 2428 SCardSvr - ok
    21:03:23.0184 2428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:03:23.0186 2428 scfilter - ok
    21:03:23.0239 2428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:03:23.0269 2428 Schedule - ok
    21:03:23.0371 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:03:23.0371 2428 SCPolicySvc - ok
    21:03:23.0381 2428 [ EABC640DD0E22C0AE213BE60FDECDF05 ] SCR3xx USB Smart Card Reader64 C:\Windows\system32\DRIVERS\S3XXx64.sys
    21:03:23.0381 2428 SCR3xx USB Smart Card Reader64 - ok
    21:03:23.0424 2428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:03:23.0429 2428 SDRSVC - ok
    21:03:23.0456 2428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:03:23.0459 2428 secdrv - ok
    21:03:23.0474 2428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:03:23.0476 2428 seclogon - ok
    21:03:23.0489 2428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:03:23.0494 2428 SENS - ok
    21:03:23.0516 2428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:03:23.0521 2428 SensrSvc - ok
    21:03:23.0541 2428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    21:03:23.0544 2428 Serenum - ok
    21:03:23.0559 2428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    21:03:23.0561 2428 Serial - ok
    21:03:23.0597 2428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    21:03:23.0600 2428 sermouse - ok
    21:03:23.0627 2428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:03:23.0632 2428 SessionEnv - ok
    21:03:23.0667 2428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:03:23.0670 2428 sffdisk - ok
    21:03:23.0682 2428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:03:23.0685 2428 sffp_mmc - ok
    21:03:23.0700 2428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:03:23.0702 2428 sffp_sd - ok
    21:03:23.0715 2428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:03:23.0717 2428 sfloppy - ok
    21:03:23.0750 2428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:03:23.0757 2428 SharedAccess - ok
    21:03:23.0792 2428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:03:23.0800 2428 ShellHWDetection - ok
    21:03:23.0837 2428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:03:23.0840 2428 SiSRaid2 - ok
    21:03:23.0857 2428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    21:03:23.0865 2428 SiSRaid4 - ok
    21:03:23.0887 2428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:03:23.0892 2428 Smb - ok
    21:03:23.0922 2428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:03:23.0935 2428 SNMPTRAP - ok
    21:03:23.0952 2428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:03:23.0957 2428 spldr - ok
    21:03:23.0987 2428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:03:23.0997 2428 Spooler - ok
    21:03:24.0100 2428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:03:24.0177 2428 sppsvc - ok
    21:03:24.0195 2428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:03:24.0200 2428 sppuinotify - ok
    21:03:24.0262 2428 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
    21:03:24.0275 2428 SRTSP - ok
    21:03:24.0295 2428 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
    21:03:24.0297 2428 SRTSPX - ok
    21:03:24.0335 2428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:03:24.0342 2428 srv - ok
    21:03:24.0360 2428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:03:24.0367 2428 srv2 - ok
    21:03:24.0402 2428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:03:24.0407 2428 srvnet - ok
    21:03:24.0430 2428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:03:24.0435 2428 SSDPSRV - ok
    21:03:24.0470 2428 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
    21:03:24.0472 2428 SSPORT - ok
    21:03:24.0492 2428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:03:24.0512 2428 SstpSvc - ok
    21:03:24.0537 2428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    21:03:24.0547 2428 stexstor - ok
    21:03:24.0582 2428 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    21:03:24.0585 2428 StillCam - ok
    21:03:24.0635 2428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:03:24.0647 2428 stisvc - ok
    21:03:24.0672 2428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:03:24.0675 2428 swenum - ok
    21:03:24.0700 2428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:03:24.0715 2428 swprv - ok
    21:03:24.0762 2428 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
    21:03:24.0772 2428 SymDS - ok
    21:03:24.0822 2428 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
    21:03:24.0840 2428 SymEFA - ok
    21:03:24.0905 2428 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    21:03:24.0910 2428 SymEvent - ok
    21:03:24.0940 2428 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
    21:03:24.0945 2428 SymIRON - ok
    21:03:24.0980 2428 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
    21:03:24.0995 2428 SymNetS - ok
    21:03:25.0110 2428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:03:25.0152 2428 SysMain - ok
    21:03:25.0172 2428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:03:25.0177 2428 TabletInputService - ok
    21:03:25.0200 2428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:03:25.0207 2428 TapiSrv - ok
    21:03:25.0247 2428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:03:25.0262 2428 TBS - ok
    21:03:25.0400 2428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:03:25.0442 2428 Tcpip - ok
    21:03:25.0520 2428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:03:25.0545 2428 TCPIP6 - ok
