Inactive [A] C:\Windows\svchost.exe.Trojan.Agent removal help

Jackie Treehorn · Oct 18, 2012

Windows 7OS
I've ran malware bytes and norton, they both find C:\Windows\svchost.exe.Trojan.Agent otherwise known as Trojan.Gen.2. After reboot it returns, both programs quarantine but doesn't destroy 100%. Please, Please help! I sincerely thank you in advance!

Broni · Oct 18, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Jackie Treehorn · Oct 19, 2012

Malware Bytes Log #1
Database version: v2012.10.18.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
KungFu Semi-Truckerz :: KUNGFUSEMI-TRUC [administrator]
Protection: Disabled
10/17/2012 10:05:16 PM
mbam-log-2012-10-17 (22-05-16).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350678
Time elapsed: 39 minute(s), 48 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1344 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
DDs Scan log #1
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by KungFu Semi-Truckerz at 20:17:44 on 2012-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5885.4141 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\SentrilockCardUtility\SentriLockCardUtility.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
C:\Windows\explorer.exe
C:\Users\KungFu Semi-Truckerz\Desktop\plsie518.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://igoogle.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
uRun: [Installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe" /I MFC-8460N LAN
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SENTRI~1.LNK - C:\Windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1 192.168.1.1
TCP: Interfaces\{2E81A283-E27E-40B0-976E-958A4BB15955} : DHCPNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = about:blank
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [SKDaemon.exe] C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; cdyjeshxea@cdyjeshxea.org; C:\Users\KungFu Semi-Truckerz\Application Data\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSviA64.sys [2012-10-19 513184]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-5-29 256632]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-2-3 57976]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-2-1 196608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-7-9 11576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-5 138912]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2012-2-1 139264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-15 25928]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\Windows\System32\drivers\NETGEARUHOST.sys [2012-3-20 16384]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\Windows\System32\drivers\NETGEARUHUB.sys [2012-3-20 40960]
R3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2012-7-31 70016]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-29 119416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 250808]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-3-14 21712]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 116648]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 Samsung UPD Service2;Samsung UPD Service2;C:\Windows\System32\SUPDSvc2.exe [2012-7-2 165456]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-29 119416]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-5-29 60536]
S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2011-12-19 84600]
S3 SCR3xx USB Smart Card Reader64;SCR3xx USB Smart Card Reader64;C:\Windows\System32\drivers\S3XXx64.sys [2012-7-31 70016]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-2 1255736]
S4 SBAMSvc;Ad-Aware; [x]
.
=============== Created Last 30 ================
.
2012-10-18 16:49:33 20480 ------w- C:\Windows\svchost.exe
2012-10-17 14:14:48 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-10-17 01:42:35 -------- d-----w- C:\Users\KungFu Semi-Truckerz\AppData\Local\NPE
2012-10-17 01:38:21 -------- d-----w- C:\FRST
2012-10-15 19:23:08 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-10-15 18:16:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-15 16:45:18 -------- d-----w- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
2012-10-15 16:44:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-15 16:44:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-14 00:13:22 -------- d-----w- C:\Program Files\CCleaner
2012-10-10 14:21:21 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 14:19:42 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 14:19:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 14:19:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 14:19:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:19:09 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 14:19:08 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 14:18:55 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 14:18:53 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:18:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 14:18:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 14:18:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:18:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 18:18:39 -------- d-----w- C:\Program Files (x86)\MSECache
2012-09-29 12:59:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-29 12:59:33 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-26 13:54:17 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 18:10:44 -------- d-----w- C:\Users\KungFu Semi-Truckerz\ZipForm
2012-09-22 18:59:19 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
.
==================== Find3M ====================
.
2012-10-09 14:31:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 14:31:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-05 18:21:22 60 ----a-w- C:\Windows\wpd99.drv
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-31 18:23:02 70016 ----a-w- C:\Windows\System32\drivers\S3XXx64.sys
2012-07-28 07:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 06:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-26 23:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 23:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 23:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 23:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 23:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 19:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 19:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 19:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 19:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 19:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
.
============= FINISH: 20:18:28.51 ===============

Jackie Treehorn · Oct 19, 2012

Thank You so much! I hope it's posted correctly

Broni · Oct 19, 2012

GMER? Attach.txt?
Any particular reason you ran MBAM from safe mode?

Jackie Treehorn · Oct 19, 2012

Safemode MBAM was before your instruction. GMER didn't produce a log
Dumb question, should I post a non-safe mode MBAM scan?

Jackie Treehorn · Oct 19, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/1/2012 7:32:45 PM
System Uptime: 10/19/2012 3:03:52 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM5571
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | LGA775 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 373 GiB total, 326.506 GiB free.
D: is FIXED (NTFS) - 551 GiB total, 316.817 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP112: 10/12/2012 8:50:20 PM - Windows Update
RP113: 10/13/2012 6:10:11 PM - Windows Update
RP114: 10/13/2012 8:01:28 PM - Windows Update
RP115: 10/13/2012 8:03:42 PM - Windows Update
RP116: 10/14/2012 3:00:29 AM - Windows Update
RP117: 10/15/2012 3:00:54 AM - Windows Update
RP118: 10/15/2012 3:01:03 AM - Windows Backup
RP119: 10/15/2012 7:41:16 PM - Windows Backup
RP120: 10/16/2012 10:33:58 AM - Windows Update
RP121: 10/17/2012 11:06:19 AM - Windows Update
RP122: 10/17/2012 10:00:26 PM - Windows Update
RP123: 10/18/2012 8:41:02 PM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AI Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Atheros Ethernet Utility
Bonjour
Brother MFL-Pro Suite
CCleaner
Compatibility Pack for the 2007 Office system
Crown Print Monitor+
D3DX10
DriverAgent by eSupport.com
EPU-4 Engine
Google Chrome Frame
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 30 (64-bit)
Junk Mail filter update
KONICA MINOLTA magicolor 5430DL
KONICA MINOLTA magicolor 5430DL Printer Driver Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office XP Standard for Students and Teachers
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Movie Maker
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
Pdf995
Photo Common
Photo Gallery
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2
Samsung ML-1710 Series
Samsung Universal Print Driver
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sentrilock Card Utility
swMSM
Touch Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader64) SmartCardReader (11/07/2006 4.35.00.01)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/19/2012 10:37:20 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
10/18/2012 8:41:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
10/18/2012 4:02:23 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 12:46:40 PM, Error: Service Control Manager [7038] - The msiserver service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/18/2012 12:46:40 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not start due to a logon failure.
10/18/2012 12:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/18/2012 10:17:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 1:27:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/18/2012 1:27:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/18/2012 1:05:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user KungFuSemi-Truc\KungFu Semi-Truckerz SID (S-1-5-21-3633375084-144790654-1307329806-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/17/2012 11:02:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffff80000004, 0xfffffa80069e42b4, 0x0000000000000001, 0xfffff88000b95400). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-32619-01.
10/17/2012 10:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/17/2012 10:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/17/2012 10:02:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/17/2012 10:02:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/17/2012 10:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/17/2012 10:02:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/17/2012 10:02:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
10/16/2012 1:05:37 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_ATTRIBUTE: The request is not supported. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 03 01 01 00
10/15/2012 9:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/15/2012 9:09:11 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
10/15/2012 9:09:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 9:09:08 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 9:09:08 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 8:39:19 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/15/2012 8:39:17 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/15/2012 7:46:21 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 7:46:21 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 3:24:54 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
10/15/2012 3:24:51 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 3:24:51 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 3:24:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/15/2012 3:23:05 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
10/15/2012 2:08:26 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/15/2012 2:08:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
10/15/2012 2:08:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/15/2012 2:02:21 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/15/2012 1:49:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cb1174). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-29983-01.
10/12/2012 10:21:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a013e22000, 0x0000000000000000, 0xfffff80002d1a9ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101212-60075-01.
.
==== End Of File ===========================

Broni · Oct 19, 2012

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Jackie Treehorn · Oct 19, 2012