    21:03:25.0575 2428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:03:25.0577 2428 tcpipreg - ok
    21:03:25.0607 2428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:03:25.0610 2428 TDPIPE - ok
    21:03:25.0637 2428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:03:25.0640 2428 TDTCP - ok
    21:03:25.0685 2428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:03:25.0697 2428 tdx - ok
    21:03:25.0722 2428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:03:25.0725 2428 TermDD - ok
    21:03:25.0770 2428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:03:25.0782 2428 TermService - ok
    21:03:25.0802 2428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:03:25.0807 2428 Themes - ok
    21:03:25.0837 2428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:03:25.0840 2428 THREADORDER - ok
    21:03:25.0867 2428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:03:25.0872 2428 TrkWks - ok
    21:03:25.0975 2428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:03:25.0980 2428 TrustedInstaller - ok
    21:03:26.0012 2428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:03:26.0017 2428 tssecsrv - ok
    21:03:26.0040 2428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:03:26.0050 2428 TsUsbFlt - ok
    21:03:26.0122 2428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:03:26.0135 2428 tunnel - ok
    21:03:26.0157 2428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    21:03:26.0160 2428 uagp35 - ok
    21:03:26.0205 2428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:03:26.0215 2428 udfs - ok
    21:03:26.0242 2428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:03:26.0247 2428 UI0Detect - ok
    21:03:26.0277 2428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:03:26.0285 2428 uliagpkx - ok
    21:03:26.0322 2428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:03:26.0327 2428 umbus - ok
    21:03:26.0342 2428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:03:26.0345 2428 UmPass - ok
    21:03:26.0370 2428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:03:26.0380 2428 upnphost - ok
    21:03:26.0405 2428 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:03:26.0410 2428 USBAAPL64 - ok
    21:03:26.0432 2428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:03:26.0447 2428 usbccgp - ok
    21:03:26.0480 2428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:03:26.0495 2428 usbcir - ok
    21:03:26.0512 2428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:03:26.0515 2428 usbehci - ok
    21:03:26.0530 2428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:03:26.0537 2428 usbhub - ok
    21:03:26.0550 2428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:03:26.0552 2428 usbohci - ok
    21:03:26.0572 2428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:03:26.0582 2428 usbprint - ok
    21:03:26.0600 2428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:03:26.0602 2428 USBSTOR - ok
    21:03:26.0627 2428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:03:26.0630 2428 usbuhci - ok
    21:03:26.0645 2428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:03:26.0650 2428 UxSms - ok
    21:03:26.0695 2428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:03:26.0697 2428 VaultSvc - ok
    21:03:26.0757 2428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:03:26.0802 2428 vdrvroot - ok
    21:03:26.0860 2428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:03:26.0870 2428 vds - ok
    21:03:26.0897 2428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:03:26.0900 2428 vga - ok
    21:03:26.0917 2428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:03:26.0920 2428 VgaSave - ok
    21:03:26.0940 2428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:03:26.0945 2428 vhdmp - ok
    21:03:26.0960 2428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:03:26.0962 2428 viaide - ok
    21:03:26.0980 2428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:03:26.0985 2428 volmgr - ok
    21:03:27.0010 2428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:03:27.0017 2428 volmgrx - ok
    21:03:27.0037 2428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:03:27.0042 2428 volsnap - ok
    21:03:27.0062 2428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    21:03:27.0065 2428 vsmraid - ok
    21:03:27.0125 2428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:03:27.0167 2428 VSS - ok
    21:03:27.0185 2428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:03:27.0187 2428 vwifibus - ok
    21:03:27.0200 2428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:03:27.0202 2428 vwififlt - ok
    21:03:27.0230 2428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:03:27.0237 2428 W32Time - ok
    21:03:27.0250 2428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    21:03:27.0265 2428 WacomPen - ok
    21:03:27.0292 2428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:03:27.0295 2428 WANARP - ok
    21:03:27.0302 2428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:03:27.0305 2428 Wanarpv6 - ok
    21:03:27.0370 2428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:03:27.0405 2428 WatAdminSvc - ok
    21:03:27.0450 2428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:03:27.0487 2428 wbengine - ok
    21:03:27.0502 2428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:03:27.0517 2428 WbioSrvc - ok
    21:03:27.0542 2428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:03:27.0552 2428 wcncsvc - ok
    21:03:27.0560 2428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:03:27.0565 2428 WcsPlugInService - ok
    21:03:27.0577 2428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    21:03:27.0582 2428 Wd - ok
    21:03:27.0610 2428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:03:27.0620 2428 Wdf01000 - ok
    21:03:27.0645 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:03:27.0650 2428 WdiServiceHost - ok
    21:03:27.0655 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:03:27.0660 2428 WdiSystemHost - ok
    21:03:27.0680 2428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:03:27.0687 2428 WebClient - ok
    21:03:27.0705 2428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:03:27.0712 2428 Wecsvc - ok
    21:03:27.0730 2428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:03:27.0735 2428 wercplsupport - ok
    21:03:27.0752 2428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:03:27.0757 2428 WerSvc - ok
    21:03:27.0770 2428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:03:27.0772 2428 WfpLwf - ok
    21:03:27.0787 2428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:03:27.0792 2428 WIMMount - ok
    21:03:27.0817 2428 WinDefend - ok
    21:03:27.0827 2428 WinHttpAutoProxySvc - ok
    21:03:27.0867 2428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:03:27.0872 2428 Winmgmt - ok
    21:03:27.0940 2428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:03:27.0997 2428 WinRM - ok
    21:03:28.0082 2428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:03:28.0092 2428 WinUsb - ok
    21:03:28.0120 2428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:03:28.0142 2428 Wlansvc - ok
    21:03:28.0430 2428 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:03:28.0485 2428 wlidsvc - ok
    21:03:28.0525 2428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:03:28.0532 2428 WmiAcpi - ok
    21:03:28.0586 2428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:03:28.0613 2428 wmiApSrv - ok
    21:03:28.0651 2428 WMPNetworkSvc - ok
    21:03:28.0673 2428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:03:28.0693 2428 WPCSvc - ok
    21:03:28.0731 2428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:03:28.0766 2428 WPDBusEnum - ok
    21:03:28.0801 2428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:03:28.0803 2428 ws2ifsl - ok
    21:03:28.0818 2428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    21:03:28.0826 2428 wscsvc - ok
    21:03:28.0836 2428 WSearch - ok
    21:03:28.0953 2428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:03:29.0016 2428 wuauserv - ok
    21:03:29.0056 2428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:03:29.0066 2428 WudfPf - ok
    21:03:29.0088 2428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:03:29.0096 2428 WUDFRd - ok
    21:03:29.0121 2428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:03:29.0126 2428 wudfsvc - ok
    21:03:29.0153 2428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:03:29.0161 2428 WwanSvc - ok
    21:03:29.0188 2428 ================ Scan global ===============================
    21:03:29.0216 2428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:03:29.0266 2428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:03:29.0321 2428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:03:29.0373 2428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:03:29.0423 2428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:03:29.0433 2428 [Global] - ok
    21:03:29.0433 2428 ================ Scan MBR ==================================
    21:03:29.0438 2428 [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0
    21:03:29.0441 2428 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    21:03:29.0506 2428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    21:03:29.0506 2428 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    21:03:29.0506 2428 ================ Scan VBR ==================================
    21:03:29.0533 2428 [ 4538A8B0E4C66B9BBC107D9BABB6D11B ] \Device\Harddisk0\DR0\Partition1
    21:03:29.0548 2428 \Device\Harddisk0\DR0\Partition1 - ok
    21:03:29.0571 2428 [ 0E7AA56F9422C8DC71D0A74BA84904E4 ] \Device\Harddisk0\DR0\Partition2
    21:03:29.0573 2428 \Device\Harddisk0\DR0\Partition2 - ok
    21:03:29.0573 2428 ============================================================
    21:03:29.0573 2428 Scan finished
    21:03:29.0573 2428 ============================================================
    21:03:29.0598 3308 Detected object count: 1
    21:03:29.0598 3308 Actual detected object count: 1
    21:04:34.0521 3308 \Device\Harddisk0\DR0\# - copied to quarantine
    21:04:34.0551 3308 \Device\Harddisk0\DR0 - copied to quarantine
    21:04:34.0631 3308 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    21:04:34.0631 3308 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    21:04:34.0661 3308 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:04:34.0671 3308 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:04:34.0691 3308 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    21:04:34.0701 3308 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    21:04:34.0721 3308 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    21:04:34.0741 3308 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    21:04:34.0761 3308 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:04:34.0781 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    21:04:34.0781 3308 \Device\Harddisk0\DR0 - ok
    21:04:34.0811 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    21:09:42.0844 3952 Deinitialize success
  11. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Good :)