21:03:02.0944 2152 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:03:04.0988 2152 ============================================================
21:03:04.0988 2152 Current date / time: 2012/10/19 21:03:04.0988
21:03:04.0988 2152 SystemInfo:
21:03:04.0988 2152
21:03:04.0988 2152 OS Version: 6.1.7601 ServicePack: 1.0
21:03:04.0988 2152 Product type: Workstation
21:03:04.0988 2152 ComputerName: KUNGFUSEMI-TRUC
21:03:04.0988 2152 UserName: KungFu Semi-Truckerz
21:03:04.0988 2152 Windows directory: C:\Windows
21:03:04.0988 2152 System windows directory: C:\Windows
21:03:04.0988 2152 Running under WOW64
21:03:04.0988 2152 Processor architecture: Intel x64
21:03:04.0988 2152 Number of processors: 2
21:03:04.0988 2152 Page size: 0x1000
21:03:04.0988 2152 Boot type: Normal boot
21:03:04.0988 2152 ============================================================
21:03:07.0115 2152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:07.0135 2152 ============================================================
21:03:07.0135 2152 \Device\Harddisk0\DR0:
21:03:07.0135 2152 MBR partitions:
21:03:07.0135 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1
21:03:07.0135 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DCB32B
21:03:07.0135 2152 ============================================================
21:03:07.0155 2152 C: <-> \Device\Harddisk0\DR0\Partition1
21:03:07.0225 2152 D: <-> \Device\Harddisk0\DR0\Partition2
21:03:07.0225 2152 ============================================================
21:03:07.0225 2152 Initialize success
21:03:07.0225 2152 ============================================================
21:03:09.0560 2428 ============================================================
21:03:09.0560 2428 Scan started
21:03:09.0560 2428 Mode: Manual;
21:03:09.0560 2428 ============================================================
21:03:11.0136 2428 ================ Scan system memory ========================
21:03:11.0136 2428 System memory - ok
21:03:11.0136 2428 ================ Scan services =============================
21:03:11.0370 2428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:03:11.0370 2428 1394ohci - ok
21:03:11.0401 2428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:03:11.0417 2428 ACPI - ok
21:03:11.0432 2428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:03:11.0432 2428 AcpiPmi - ok
21:03:11.0510 2428 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
21:03:11.0526 2428 Ad-Aware Service - ok
21:03:11.0620 2428 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:03:11.0620 2428 AdobeARMservice - ok
21:03:11.0729 2428 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:11.0729 2428 AdobeFlashPlayerUpdateSvc - ok
21:03:11.0776 2428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:03:11.0776 2428 adp94xx - ok
21:03:11.0822 2428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:03:11.0822 2428 adpahci - ok
21:03:11.0854 2428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:03:11.0854 2428 adpu320 - ok
21:03:11.0885 2428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:03:11.0885 2428 AeLookupSvc - ok
21:03:11.0916 2428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:03:11.0932 2428 AFD - ok
21:03:11.0963 2428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:03:11.0963 2428 agp440 - ok
21:03:11.0994 2428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:03:11.0994 2428 ALG - ok
21:03:12.0010 2428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:03:12.0010 2428 aliide - ok
21:03:12.0025 2428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:03:12.0041 2428 amdide - ok
21:03:12.0056 2428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:03:12.0056 2428 AmdK8 - ok
21:03:12.0072 2428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:03:12.0072 2428 AmdPPM - ok
21:03:12.0103 2428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:03:12.0103 2428 amdsata - ok
21:03:12.0134 2428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:03:12.0134 2428 amdsbs - ok
21:03:12.0150 2428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:03:12.0150 2428 amdxata - ok
21:03:12.0181 2428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:03:12.0181 2428 AppID - ok
21:03:12.0197 2428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:03:12.0197 2428 AppIDSvc - ok
21:03:12.0228 2428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:03:12.0244 2428 Appinfo - ok
21:03:12.0290 2428 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:03:12.0290 2428 Apple Mobile Device - ok
21:03:12.0306 2428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:03:12.0322 2428 arc - ok
21:03:12.0337 2428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:03:12.0337 2428 arcsas - ok
21:03:12.0384 2428 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:03:12.0384 2428 AsIO - ok
21:03:12.0415 2428 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
21:03:12.0415 2428 AsUpIO - ok
21:03:12.0431 2428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:03:12.0431 2428 AsyncMac - ok
21:03:12.0446 2428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:03:12.0446 2428 atapi - ok
21:03:12.0493 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:03:12.0509 2428 AudioEndpointBuilder - ok
21:03:12.0524 2428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:03:12.0524 2428 AudioSrv - ok
21:03:12.0556 2428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:03:12.0571 2428 AxInstSV - ok
21:03:12.0602 2428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:03:12.0618 2428 b06bdrv - ok
21:03:12.0649 2428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:03:12.0649 2428 b57nd60a - ok
21:03:12.0680 2428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:03:12.0696 2428 BDESVC - ok
21:03:12.0712 2428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:03:12.0727 2428 Beep - ok
21:03:12.0774 2428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:03:12.0790 2428 BFE - ok
21:03:12.0930 2428 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
21:03:12.0977 2428 BHDrvx64 - ok
21:03:13.0024 2428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:03:13.0039 2428 BITS - ok
21:03:13.0055 2428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:03:13.0055 2428 blbdrive - ok
21:03:13.0117 2428 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:03:13.0127 2428 Bonjour Service - ok
21:03:13.0157 2428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:03:13.0157 2428 bowser - ok
21:03:13.0187 2428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:03:13.0187 2428 BrFiltLo - ok
21:03:13.0197 2428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:03:13.0207 2428 BrFiltUp - ok
21:03:13.0237 2428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:03:13.0237 2428 Browser - ok
21:03:13.0267 2428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:03:13.0277 2428 Brserid - ok
21:03:13.0297 2428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:03:13.0307 2428 BrSerWdm - ok
21:03:13.0317 2428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:03:13.0317 2428 BrUsbMdm - ok
21:03:13.0347 2428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:03:13.0347 2428 BrUsbSer - ok
21:03:13.0367 2428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:03:13.0367 2428 BTHMODEM - ok
21:03:13.0417 2428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:03:13.0427 2428 bthserv - ok
21:03:13.0447 2428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:03:13.0447 2428 cdfs - ok
21:03:13.0497 2428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:03:13.0497 2428 cdrom - ok
21:03:13.0537 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:03:13.0537 2428 CertPropSvc - ok
21:03:13.0567 2428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:03:13.0567 2428 circlass - ok
21:03:13.0607 2428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:03:13.0617 2428 CLFS - ok
21:03:13.0677 2428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:13.0687 2428 clr_optimization_v2.0.50727_32 - ok
21:03:13.0752 2428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:03:13.0757 2428 clr_optimization_v2.0.50727_64 - ok
21:03:13.0825 2428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:13.0830 2428 clr_optimization_v4.0.30319_32 - ok
21:03:13.0857 2428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:03:13.0862 2428 clr_optimization_v4.0.30319_64 - ok
21:03:13.0872 2428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:13.0882 2428 CmBatt - ok
21:03:13.0907 2428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:03:13.0910 2428 cmdide - ok
21:03:13.0952 2428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:03:13.0962 2428 CNG - ok
21:03:13.0975 2428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:03:13.0975 2428 Compbatt - ok
21:03:14.0015 2428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:03:14.0015 2428 CompositeBus - ok
21:03:14.0035 2428 COMSysApp - ok
21:03:14.0045 2428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:03:14.0045 2428 crcdisk - ok
21:03:14.0085 2428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:03:14.0085 2428 CryptSvc - ok
21:03:14.0135 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:03:14.0145 2428 DcomLaunch - ok
21:03:14.0165 2428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:03:14.0175 2428 defragsvc - ok
21:03:14.0235 2428 [ 4B7C99C585A7BE24BE410389071D9F14 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
21:03:14.0235 2428 Device Handle Service - ok
21:03:14.0265 2428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:03:14.0265 2428 DfsC - ok
21:03:14.0305 2428 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
21:03:14.0315 2428 DgiVecp - ok
21:03:14.0335 2428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:03:14.0335 2428 Dhcp - ok
21:03:14.0355 2428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:03:14.0355 2428 discache - ok
21:03:14.0375 2428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:03:14.0385 2428 Disk - ok
21:03:14.0425 2428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:03:14.0425 2428 Dnscache - ok
21:03:14.0465 2428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:03:14.0475 2428 dot3svc - ok
21:03:14.0505 2428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:03:14.0515 2428 DPS - ok
21:03:14.0535 2428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:03:14.0535 2428 drmkaud - ok
21:03:14.0587 2428 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
21:03:14.0597 2428 DrvAgent64 - ok
21:03:14.0627 2428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:03:14.0637 2428 DXGKrnl - ok
21:03:14.0667 2428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:03:14.0677 2428 EapHost - ok
21:03:14.0757 2428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:03:14.0837 2428 ebdrv - ok
21:03:14.0877 2428 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:03:14.0887 2428 eeCtrl - ok
21:03:14.0917 2428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:03:14.0927 2428 EFS - ok
21:03:14.0972 2428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:03:14.0984 2428 ehRecvr - ok
21:03:15.0029 2428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:03:15.0034 2428 ehSched - ok
21:03:15.0072 2428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:03:15.0089 2428 elxstor - ok
21:03:15.0137 2428 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:03:15.0139 2428 EraserUtilRebootDrv - ok
21:03:15.0207 2428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:03:15.0212 2428 ErrDev - ok
21:03:15.0272 2428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:03:15.0284 2428 EventSystem - ok
21:03:15.0312 2428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:03:15.0317 2428 exfat - ok
21:03:15.0344 2428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:03:15.0352 2428 fastfat - ok
21:03:15.0409 2428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:03:15.0422 2428 Fax - ok
21:03:15.0454 2428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:03:15.0457 2428 fdc - ok
21:03:15.0477 2428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:03:15.0479 2428 fdPHost - ok
21:03:15.0494 2428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:03:15.0499 2428 FDResPub - ok
21:03:15.0524 2428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:03:15.0527 2428 FileInfo - ok
21:03:15.0544 2428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:03:15.0547 2428 Filetrace - ok
21:03:15.0574 2428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:03:15.0577 2428 flpydisk - ok
21:03:15.0614 2428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:03:15.0634 2428 FltMgr - ok
21:03:15.0699 2428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:03:15.0722 2428 FontCache - ok
21:03:15.0782 2428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:03:15.0794 2428 FontCache3.0.0.0 - ok
21:03:15.0809 2428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:03:15.0812 2428 FsDepends - ok
21:03:15.0834 2428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:03:15.0839 2428 Fs_Rec - ok
21:03:15.0887 2428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:03:15.0899 2428 fvevol - ok
21:03:15.0954 2428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:03:15.0959 2428 gagp30kx - ok
21:03:16.0017 2428 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:03:16.0019 2428 GEARAspiWDM - ok
21:03:16.0109 2428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:03:16.0129 2428 gpsvc - ok
21:03:16.0269 2428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:03:16.0274 2428 gupdate - ok
21:03:16.0392 2428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:03:16.0394 2428 gupdatem - ok
21:03:16.0422 2428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:03:16.0434 2428 hcw85cir - ok
21:03:16.0539 2428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:03:16.0547 2428 HdAudAddService - ok
21:03:16.0579 2428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:03:16.0582 2428 HDAudBus - ok
21:03:16.0604 2428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:03:16.0607 2428 HidBatt - ok
21:03:16.0627 2428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:03:16.0629 2428 HidBth - ok
21:03:16.0644 2428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:03:16.0647 2428 HidIr - ok
21:03:16.0659 2428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:03:16.0664 2428 hidserv - ok