    Re-run MBAM in normal mode and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    MBAM log
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.19.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    KungFu Semi-Truckerz :: KUNGFUSEMI-TRUC [administrator]
    Protection: Enabled
    10/19/2012 9:47:36 PM
    mbam-log-2012-10-19 (21-47-36).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 357065
    Time elapsed: 1 hour(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  13. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Rogue Killer Log 1
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : KungFu Semi-Truckerz [Admin rights]
    Mode : Scan -- Date : 10/19/2012 23:03:08
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST31000528AS ATA Device +++++
    --- User ---
    [MBR] 473dd1ea403067f7a1d8268a366b5be7
    [BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 8197 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 381551 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 798205590 | Size: 564118 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    Rogue Killer Log 2
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : KungFu Semi-Truckerz [Admin rights]
    Mode : Remove -- Date : 10/19/2012 23:03:30
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST31000528AS ATA Device +++++
    --- User ---
    [MBR] 473dd1ea403067f7a1d8268a366b5be7
    [BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 8197 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 381551 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 798205590 | Size: 564118 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  14. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    aswMBR log
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-19 23:04:43
    -----------------------------
    23:04:43.583 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:04:43.583 Number of processors: 2 586 0x170A
    23:04:43.583 ComputerName: KUNGFUSEMI-TRUC UserName:
    23:04:47.483 Initialize success
    23:06:31.945 AVAST engine defs: 12101901
    23:06:51.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:06:51.874 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
    23:06:51.884 Disk 0 MBR read successfully
    23:06:51.888 Disk 0 MBR scan
    23:06:51.896 Disk 0 unknown MBR code
    23:06:51.901 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
    23:06:51.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381551 MB offset 16787925
    23:06:51.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 564118 MB offset 798205590
    23:06:51.979 Disk 0 scanning C:\Windows\system32\drivers
    23:07:03.696 Service scanning
    23:07:26.576 Modules scanning
    23:07:26.588 Disk 0 trace - called modules:
    23:07:26.613 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
    23:07:26.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e57060]
    23:07:26.631 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8005c48580]
    23:07:26.639 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c4a060]
    23:07:29.109 AVAST engine scan C:\Windows
    23:07:34.038 AVAST engine scan C:\Windows\system32
    23:12:14.298 AVAST engine scan C:\Windows\system32\drivers
    23:12:34.560 AVAST engine scan C:\Users\KungFu Semi-Truckerz
    23:18:29.747 AVAST engine scan C:\ProgramData
    23:19:20.274 Scan finished successfully
    23:20:08.041 Disk 0 MBR has been saved successfully to "C:\Users\KungFu Semi-Truckerz\Desktop\New folder\MBR.dat"
    23:20:08.054 The log file has been saved successfully to "C:\Users\KungFu Semi-Truckerz\Desktop\New folder\aswMBR.txt"
  15. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Good job :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  16. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    ComboFix 12-10-19.01 - KungFu Semi-Truckerz 10/20/2012 18:35:27.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5885.4701 [GMT -4:00]
    Running from: c:\users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-20 22:43 . 2012-10-20 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-20 01:04 . 2012-10-20 01:04 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-17 14:14 . 2012-10-17 14:14 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-10-17 01:42 . 2012-10-18 16:51 -------- d-----w- c:\users\KungFu Semi-Truckerz\AppData\Local\NPE
    2012-10-17 01:38 . 2012-10-17 01:38 -------- d-----w- C:\FRST
    2012-10-15 19:23 . 2012-10-16 16:33 129024 ----a-w- c:\windows\RegBootClean64.exe
    2012-10-15 18:16 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-15 16:45 . 2012-10-15 16:45 -------- d-----w- c:\users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
    2012-10-15 16:44 . 2012-10-15 16:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-15 16:44 . 2012-10-18 02:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 00:13 . 2012-10-14 00:13 -------- d-----w- c:\program files\CCleaner
    2012-10-10 14:21 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 14:21 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 14:21 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 14:21 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 14:19 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 14:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-10-10 14:19 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 14:19 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-10 14:19 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 14:19 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 14:18 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 14:18 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 14:18 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 14:18 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 14:18 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 14:18 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 18:18 . 2012-10-09 18:18 -------- d-----w- c:\program files (x86)\MSECache
    2012-09-29 12:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-29 12:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-26 13:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-24 18:10 . 2012-09-24 18:11 -------- d-----w- c:\users\KungFu Semi-Truckerz\ZipForm
    2012-09-22 18:59 . 2012-09-22 18:59 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 00:45 . 2012-02-02 01:20 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 14:31 . 2012-04-28 15:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 14:31 . 2012-02-06 23:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-22 18:12 . 2012-09-12 13:11 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 13:11 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 13:11 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 13:11 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01 . 2012-09-17 15:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01 . 2012-02-03 21:52 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2012-02-03 21:52 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-10 14:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 13:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 13:11 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-07-31 18:23 . 2012-07-31 18:23 70016 ----a-w- c:\windows\system32\drivers\S3XXx64.sys
    2012-07-28 07:09 . 2012-07-28 07:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-07-28 06:54 . 2012-07-28 06:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
    2012-07-26 23:08 . 2012-07-26 23:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
    2012-07-26 23:08 . 2012-07-26 23:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
    2012-07-26 23:08 . 2012-07-26 23:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-07-26 23:08 . 2012-07-26 23:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
    2012-07-26 23:08 . 2012-07-26 23:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
    2012-07-26 19:22 . 2012-07-26 19:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
    2012-07-26 19:22 . 2012-07-26 19:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
    2012-07-26 19:22 . 2012-07-26 19:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
    2012-07-26 19:22 . 2012-07-26 19:22 177096 ----a-w- c:\windows\system32\atl110.dll
    2012-07-26 19:22 . 2012-07-26 19:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Installation Diagnostics"="c:\program files (x86)\Brother\Brmfl05c\Brinstck.exe" [2006-11-04 126976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    SentriLockCardUtility.lnk - c:\windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe [2012-10-16 91648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-03-14 21712]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
    R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [2011-12-02 165456]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
    R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
    R3 SCR3xx USB Smart Card Reader64;SCR3xx USB Smart Card Reader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2012-07-31 70016]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-02 1255736]
    R4 SBAMSvc;Ad-Aware; [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSvia64.sys [2012-09-01 513184]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-05 138912]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 16384]
    S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 40960]
    S3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2012-07-31 70016]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 14:31]
    .
    2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 13:13]
    .
    2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 13:13]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://igoogle.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; cdyjeshxea@cdyjeshxea.org; c:\users\KungFu Semi-Truckerz\Application Data\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-47142672.sys
    Toolbar-Locked - (no file)
    HKLM-Run-SKDaemon.exe - c:\program files\LTONHIS\Touch Manager\SKDaemon.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBAMSvc]
    "ImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
    e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:01,18,bf,1f,1f,ac,cd,01
    .
    [HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-20 18:48:09
    ComboFix-quarantined-files.txt 2012-10-20 22:48
    .
    Pre-Run: 349,766,242,304 bytes free
    Post-Run: 350,131,011,584 bytes free
    .
    - - End Of File - - 47F80F5AD11B005944C7FE89587713D2
  17. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Looks good :)