21:03:16.0684 2428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:03:16.0687 2428 HidUsb - ok
21:03:16.0729 2428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:03:16.0732 2428 hkmsvc - ok
21:03:16.0767 2428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:03:16.0774 2428 HomeGroupListener - ok
21:03:16.0807 2428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:03:16.0814 2428 HomeGroupProvider - ok
21:03:16.0842 2428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:03:16.0847 2428 HpSAMD - ok
21:03:16.0892 2428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:03:16.0914 2428 HTTP - ok
21:03:16.0947 2428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:03:16.0949 2428 hwpolicy - ok
21:03:16.0964 2428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:03:16.0967 2428 i8042prt - ok
21:03:17.0004 2428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:03:17.0014 2428 iaStorV - ok
21:03:17.0064 2428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:03:17.0079 2428 idsvc - ok
21:03:17.0159 2428 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSvia64.sys
21:03:17.0169 2428 IDSVia64 - ok
21:03:17.0399 2428 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:03:17.0603 2428 igfx - ok
21:03:17.0628 2428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:03:17.0630 2428 iirsp - ok
21:03:17.0665 2428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:03:17.0680 2428 IKEEXT - ok
21:03:17.0735 2428 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:03:17.0780 2428 IntcAzAudAddService - ok
21:03:17.0818 2428 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:03:17.0823 2428 IntcHdmiAddService - ok
21:03:17.0845 2428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:03:17.0848 2428 intelide - ok
21:03:17.0865 2428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:03:17.0883 2428 intelppm - ok
21:03:17.0905 2428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:03:17.0920 2428 IPBusEnum - ok
21:03:17.0948 2428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:03:17.0950 2428 IpFilterDriver - ok
21:03:17.0998 2428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:03:18.0008 2428 iphlpsvc - ok
21:03:18.0043 2428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:03:18.0045 2428 IPMIDRV - ok
21:03:18.0065 2428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:03:18.0070 2428 IPNAT - ok
21:03:18.0143 2428 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:03:18.0155 2428 iPod Service - ok
21:03:18.0175 2428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:03:18.0178 2428 IRENUM - ok
21:03:18.0198 2428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:03:18.0200 2428 isapnp - ok
21:03:18.0225 2428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:03:18.0233 2428 iScsiPrt - ok
21:03:18.0248 2428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:03:18.0250 2428 kbdclass - ok
21:03:18.0270 2428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:03:18.0273 2428 kbdhid - ok
21:03:18.0285 2428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:03:18.0290 2428 KeyIso - ok
21:03:18.0313 2428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:03:18.0315 2428 KSecDD - ok
21:03:18.0340 2428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:03:18.0343 2428 KSecPkg - ok
21:03:18.0358 2428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:03:18.0360 2428 ksthunk - ok
21:03:18.0403 2428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:03:18.0420 2428 KtmRm - ok
21:03:18.0453 2428 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
21:03:18.0455 2428 L1E - ok
21:03:18.0485 2428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:03:18.0493 2428 LanmanServer - ok
21:03:18.0520 2428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:03:18.0525 2428 LanmanWorkstation - ok
21:03:18.0558 2428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:03:18.0560 2428 lltdio - ok
21:03:18.0590 2428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:03:18.0613 2428 lltdsvc - ok
21:03:18.0630 2428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:03:18.0635 2428 lmhosts - ok
21:03:18.0663 2428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:03:18.0668 2428 LSI_FC - ok
21:03:18.0685 2428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:03:18.0688 2428 LSI_SAS - ok
21:03:18.0705 2428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:03:18.0710 2428 LSI_SAS2 - ok
21:03:18.0728 2428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:03:18.0733 2428 LSI_SCSI - ok
21:03:18.0765 2428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:03:18.0768 2428 luafv - ok
21:03:18.0820 2428 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:03:18.0823 2428 MBAMProtector - ok
21:03:18.0870 2428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:03:18.0875 2428 MBAMScheduler - ok
21:03:18.0910 2428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:03:18.0923 2428 MBAMService - ok
21:03:18.0953 2428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:03:18.0968 2428 Mcx2Svc - ok
21:03:18.0988 2428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:03:18.0990 2428 megasas - ok
21:03:19.0013 2428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:03:19.0020 2428 MegaSR - ok
21:03:19.0043 2428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:03:19.0048 2428 MMCSS - ok
21:03:19.0063 2428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:03:19.0065 2428 Modem - ok
21:03:19.0093 2428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:03:19.0098 2428 monitor - ok
21:03:19.0125 2428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:03:19.0128 2428 mouclass - ok
21:03:19.0138 2428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:03:19.0140 2428 mouhid - ok
21:03:19.0178 2428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:03:20.0459 2428 NetBT - ok
21:03:20.0486 2428 [ 5167CA339A8A36FEC32B03EC8FDBBF64 ] NETGEARUHOST C:\Windows\system32\DRIVERS\NETGEARUHOST.sys21:03:19.0180 2428 mountmgr - ok
21:03:19.0215 2428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:03:19.0218 2428 mpio - ok
21:03:19.0250 2428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:03:19.0253 2428 mpsdrv - ok
21:03:19.0293 2428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:03:19.0308 2428 MpsSvc - ok
21:03:19.0340 2428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:03:19.0343 2428 MRxDAV - ok
21:03:19.0378 2428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:03:19.0383 2428 mrxsmb - ok
21:03:19.0400 2428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:03:19.0420 2428 mrxsmb10 - ok
21:03:19.0438 2428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:03:19.0443 2428 mrxsmb20 - ok
21:03:19.0460 2428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:03:19.0463 2428 msahci - ok
21:03:19.0483 2428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:03:19.0488 2428 msdsm - ok
21:03:19.0503 2428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:03:19.0508 2428 MSDTC - ok
21:03:19.0545 2428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:03:19.0548 2428 Msfs - ok
21:03:19.0560 2428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:03:19.0574 2428 mshidkmdf - ok
21:03:19.0604 2428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:03:19.0606 2428 msisadrv - ok
21:03:19.0641 2428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:03:19.0654 2428 MSiSCSI - ok
21:03:19.0661 2428 msiserver - ok
21:03:19.0686 2428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:03:19.0689 2428 MSKSSRV - ok
21:03:19.0704 2428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:03:19.0706 2428 MSPCLOCK - ok
21:03:19.0724 2428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:03:19.0726 2428 MSPQM - ok
21:03:19.0754 2428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:03:19.0761 2428 MsRPC - ok
21:03:19.0799 2428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:03:19.0811 2428 mssmbios - ok
21:03:19.0831 2428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:03:19.0834 2428 MSTEE - ok
21:03:19.0851 2428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:03:19.0854 2428 MTConfig - ok
21:03:19.0891 2428 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:03:19.0894 2428 MTsensor - ok
21:03:19.0911 2428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:03:19.0914 2428 Mup - ok
21:03:19.0959 2428 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
21:03:19.0961 2428 N360 - ok
21:03:20.0001 2428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:03:20.0011 2428 napagent - ok
21:03:20.0046 2428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:03:20.0051 2428 NativeWifiP - ok
21:03:20.0101 2428 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\ENG64.SYS
21:03:20.0106 2428 NAVENG - ok
21:03:20.0159 2428 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\EX64.SYS
21:03:20.0204 2428 NAVEX15 - ok
21:03:20.0249 2428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:03:20.0264 2428 NDIS - ok
21:03:20.0286 2428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:03:20.0291 2428 NdisCap - ok
21:03:20.0311 2428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:03:20.0314 2428 NdisTapi - ok
21:03:20.0346 2428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:03:20.0351 2428 Ndisuio - ok
21:03:20.0379 2428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:03:20.0384 2428 NdisWan - ok
21:03:20.0411 2428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:03:20.0416 2428 NDProxy - ok
21:03:20.0431 2428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:03:20.0436 2428 NetBIOS - ok
21:03:20.0454 2428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:03:20.0489 2428 NETGEARUHOST - ok
21:03:20.0516 2428 [ A6068421D3A33255F9D77DFDE29C8416 ] NETGEARUHUB C:\Windows\system32\DRIVERS\NETGEARUHUB.sys
21:03:20.0519 2428 NETGEARUHUB - ok
21:03:20.0534 2428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:03:20.0536 2428 Netlogon - ok
21:03:20.0569 2428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:03:20.0576 2428 Netman - ok
21:03:20.0594 2428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:03:20.0604 2428 netprofm - ok
21:03:20.0629 2428 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:03:20.0639 2428 netr28x - ok
21:03:20.0664 2428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:03:20.0669 2428 NetTcpPortSharing - ok
21:03:20.0696 2428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:03:20.0699 2428 nfrd960 - ok
21:03:20.0734 2428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:03:20.0741 2428 NlaSvc - ok
21:03:20.0759 2428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:03:20.0761 2428 Npfs - ok
21:03:20.0779 2428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:03:20.0781 2428 nsi - ok
21:03:20.0791 2428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:03:20.0794 2428 nsiproxy - ok
21:03:20.0861 2428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:03:20.0896 2428 Ntfs - ok
21:03:20.0909 2428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:03:20.0911 2428 Null - ok
21:03:20.0939 2428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:03:20.0944 2428 nvraid - ok
21:03:20.0976 2428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:03:20.0979 2428 nvstor - ok
21:03:20.0996 2428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:03:21.0001 2428 nv_agp - ok
21:03:21.0016 2428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:03:21.0021 2428 ohci1394 - ok
21:03:21.0046 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:03:21.0054 2428 p2pimsvc - ok
21:03:21.0074 2428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:03:21.0081 2428 p2psvc - ok
21:03:21.0104 2428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:03:21.0116 2428 Parport - ok
21:03:21.0136 2428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:03:21.0139 2428 partmgr - ok
21:03:21.0156 2428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:03:21.0161 2428 PcaSvc - ok
21:03:21.0176 2428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:03:21.0181 2428 pci - ok
21:03:21.0191 2428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:03:21.0194 2428 pciide - ok
21:03:21.0216 2428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:03:21.0224 2428 pcmcia - ok
21:03:21.0241 2428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:03:21.0246 2428 pcw - ok
21:03:21.0269 2428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:03:21.0279 2428 PEAUTH - ok
21:03:21.0344 2428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:03:21.0349 2428 PerfHost - ok
21:03:21.0421 2428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:03:21.0459 2428 pla - ok
21:03:21.0496 2428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:03:21.0506 2428 PlugPlay - ok
21:03:21.0536 2428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:03:21.0566 2428 PNRPAutoReg - ok
21:03:21.0604 2428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:03:21.0609 2428 PNRPsvc - ok
21:03:21.0664 2428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:03:21.0674 2428 PolicyAgent - ok
21:03:21.0704 2428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:03:21.0709 2428 Power - ok
21:03:21.0724 2428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:03:21.0729 2428 PptpMiniport - ok
21:03:21.0744 2428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:03:21.0746 2428 Processor - ok
21:03:21.0791 2428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:03:21.0796 2428 ProfSvc - ok
21:03:21.0809 2428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:03:21.0809 2428 ProtectedStorage - ok
21:03:21.0856 2428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:03:21.0859 2428 Psched - ok
21:03:21.0901 2428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:03:21.0944 2428 ql2300 - ok
21:03:21.0961 2428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:03:21.0966 2428 ql40xx - ok
21:03:21.0989 2428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:03:22.0006 2428 QWAVE - ok
21:03:22.0031 2428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:03:22.0034 2428 QWAVEdrv - ok
21:03:22.0074 2428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:03:22.0084 2428 RasAcd - ok
21:03:22.0134 2428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

Jackie Treehorn · Oct 19, 2012

21:03:22.0139 2428 RasAgileVpn - ok
21:03:22.0159 2428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:03:22.0199 2428 RasAuto - ok
21:03:22.0236 2428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:03:22.0261 2428 Rasl2tp - ok
21:03:22.0284 2428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:03:22.0294 2428 RasMan - ok
21:03:22.0319 2428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:03:22.0324 2428 RasPppoe - ok
21:03:22.0349 2428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:03:22.0354 2428 RasSstp - ok
21:03:22.0389 2428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:03:22.0396 2428 rdbss - ok
21:03:22.0419 2428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:03:22.0421 2428 rdpbus - ok
21:03:22.0441 2428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:03:22.0444 2428 RDPCDD - ok
21:03:22.0466 2428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:03:22.0469 2428 RDPENCDD - ok
21:03:22.0489 2428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:03:22.0491 2428 RDPREFMP - ok
21:03:22.0519 2428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:03:22.0524 2428 RDPWD - ok
21:03:22.0566 2428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:03:22.0571 2428 rdyboost - ok
21:03:22.0591 2428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:03:22.0609 2428 RemoteAccess - ok
21:03:22.0626 2428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:03:22.0634 2428 RemoteRegistry - ok
21:03:22.0656 2428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:03:22.0659 2428 RpcEptMapper - ok
21:03:22.0671 2428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:03:22.0681 2428 RpcLocator - ok
21:03:22.0721 2428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:03:22.0729 2428 RpcSs - ok
21:03:22.0746 2428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:03:22.0751 2428 rspndr - ok
21:03:22.0799 2428 [ EABC640DD0E22C0AE213BE60FDECDF05 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
21:03:22.0801 2428 S3XXx64 - ok
21:03:22.0814 2428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:03:22.0816 2428 SamSs - ok
21:03:22.0871 2428 [ 2C31378A5695526E99ADAB928157B992 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
21:03:22.0894 2428 Samsung UPD Service2 - ok
21:03:22.0931 2428 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
21:03:22.0934 2428 sbapifs - ok
21:03:22.0974 2428 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
21:03:22.0979 2428 SbFw - ok
21:03:23.0004 2428 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
21:03:23.0009 2428 SBFWIMCL - ok
21:03:23.0029 2428 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
21:03:23.0031 2428 SBFWIMCLMP - ok
21:03:23.0054 2428 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
21:03:23.0056 2428 sbhips - ok
21:03:23.0086 2428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:03:23.0089 2428 sbp2port - ok
21:03:23.0109 2428 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
21:03:23.0111 2428 SBRE - ok
21:03:23.0131 2428 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
21:03:23.0134 2428 sbwtis - ok
21:03:23.0156 2428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:03:23.0161 2428 SCardSvr - ok
21:03:23.0184 2428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:03:23.0186 2428 scfilter - ok
21:03:23.0239 2428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:03:23.0269 2428 Schedule - ok
21:03:23.0371 2428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:03:23.0371 2428 SCPolicySvc - ok
21:03:23.0381 2428 [ EABC640DD0E22C0AE213BE60FDECDF05 ] SCR3xx USB Smart Card Reader64 C:\Windows\system32\DRIVERS\S3XXx64.sys
21:03:23.0381 2428 SCR3xx USB Smart Card Reader64 - ok
21:03:23.0424 2428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:03:23.0429 2428 SDRSVC - ok
21:03:23.0456 2428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:03:23.0459 2428 secdrv - ok
21:03:23.0474 2428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:03:23.0476 2428 seclogon - ok
21:03:23.0489 2428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:03:23.0494 2428 SENS - ok
21:03:23.0516 2428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:03:23.0521 2428 SensrSvc - ok
21:03:23.0541 2428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:03:23.0544 2428 Serenum - ok
21:03:23.0559 2428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:03:23.0561 2428 Serial - ok
21:03:23.0597 2428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:03:23.0600 2428 sermouse - ok
21:03:23.0627 2428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:03:23.0632 2428 SessionEnv - ok
21:03:23.0667 2428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:03:23.0670 2428 sffdisk - ok
21:03:23.0682 2428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:03:23.0685 2428 sffp_mmc - ok
21:03:23.0700 2428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:03:23.0702 2428 sffp_sd - ok
21:03:23.0715 2428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:23.0717 2428 sfloppy - ok
21:03:23.0750 2428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:03:23.0757 2428 SharedAccess - ok
21:03:23.0792 2428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:03:23.0800 2428 ShellHWDetection - ok
21:03:23.0837 2428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:03:23.0840 2428 SiSRaid2 - ok
21:03:23.0857 2428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:03:23.0865 2428 SiSRaid4 - ok
21:03:23.0887 2428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:03:23.0892 2428 Smb - ok
21:03:23.0922 2428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:03:23.0935 2428 SNMPTRAP - ok
21:03:23.0952 2428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:03:23.0957 2428 spldr - ok
21:03:23.0987 2428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:03:23.0997 2428 Spooler - ok
21:03:24.0100 2428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:03:24.0177 2428 sppsvc - ok
21:03:24.0195 2428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:03:24.0200 2428 sppuinotify - ok
21:03:24.0262 2428 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
21:03:24.0275 2428 SRTSP - ok
21:03:24.0295 2428 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
21:03:24.0297 2428 SRTSPX - ok
21:03:24.0335 2428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:03:24.0342 2428 srv - ok
21:03:24.0360 2428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:03:24.0367 2428 srv2 - ok
21:03:24.0402 2428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:03:24.0407 2428 srvnet - ok
21:03:24.0430 2428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:03:24.0435 2428 SSDPSRV - ok
21:03:24.0470 2428 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:03:24.0472 2428 SSPORT - ok
21:03:24.0492 2428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:03:24.0512 2428 SstpSvc - ok
21:03:24.0537 2428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:03:24.0547 2428 stexstor - ok
21:03:24.0582 2428 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:03:24.0585 2428 StillCam - ok
21:03:24.0635 2428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:03:24.0647 2428 stisvc - ok
21:03:24.0672 2428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:03:24.0675 2428 swenum - ok
21:03:24.0700 2428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:03:24.0715 2428 swprv - ok
21:03:24.0762 2428 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
21:03:24.0772 2428 SymDS - ok
21:03:24.0822 2428 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
21:03:24.0840 2428 SymEFA - ok
21:03:24.0905 2428 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:03:24.0910 2428 SymEvent - ok
21:03:24.0940 2428 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
21:03:24.0945 2428 SymIRON - ok
21:03:24.0980 2428 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
21:03:24.0995 2428 SymNetS - ok
21:03:25.0110 2428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:03:25.0152 2428 SysMain - ok
21:03:25.0172 2428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:03:25.0177 2428 TabletInputService - ok
21:03:25.0200 2428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:03:25.0207 2428 TapiSrv - ok
21:03:25.0247 2428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:03:25.0262 2428 TBS - ok
21:03:25.0400 2428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:03:25.0442 2428 Tcpip - ok
21:03:25.0520 2428 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:03:25.0545 2428 TCPIP6 - ok
21:03:25.0575 2428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:03:25.0577 2428 tcpipreg - ok
21:03:25.0607 2428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:03:25.0610 2428 TDPIPE - ok
21:03:25.0637 2428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:03:25.0640 2428 TDTCP - ok
21:03:25.0685 2428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:03:25.0697 2428 tdx - ok
21:03:25.0722 2428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:03:25.0725 2428 TermDD - ok
21:03:25.0770 2428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:03:25.0782 2428 TermService - ok
21:03:25.0802 2428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:03:25.0807 2428 Themes - ok
21:03:25.0837 2428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:03:25.0840 2428 THREADORDER - ok
21:03:25.0867 2428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:03:25.0872 2428 TrkWks - ok
21:03:25.0975 2428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:03:25.0980 2428 TrustedInstaller - ok
21:03:26.0012 2428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:26.0017 2428 tssecsrv - ok