    Any current issues?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    OTL logfile created on: 10/20/2012 7:22:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KungFu Semi-Truckerz\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 68.67% Memory free
    11.49 Gb Paging File | 9.44 Gb Available in Paging File | 82.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 372.61 Gb Total Space | 326.17 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
    Drive D: | 550.90 Gb Total Space | 316.82 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
    Drive E: | 551.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: KUNGFUSEMI-TRUC | User Name: KungFu Semi-Truckerz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/20 19:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
    PRC - [2009/08/20 01:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
    PRC - [2009/06/04 19:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    PRC - [2007/10/24 10:20:26 | 005,503,432 | ---- | M] (SentriLock LLC) -- C:\Program Files (x86)\SentrilockCardUtility\SentriLockCardUtility.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/06/04 19:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    MOD - [2009/03/25 20:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
    MOD - [2009/03/20 02:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
    MOD - [2009/03/20 02:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
    MOD - [2009/01/15 18:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/12/01 23:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/09 10:31:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/20 01:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/31 14:23:02 | 000,070,016 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (SCR3xx USB Smart Card Reader64)
    DRV:64bit: - [2012/07/31 14:23:02 | 000,070,016 | ---- | M] (Identive) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/19 14:43:12 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2009/08/23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 18:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
    DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV:64bit: - [2007/03/08 17:48:36 | 000,016,384 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
    DRV:64bit: - [2007/03/08 17:48:26 | 000,040,960 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
    DRV - [2012/10/15 13:52:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.022\ex64.sys -- (NAVEX15)
    DRV - [2012/10/15 13:52:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.022\eng64.sys -- (NAVENG)
    DRV - [2012/09/05 09:21:17 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/08/09 10:12:58 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/03/14 19:00:05 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
    IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/08/18 17:50:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/20 12:35:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 11:02:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/02/29 13:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Extensions
    [2012/10/10 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions
    [1832/11/29 02:17:30 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
    [2012/02/29 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SKDaemon.exe] C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe File not found
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
    O4 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe (Brother Industries, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E81A283-E27E-40B0-976E-958A4BB15955}: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\gcf - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/17 14:28:04 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
    O32 - AutoRun File - [2002/07/31 19:40:10 | 000,151,552 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2002/08/28 22:23:59 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/20 19:20:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
    [2012/10/20 18:48:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/20 18:33:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/20 18:33:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/20 18:33:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/20 18:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/20 18:30:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/20 15:21:15 | 004,984,242 | R--- | C] (Swearware) -- C:\Users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
    [2012/10/20 13:11:47 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\Desktop\Anti virus
    [2012/10/19 21:47:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\KungFu Semi-Truckerz\Desktop\aswMBR.exe
    [2012/10/19 21:04:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/17 10:14:48 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
    [2012/10/16 21:42:35 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\AppData\Local\NPE
    [2012/10/16 21:38:21 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/15 14:16:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/15 12:45:18 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
    [2012/10/15 12:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/15 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/15 12:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/13 20:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/10/09 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2012/09/24 14:10:44 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\ZipForm
    [2012/09/22 14:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    [2012/09/22 14:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
    [2012/09/22 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
    [2012/09/22 14:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