21:03:26.0040 2428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:03:26.0050 2428 TsUsbFlt - ok
21:03:26.0122 2428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:03:26.0135 2428 tunnel - ok
21:03:26.0157 2428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:03:26.0160 2428 uagp35 - ok
21:03:26.0205 2428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:03:26.0215 2428 udfs - ok
21:03:26.0242 2428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:03:26.0247 2428 UI0Detect - ok
21:03:26.0277 2428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:03:26.0285 2428 uliagpkx - ok
21:03:26.0322 2428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:03:26.0327 2428 umbus - ok
21:03:26.0342 2428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:03:26.0345 2428 UmPass - ok
21:03:26.0370 2428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:03:26.0380 2428 upnphost - ok
21:03:26.0405 2428 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:03:26.0410 2428 USBAAPL64 - ok
21:03:26.0432 2428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:26.0447 2428 usbccgp - ok
21:03:26.0480 2428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:03:26.0495 2428 usbcir - ok
21:03:26.0512 2428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:03:26.0515 2428 usbehci - ok
21:03:26.0530 2428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:03:26.0537 2428 usbhub - ok
21:03:26.0550 2428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:03:26.0552 2428 usbohci - ok
21:03:26.0572 2428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:03:26.0582 2428 usbprint - ok
21:03:26.0600 2428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:26.0602 2428 USBSTOR - ok
21:03:26.0627 2428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:03:26.0630 2428 usbuhci - ok
21:03:26.0645 2428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:03:26.0650 2428 UxSms - ok
21:03:26.0695 2428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:03:26.0697 2428 VaultSvc - ok
21:03:26.0757 2428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:03:26.0802 2428 vdrvroot - ok
21:03:26.0860 2428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:03:26.0870 2428 vds - ok
21:03:26.0897 2428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:26.0900 2428 vga - ok
21:03:26.0917 2428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:03:26.0920 2428 VgaSave - ok
21:03:26.0940 2428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:03:26.0945 2428 vhdmp - ok
21:03:26.0960 2428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:03:26.0962 2428 viaide - ok
21:03:26.0980 2428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:03:26.0985 2428 volmgr - ok
21:03:27.0010 2428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:03:27.0017 2428 volmgrx - ok
21:03:27.0037 2428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:03:27.0042 2428 volsnap - ok
21:03:27.0062 2428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:03:27.0065 2428 vsmraid - ok
21:03:27.0125 2428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:03:27.0167 2428 VSS - ok
21:03:27.0185 2428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:03:27.0187 2428 vwifibus - ok
21:03:27.0200 2428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:03:27.0202 2428 vwififlt - ok
21:03:27.0230 2428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:03:27.0237 2428 W32Time - ok
21:03:27.0250 2428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:03:27.0265 2428 WacomPen - ok
21:03:27.0292 2428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:03:27.0295 2428 WANARP - ok
21:03:27.0302 2428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:03:27.0305 2428 Wanarpv6 - ok
21:03:27.0370 2428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:03:27.0405 2428 WatAdminSvc - ok
21:03:27.0450 2428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:03:27.0487 2428 wbengine - ok
21:03:27.0502 2428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:03:27.0517 2428 WbioSrvc - ok
21:03:27.0542 2428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:03:27.0552 2428 wcncsvc - ok
21:03:27.0560 2428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:03:27.0565 2428 WcsPlugInService - ok
21:03:27.0577 2428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:03:27.0582 2428 Wd - ok
21:03:27.0610 2428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:03:27.0620 2428 Wdf01000 - ok
21:03:27.0645 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:03:27.0650 2428 WdiServiceHost - ok
21:03:27.0655 2428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:03:27.0660 2428 WdiSystemHost - ok
21:03:27.0680 2428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:03:27.0687 2428 WebClient - ok
21:03:27.0705 2428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:03:27.0712 2428 Wecsvc - ok
21:03:27.0730 2428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:03:27.0735 2428 wercplsupport - ok
21:03:27.0752 2428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:03:27.0757 2428 WerSvc - ok
21:03:27.0770 2428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:03:27.0772 2428 WfpLwf - ok
21:03:27.0787 2428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:03:27.0792 2428 WIMMount - ok
21:03:27.0817 2428 WinDefend - ok
21:03:27.0827 2428 WinHttpAutoProxySvc - ok
21:03:27.0867 2428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:03:27.0872 2428 Winmgmt - ok
21:03:27.0940 2428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:03:27.0997 2428 WinRM - ok
21:03:28.0082 2428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:03:28.0092 2428 WinUsb - ok
21:03:28.0120 2428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:03:28.0142 2428 Wlansvc - ok
21:03:28.0430 2428 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:03:28.0485 2428 wlidsvc - ok
21:03:28.0525 2428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:03:28.0532 2428 WmiAcpi - ok
21:03:28.0586 2428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:03:28.0613 2428 wmiApSrv - ok
21:03:28.0651 2428 WMPNetworkSvc - ok
21:03:28.0673 2428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:03:28.0693 2428 WPCSvc - ok
21:03:28.0731 2428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:03:28.0766 2428 WPDBusEnum - ok
21:03:28.0801 2428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:03:28.0803 2428 ws2ifsl - ok
21:03:28.0818 2428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:03:28.0826 2428 wscsvc - ok
21:03:28.0836 2428 WSearch - ok
21:03:28.0953 2428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:03:29.0016 2428 wuauserv - ok
21:03:29.0056 2428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:03:29.0066 2428 WudfPf - ok
21:03:29.0088 2428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:03:29.0096 2428 WUDFRd - ok
21:03:29.0121 2428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:03:29.0126 2428 wudfsvc - ok
21:03:29.0153 2428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:03:29.0161 2428 WwanSvc - ok
21:03:29.0188 2428 ================ Scan global ===============================
21:03:29.0216 2428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:03:29.0266 2428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:03:29.0321 2428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:03:29.0373 2428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:03:29.0423 2428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:03:29.0433 2428 [Global] - ok
21:03:29.0433 2428 ================ Scan MBR ==================================
21:03:29.0438 2428 [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0
21:03:29.0441 2428 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:03:29.0506 2428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:03:29.0506 2428 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:03:29.0506 2428 ================ Scan VBR ==================================
21:03:29.0533 2428 [ 4538A8B0E4C66B9BBC107D9BABB6D11B ] \Device\Harddisk0\DR0\Partition1
21:03:29.0548 2428 \Device\Harddisk0\DR0\Partition1 - ok
21:03:29.0571 2428 [ 0E7AA56F9422C8DC71D0A74BA84904E4 ] \Device\Harddisk0\DR0\Partition2
21:03:29.0573 2428 \Device\Harddisk0\DR0\Partition2 - ok
21:03:29.0573 2428 ============================================================
21:03:29.0573 2428 Scan finished
21:03:29.0573 2428 ============================================================
21:03:29.0598 3308 Detected object count: 1
21:03:29.0598 3308 Actual detected object count: 1
21:04:34.0521 3308 \Device\Harddisk0\DR0\# - copied to quarantine
21:04:34.0551 3308 \Device\Harddisk0\DR0 - copied to quarantine
21:04:34.0631 3308 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:04:34.0631 3308 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:04:34.0661 3308 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:04:34.0671 3308 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:04:34.0691 3308 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:04:34.0701 3308 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:04:34.0711 3308 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:04:34.0721 3308 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:04:34.0731 3308 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:04:34.0741 3308 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:04:34.0761 3308 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:04:34.0781 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:04:34.0781 3308 \Device\Harddisk0\DR0 - ok
21:04:34.0811 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:09:42.0844 3952 Deinitialize success