    ========== Files - Modified Within 30 Days ==========

    [2012/10/20 19:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
    [2012/10/20 18:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/20 18:28:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/20 18:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/20 15:21:15 | 004,984,242 | R--- | M] (Swearware) -- C:\Users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
    [2012/10/20 15:11:43 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/20 12:41:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/20 12:41:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/20 12:40:58 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2012/10/20 12:34:02 | 333,275,135 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/19 21:47:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\KungFu Semi-Truckerz\Desktop\aswMBR.exe
    [2012/10/19 21:46:53 | 001,425,920 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\Desktop\RogueKiller.exe
    [2012/10/17 22:03:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/17 11:02:37 | 859,255,794 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/17 10:14:48 | 000,167,696 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
    [2012/10/16 13:05:24 | 000,002,557 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SentriLockCardUtility.lnk
    [2012/10/16 13:05:24 | 000,002,539 | ---- | M] () -- C:\Users\Public\Desktop\SentriLockCardUtility.lnk
    [2012/10/16 12:33:24 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
    [2012/10/15 14:32:33 | 000,000,036 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\AppData\Local\housecall.guid.cache
    [2012/10/13 20:13:35 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/10 20:46:41 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/10/10 16:01:45 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/10 16:01:45 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/10 16:01:45 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/05 14:21:22 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
    [2012/10/04 11:39:05 | 000,000,039 | -H-- | M] () -- C:\Users\KungFu Semi-Truckerz\Documents\maxdesk.ini2
    [2012/10/04 11:38:58 | 000,000,276 | -H-- | M] () -- C:\Users\KungFu Semi-Truckerz\Documents\PP11Thumbs.ptn
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/24 14:10:16 | 000,000,088 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\.java.policy
    [2012/09/23 13:23:00 | 000,284,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/22 15:05:04 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/09/22 15:01:54 | 000,017,303 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2012/09/22 15:00:25 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2012/09/22 14:59:23 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/20 18:33:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/20 18:33:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/20 18:33:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/20 18:33:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/20 18:33:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/19 21:46:42 | 001,425,920 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\Desktop\RogueKiller.exe
    [2012/10/15 15:23:08 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2012/10/15 14:32:33 | 000,000,036 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\AppData\Local\housecall.guid.cache
    [2012/10/15 14:16:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/13 20:13:35 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/04 11:39:05 | 000,000,039 | -H-- | C] () -- C:\Users\KungFu Semi-Truckerz\Documents\maxdesk.ini2
    [2012/10/04 11:38:58 | 000,000,276 | -H-- | C] () -- C:\Users\KungFu Semi-Truckerz\Documents\PP11Thumbs.ptn
    [2012/09/24 14:10:16 | 000,000,088 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\.java.policy
    [2012/09/22 15:00:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/09/22 14:59:23 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
    [2012/09/22 14:59:23 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2012/09/22 14:59:22 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
    [2012/09/22 14:59:20 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
    [2012/07/02 21:02:40 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2012/02/19 11:09:23 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
    [2012/02/19 11:01:50 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/02/19 11:01:50 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8460N.DAT
    [2012/02/19 11:00:45 | 000,000,940 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2012/02/19 11:00:45 | 000,000,176 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2012/02/19 10:59:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/02/19 10:59:32 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2012/02/19 10:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/02/19 10:59:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2012/02/19 10:59:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2012/02/18 09:47:38 | 000,034,056 | ---- | C] () -- C:\Windows\MSTMON_T.INI
    [2012/02/17 19:59:19 | 000,000,172 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\.jupload.properties
    [2012/02/16 09:59:02 | 000,034,056 | ---- | C] () -- C:\Windows\MSTMON04.INI
    [2012/02/16 09:59:02 | 000,020,457 | ---- | C] () -- C:\Windows\MSUMLT04.INI
    [2012/02/03 18:51:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/02/03 18:51:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/02/02 21:35:19 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
    [2012/02/02 21:35:17 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
    [2012/02/01 22:23:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
    [2012/02/01 22:22:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/02/01 22:22:41 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/02/01 22:22:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/02/01 22:22:38 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/02/01 22:20:42 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2012/02/01 22:20:05 | 000,024,255 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/02/01 22:19:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/02/01 22:19:50 | 000,017,303 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/02/01 21:00:42 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/17 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Ad-Aware Antivirus
    [2012/02/19 11:38:15 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\ID Vault
    [2012/03/05 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\PC-FAX TX
    [2012/02/02 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\pdf995
    [2012/02/19 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\ScanSoft
    [2012/02/01 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\SentriLock
    [2012/03/14 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Tific
    [2012/09/01 12:19:19 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Extras.txt?

    You didn't say:
    [​IMG]
  20. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Doh! My bad ! *nerd*

    OTL Extras logfile created on: 10/20/2012 7:22:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KungFu Semi-Truckerz\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 68.67% Memory free
    11.49 Gb Paging File | 9.44 Gb Available in Paging File | 82.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 372.61 Gb Total Space | 326.17 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
    Drive D: | 550.90 Gb Total Space | 316.82 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
    Drive E: | 551.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: KUNGFUSEMI-TRUC | User Name: KungFu Semi-Truckerz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0739787F-7249-4D50-B740-9F12B971B8D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{366F076D-5B61-48C6-BE6E-61883B21DD37}" = lport=139 | protocol=6 | dir=in | app=system |
    "{39E22A5F-71A7-4C68-9AE7-93C7EA32681A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{40E0C9FA-A177-48E7-82A2-08193369A2B1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{45539C09-7DFC-42AD-B018-1CD552FB3272}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4A2FB8AB-7F6B-4562-8A18-7E73EB827066}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5692967A-AF71-4B69-A90A-25B438D07DE4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5FECF712-3E62-4389-B93C-04B0D8975C4E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{63717801-1ADC-4306-A2AA-930E769E3D79}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6A4C67A0-F000-4184-83BA-239F69BACD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{734C5EC7-F818-4DAD-B59F-9ECA1ED01825}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7E4111C0-FA7D-4CF7-9F16-D3CA67106167}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8347076A-0576-4360-A47B-BF8BD270EB68}" = lport=445 | protocol=6 | dir=in | app=system |
    "{849600F9-8AA8-420C-9F24-11B3BA037410}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{90452AAE-E815-40AA-B5D2-A53927E5E0F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{9A95F5E3-BB81-4BB9-B6ED-72AD25193F53}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B7FC9EEF-6E79-49F3-9B4B-161131962ABD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BBA53F7B-978B-4E31-9369-D67C743090B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C2F7B223-2F3B-4DEF-8CBC-DA37ABA14228}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D742344B-A53A-454E-A3BD-4143F24809F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D91A290B-0675-4CDC-A25F-0316FB65BD3E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E7426F4D-87B3-4F00-A543-76673DE79D7B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EF1C6B61-D1E2-4EDC-879B-538F36060332}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F5ED2903-ED92-44AE-9953-5E85A79E3955}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9116643-B7DB-4811-B86E-BF1ECCC3A763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02B18BE3-0837-49BA-ADAD-D0D34EDB1A4D}" = protocol=6 | dir=out | app=system |
    "{0B1DA05A-3114-4A13-B2EB-2891E4A8F283}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{111F9741-7906-4C60-A362-1B7766CDC864}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{112C30F4-E41F-4EAF-B8D7-C918C2DD4437}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{136E1D12-B531-4FB1-8C68-298C693179C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{22B344C3-45C5-4708-B44E-D66E3B53155C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2AACE9EA-3FB7-4547-B855-5CD3A86D1271}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{2C4DA330-130A-4601-972F-1CF134BE1943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{33921FAB-507B-410E-8CF3-6E1198AF18D3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C7FFE4D-9DBF-4983-A760-A286DCDF87BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4A190945-B2D9-4B69-B100-DB7ED1EED58A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5F3164EC-ADEE-48F2-81DE-D2D3AECC21EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{64A64E91-1AB1-4D60-9586-9EEB24BDA20F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6E0D13EF-C231-453D-A6C3-B8188524455B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7A3AABC8-64DC-4522-9D73-719130D67ADA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{7FC0B768-1DC1-4EFA-9809-EB9D5AC5FB46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{82E65F4A-2397-4BE7-8F53-B31549E58882}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8B41E766-B855-4B00-B8DC-3C918EECC7BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{90A8A621-C99C-43B1-8E45-BC0FEAFCA12D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{918D73FB-017E-4528-A1D5-866238FFCC04}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
    "{A791A8BD-CB50-40C5-9BF9-A3637E7ABEB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AE226513-1B1E-48DD-A2F2-2BCAD06EEE90}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
    "{B4184512-43C9-4D2E-8E4B-ACC7B936A7C9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B796B149-21D0-413A-B5F5-9ADB16624C9D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{EADB3496-D35B-4D40-B635-56DA9C1C53F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EEB5F131-9734-41FD-A03A-7E09BEABA4EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F55B4FC9-9438-4CB0-97F4-5A0F52B7BA1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F74A6F30-1D77-4594-9A20-DDD5204675E7}" = dir=in | app=c:\users\kungfu semi-truckerz\appdata\local\microsoft\skydrive\skydrive.exe |
    "{FC641978-DAED-4406-B807-74DC8D6AAAD4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FD69F68C-C297-4361-A8CA-09FAECFDCDC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{84648359-AF77-4C80-9EB8-D3F2501905B2}C:\windows\syswow64\mpsmc__t.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\mpsmc__t.exe |
    "UDP Query User{FEEB4D03-3EBF-4F03-B68D-746C7197003D}C:\windows\syswow64\mpsmc__t.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\mpsmc__t.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
    "{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
    "{5AFA78B0-D9BE-4EBE-ACE4-358F14A32044}" = Touch Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{9348BA70-11FB-4A78-A929-0980EF2C4DE8}" = Sentrilock Card Utility
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
    "C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader64) SmartCardReader (11/07/2006 4.35.00.01)
    "CCleaner" = CCleaner
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
    "{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
    "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
    "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
    "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
    "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
    "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
    "{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
    "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
    "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
    "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
    "{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}" = Crown Print Monitor+
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
    "{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
    "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
    "{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
    "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
    "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
    "{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
    "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "b65b18215977cee35020d91826b412ae" = KONICA MINOLTA magicolor 5430DL Printer Driver Software
    "Google Chrome Frame" = Google Chrome Frame
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
    "N360" = Norton Security Suite
    "Pdf995" = Pdf995
    "Samsung ML-1710 Series" = Samsung ML-1710 Series
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SkyDriveSetup.exe" = Microsoft SkyDrive