Broni · Oct 19, 2012

Good

Re-run MBAM in normal mode and post new log.

Next....

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Jackie Treehorn · Oct 19, 2012

MBAM log
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.19.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KungFu Semi-Truckerz :: KUNGFUSEMI-TRUC [administrator]
Protection: Enabled
10/19/2012 9:47:36 PM
mbam-log-2012-10-19 (21-47-36).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357065
Time elapsed: 1 hour(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Jackie Treehorn · Oct 19, 2012

Rogue Killer Log 1
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KungFu Semi-Truckerz [Admin rights]
Mode : Scan -- Date : 10/19/2012 23:03:08
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 473dd1ea403067f7a1d8268a366b5be7
[BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 381551 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 798205590 | Size: 564118 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

Rogue Killer Log 2
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KungFu Semi-Truckerz [Admin rights]
Mode : Remove -- Date : 10/19/2012 23:03:30
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 473dd1ea403067f7a1d8268a366b5be7
[BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 381551 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 798205590 | Size: 564118 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Jackie Treehorn · Oct 19, 2012

aswMBR log
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 23:04:43
-----------------------------
23:04:43.583 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:43.583 Number of processors: 2 586 0x170A
23:04:43.583 ComputerName: KUNGFUSEMI-TRUC UserName:
23:04:47.483 Initialize success
23:06:31.945 AVAST engine defs: 12101901
23:06:51.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:06:51.874 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
23:06:51.884 Disk 0 MBR read successfully
23:06:51.888 Disk 0 MBR scan
23:06:51.896 Disk 0 unknown MBR code
23:06:51.901 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
23:06:51.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381551 MB offset 16787925
23:06:51.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 564118 MB offset 798205590
23:06:51.979 Disk 0 scanning C:\Windows\system32\drivers
23:07:03.696 Service scanning
23:07:26.576 Modules scanning
23:07:26.588 Disk 0 trace - called modules:
23:07:26.613 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
23:07:26.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e57060]
23:07:26.631 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8005c48580]
23:07:26.639 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c4a060]
23:07:29.109 AVAST engine scan C:\Windows
23:07:34.038 AVAST engine scan C:\Windows\system32
23:12:14.298 AVAST engine scan C:\Windows\system32\drivers
23:12:34.560 AVAST engine scan C:\Users\KungFu Semi-Truckerz
23:18:29.747 AVAST engine scan C:\ProgramData
23:19:20.274 Scan finished successfully
23:20:08.041 Disk 0 MBR has been saved successfully to "C:\Users\KungFu Semi-Truckerz\Desktop\New folder\MBR.dat"
23:20:08.054 The log file has been saved successfully to "C:\Users\KungFu Semi-Truckerz\Desktop\New folder\aswMBR.txt"

Broni · Oct 20, 2012

Good job

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Jackie Treehorn · Oct 20, 2012

ComboFix 12-10-19.01 - KungFu Semi-Truckerz 10/20/2012 18:35:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5885.4701 [GMT -4:00]
Running from: c:\users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 22:43 . 2012-10-20 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 01:04 . 2012-10-20 01:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-17 14:14 . 2012-10-17 14:14 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-17 01:42 . 2012-10-18 16:51 -------- d-----w- c:\users\KungFu Semi-Truckerz\AppData\Local\NPE
2012-10-17 01:38 . 2012-10-17 01:38 -------- d-----w- C:\FRST
2012-10-15 19:23 . 2012-10-16 16:33 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-10-15 18:16 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 16:45 . 2012-10-15 16:45 -------- d-----w- c:\users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
2012-10-15 16:44 . 2012-10-15 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 16:44 . 2012-10-18 02:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-14 00:13 . 2012-10-14 00:13 -------- d-----w- c:\program files\CCleaner
2012-10-10 14:21 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 14:21 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 14:21 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 14:21 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 14:19 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 14:19 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 14:19 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 14:19 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 14:19 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 14:19 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 14:18 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 14:18 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 14:18 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 14:18 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 14:18 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 14:18 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 18:18 . 2012-10-09 18:18 -------- d-----w- c:\program files (x86)\MSECache
2012-09-29 12:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-29 12:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-26 13:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 18:10 . 2012-09-24 18:11 -------- d-----w- c:\users\KungFu Semi-Truckerz\ZipForm
2012-09-22 18:59 . 2012-09-22 18:59 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 00:45 . 2012-02-02 01:20 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 14:31 . 2012-04-28 15:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 14:31 . 2012-02-06 23:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-12 13:11 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:11 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:11 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:11 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-09-17 15:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-02-03 21:52 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-02-03 21:52 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 14:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 13:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 13:11 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-31 18:23 . 2012-07-31 18:23 70016 ----a-w- c:\windows\system32\drivers\S3XXx64.sys
2012-07-28 07:09 . 2012-07-28 07:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 06:54 . 2012-07-28 06:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 23:08 . 2012-07-26 23:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 23:08 . 2012-07-26 23:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 23:08 . 2012-07-26 23:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 23:08 . 2012-07-26 23:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 23:08 . 2012-07-26 23:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 19:22 . 2012-07-26 19:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 19:22 . 2012-07-26 19:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 19:22 . 2012-07-26 19:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 19:22 . 2012-07-26 19:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 19:22 . 2012-07-26 19:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-24 15:57 220608 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Installation Diagnostics"="c:\program files (x86)\Brother\Brmfl05c\Brinstck.exe" [2006-11-04 126976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SentriLockCardUtility.lnk - c:\windows\Installer\{9348BA70-11FB-4A78-A929-0980EF2C4DE8}\Icon9348BA70.exe [2012-10-16 91648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-03-14 21712]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 116648]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [2011-12-02 165456]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 SCR3xx USB Smart Card Reader64;SCR3xx USB Smart Card Reader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2012-07-31 70016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-02 1255736]
R4 SBAMSvc;Ad-Aware; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSvia64.sys [2012-09-01 513184]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-05 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 16384]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 40960]
S3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2012-07-31 70016]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 14:31]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 13:13]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 13:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-24 15:57 244672 ----a-w- c:\users\KungFu Semi-Truckerz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://igoogle.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; cdyjeshxea@cdyjeshxea.org; c:\users\KungFu Semi-Truckerz\Application Data\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-47142672.sys
Toolbar-Locked - (no file)
HKLM-Run-SKDaemon.exe - c:\program files\LTONHIS\Touch Manager\SKDaemon.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBAMSvc]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:01,18,bf,1f,1f,ac,cd,01
.
[HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-20 18:48:09
ComboFix-quarantined-files.txt 2012-10-20 22:48
.
Pre-Run: 349,766,242,304 bytes free
Post-Run: 350,131,011,584 bytes free
.
- - End Of File - - 47F80F5AD11B005944C7FE89587713D2

Broni · Oct 20, 2012

Looks good

Any current issues?

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jackie Treehorn · Oct 20, 2012

OTL logfile created on: 10/20/2012 7:22:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KungFu Semi-Truckerz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 68.67% Memory free
11.49 Gb Paging File | 9.44 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 326.17 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Drive D: | 550.90 Gb Total Space | 316.82 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
Drive E: | 551.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KUNGFUSEMI-TRUC | User Name: KungFu Semi-Truckerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/20 19:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2009/08/20 01:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 19:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2007/10/24 10:20:26 | 005,503,432 | ---- | M] (SentriLock LLC) -- C:\Program Files (x86)\SentrilockCardUtility\SentriLockCardUtility.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 19:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/25 20:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/20 02:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/20 02:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 18:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/12/01 23:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 10:31:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/20 01:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 14:23:02 | 000,070,016 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (SCR3xx USB Smart Card Reader64)
DRV:64bit: - [2012/07/31 14:23:02 | 000,070,016 | ---- | M] (Identive) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 14:43:12 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2009/08/23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 18:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2007/03/08 17:48:36 | 000,016,384 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
DRV:64bit: - [2007/03/08 17:48:26 | 000,040,960 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
DRV - [2012/10/15 13:52:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.022\ex64.sys -- (NAVEX15)
DRV - [2012/10/15 13:52:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.022\eng64.sys -- (NAVENG)
DRV - [2012/09/05 09:21:17 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121019.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 10:12:58 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/14 19:00:05 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/08/18 17:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/20 12:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 11:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/29 13:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Extensions
[2012/10/10 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions
[1832/11/29 02:17:30 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Mozilla\Firefox\Profiles\bd0oltb7.default\extensions\cdyjeshxea@cdyjeshxea.org.xpi
[2012/02/29 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SKDaemon.exe] C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe File not found
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe (Brother Industries, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E81A283-E27E-40B0-976E-958A4BB15955}: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/17 14:28:04 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002/07/31 19:40:10 | 000,151,552 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/08/28 22:23:59 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 19:20:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
[2012/10/20 18:48:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/20 18:33:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/20 18:33:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/20 18:33:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/20 18:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/20 18:30:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/20 15:21:15 | 004,984,242 | R--- | C] (Swearware) -- C:\Users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
[2012/10/20 13:11:47 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\Desktop\Anti virus
[2012/10/19 21:47:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\KungFu Semi-Truckerz\Desktop\aswMBR.exe
[2012/10/19 21:04:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/17 10:14:48 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/16 21:42:35 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\AppData\Local\NPE
[2012/10/16 21:38:21 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/15 14:16:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/15 12:45:18 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Malwarebytes
[2012/10/15 12:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/15 12:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 20:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/09 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/09/24 14:10:44 | 000,000,000 | ---D | C] -- C:\Users\KungFu Semi-Truckerz\ZipForm
[2012/09/22 14:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/09/22 14:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/09/22 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/09/22 14:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