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/18/2012 12:52:34 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
    Description =

    Error - 10/18/2012 1:12:34 PM | Computer Name = KungFuSemi-Truc | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 9ac Start
    Time: 01cdad50534d08b2 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE
    Report
    Id:

    Error - 10/18/2012 8:40:52 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11719
    Description =

    Error - 10/19/2012 10:41:33 AM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
    Description =

    Error - 10/19/2012 10:42:49 AM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
    Description =

    Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11341

    Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11341

    Error - 10/19/2012 7:39:50 PM | Computer Name = KungFuSemi-Truc | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 648 Start
    Time: 01cdae076cbe95ba Termination Time: 0 Application Path: C:\Windows\Explorer.EXE
    Report
    Id:

    Error - 10/19/2012 9:09:49 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11719
    Description =

    [ System Events ]
    Error - 8/1/2012 11:17:12 AM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/1/2012 3:13:51 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/1/2012 3:13:51 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/1/2012 3:16:27 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/1/2012 3:16:27 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/2/2012 9:16:54 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20

    Error - 8/2/2012 4:45:43 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/2/2012 4:45:43 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
    Description =

    Error - 8/3/2012 9:17:37 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20

    Error - 8/4/2012 9:48:16 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20


    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    You didn't say:
    Any current issues?​
    [​IMG] *** My help doesn't cost a penny, but if you'd like to
  22. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Yes, when I right click to rotate a jpg photo, Adaware automatically starts a install when it's already installed. In the C drive, the folder Documents & Settings is locked, I can't open.... That's what notice, kinda weird.
  23. Jackie Treehorn

    Jackie Treehorn Newcomer, in training Topic Starter

    Ding, Penny in the jar...*nerd*
  24. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    In Windows 7 "Documents & Settings" is a hidden system folder so you should hide it and leave it alone.

    In what program? It doesn't look like malware related so you may want to ask in different forum.

    ==================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      [2012/10/16 21:38:21 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Still with me?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.