========== Files - Modified Within 30 Days ==========

[2012/10/20 19:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KungFu Semi-Truckerz\Desktop\OTL.exe
[2012/10/20 18:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/20 18:28:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 18:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/20 15:21:15 | 004,984,242 | R--- | M] (Swearware) -- C:\Users\KungFu Semi-Truckerz\Desktop\ComboFix.exe
[2012/10/20 15:11:43 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/20 12:41:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 12:41:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 12:40:58 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/20 12:34:02 | 333,275,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 21:47:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\KungFu Semi-Truckerz\Desktop\aswMBR.exe
[2012/10/19 21:46:53 | 001,425,920 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\Desktop\RogueKiller.exe
[2012/10/17 22:03:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/17 11:02:37 | 859,255,794 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/17 10:14:48 | 000,167,696 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/16 13:05:24 | 000,002,557 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SentriLockCardUtility.lnk
[2012/10/16 13:05:24 | 000,002,539 | ---- | M] () -- C:\Users\Public\Desktop\SentriLockCardUtility.lnk
[2012/10/16 12:33:24 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/10/15 14:32:33 | 000,000,036 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\AppData\Local\housecall.guid.cache
[2012/10/13 20:13:35 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/10 20:46:41 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/10/10 16:01:45 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/10 16:01:45 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/10 16:01:45 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/05 14:21:22 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/10/04 11:39:05 | 000,000,039 | -H-- | M] () -- C:\Users\KungFu Semi-Truckerz\Documents\maxdesk.ini2
[2012/10/04 11:38:58 | 000,000,276 | -H-- | M] () -- C:\Users\KungFu Semi-Truckerz\Documents\PP11Thumbs.ptn
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/24 14:10:16 | 000,000,088 | ---- | M] () -- C:\Users\KungFu Semi-Truckerz\.java.policy
[2012/09/23 13:23:00 | 000,284,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/22 15:05:04 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/09/22 15:01:54 | 000,017,303 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/09/22 15:00:25 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/09/22 14:59:23 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

========== Files Created - No Company Name ==========

[2012/10/20 18:33:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/20 18:33:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/20 18:33:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/20 18:33:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/20 18:33:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/19 21:46:42 | 001,425,920 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\Desktop\RogueKiller.exe
[2012/10/15 15:23:08 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/10/15 14:32:33 | 000,000,036 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\AppData\Local\housecall.guid.cache
[2012/10/15 14:16:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/13 20:13:35 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/04 11:39:05 | 000,000,039 | -H-- | C] () -- C:\Users\KungFu Semi-Truckerz\Documents\maxdesk.ini2
[2012/10/04 11:38:58 | 000,000,276 | -H-- | C] () -- C:\Users\KungFu Semi-Truckerz\Documents\PP11Thumbs.ptn
[2012/09/24 14:10:16 | 000,000,088 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\.java.policy
[2012/09/22 15:00:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/22 14:59:23 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/09/22 14:59:23 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/09/22 14:59:22 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/09/22 14:59:20 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/07/02 21:02:40 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012/02/19 11:09:23 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/02/19 11:01:50 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/19 11:01:50 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8460N.DAT
[2012/02/19 11:00:45 | 000,000,940 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/02/19 11:00:45 | 000,000,176 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/02/19 10:59:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/19 10:59:32 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/02/19 10:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/02/19 10:59:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/02/19 10:59:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/02/18 09:47:38 | 000,034,056 | ---- | C] () -- C:\Windows\MSTMON_T.INI
[2012/02/17 19:59:19 | 000,000,172 | ---- | C] () -- C:\Users\KungFu Semi-Truckerz\.jupload.properties
[2012/02/16 09:59:02 | 000,034,056 | ---- | C] () -- C:\Windows\MSTMON04.INI
[2012/02/16 09:59:02 | 000,020,457 | ---- | C] () -- C:\Windows\MSUMLT04.INI
[2012/02/03 18:51:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/03 18:51:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/02 21:35:19 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/02/02 21:35:17 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/02/01 22:23:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2012/02/01 22:22:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/02/01 22:22:41 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/02/01 22:22:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/02/01 22:22:38 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/02/01 22:20:42 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012/02/01 22:20:05 | 000,024,255 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/02/01 22:19:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/01 22:19:50 | 000,017,303 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/01 21:00:42 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/17 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Ad-Aware Antivirus
[2012/02/19 11:38:15 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\ID Vault
[2012/03/05 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\PC-FAX TX
[2012/02/02 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\pdf995
[2012/02/19 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\ScanSoft
[2012/02/01 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\SentriLock
[2012/03/14 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Tific
[2012/09/01 12:19:19 | 000,000,000 | ---D | M] -- C:\Users\KungFu Semi-Truckerz\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Broni · Oct 20, 2012

Extras.txt?

You didn't say:

Any current issues?

Jackie Treehorn · Oct 20, 2012

Doh! My bad !

OTL Extras logfile created on: 10/20/2012 7:22:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KungFu Semi-Truckerz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 68.67% Memory free
11.49 Gb Paging File | 9.44 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 326.17 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Drive D: | 550.90 Gb Total Space | 316.82 Gb Free Space | 57.51% Space Free | Partition Type: NTFS
Drive E: | 551.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KUNGFUSEMI-TRUC | User Name: KungFu Semi-Truckerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0739787F-7249-4D50-B740-9F12B971B8D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{366F076D-5B61-48C6-BE6E-61883B21DD37}" = lport=139 | protocol=6 | dir=in | app=system |
"{39E22A5F-71A7-4C68-9AE7-93C7EA32681A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40E0C9FA-A177-48E7-82A2-08193369A2B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{45539C09-7DFC-42AD-B018-1CD552FB3272}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A2FB8AB-7F6B-4562-8A18-7E73EB827066}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5692967A-AF71-4B69-A90A-25B438D07DE4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5FECF712-3E62-4389-B93C-04B0D8975C4E}" = lport=138 | protocol=17 | dir=in | app=system |
"{63717801-1ADC-4306-A2AA-930E769E3D79}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A4C67A0-F000-4184-83BA-239F69BACD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{734C5EC7-F818-4DAD-B59F-9ECA1ED01825}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E4111C0-FA7D-4CF7-9F16-D3CA67106167}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8347076A-0576-4360-A47B-BF8BD270EB68}" = lport=445 | protocol=6 | dir=in | app=system |
"{849600F9-8AA8-420C-9F24-11B3BA037410}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90452AAE-E815-40AA-B5D2-A53927E5E0F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A95F5E3-BB81-4BB9-B6ED-72AD25193F53}" = rport=138 | protocol=17 | dir=out | app=system |
"{B7FC9EEF-6E79-49F3-9B4B-161131962ABD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBA53F7B-978B-4E31-9369-D67C743090B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2F7B223-2F3B-4DEF-8CBC-DA37ABA14228}" = rport=445 | protocol=6 | dir=out | app=system |
"{D742344B-A53A-454E-A3BD-4143F24809F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D91A290B-0675-4CDC-A25F-0316FB65BD3E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E7426F4D-87B3-4F00-A543-76673DE79D7B}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF1C6B61-D1E2-4EDC-879B-538F36060332}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5ED2903-ED92-44AE-9953-5E85A79E3955}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9116643-B7DB-4811-B86E-BF1ECCC3A763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B18BE3-0837-49BA-ADAD-D0D34EDB1A4D}" = protocol=6 | dir=out | app=system |
"{0B1DA05A-3114-4A13-B2EB-2891E4A8F283}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{111F9741-7906-4C60-A362-1B7766CDC864}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{112C30F4-E41F-4EAF-B8D7-C918C2DD4437}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{136E1D12-B531-4FB1-8C68-298C693179C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22B344C3-45C5-4708-B44E-D66E3B53155C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2AACE9EA-3FB7-4547-B855-5CD3A86D1271}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2C4DA330-130A-4601-972F-1CF134BE1943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33921FAB-507B-410E-8CF3-6E1198AF18D3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C7FFE4D-9DBF-4983-A760-A286DCDF87BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A190945-B2D9-4B69-B100-DB7ED1EED58A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F3164EC-ADEE-48F2-81DE-D2D3AECC21EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64A64E91-1AB1-4D60-9586-9EEB24BDA20F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E0D13EF-C231-453D-A6C3-B8188524455B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A3AABC8-64DC-4522-9D73-719130D67ADA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7FC0B768-1DC1-4EFA-9809-EB9D5AC5FB46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82E65F4A-2397-4BE7-8F53-B31549E58882}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B41E766-B855-4B00-B8DC-3C918EECC7BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90A8A621-C99C-43B1-8E45-BC0FEAFCA12D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{918D73FB-017E-4528-A1D5-866238FFCC04}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{A791A8BD-CB50-40C5-9BF9-A3637E7ABEB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE226513-1B1E-48DD-A2F2-2BCAD06EEE90}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{B4184512-43C9-4D2E-8E4B-ACC7B936A7C9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B796B149-21D0-413A-B5F5-9ADB16624C9D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EADB3496-D35B-4D40-B635-56DA9C1C53F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB5F131-9734-41FD-A03A-7E09BEABA4EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F55B4FC9-9438-4CB0-97F4-5A0F52B7BA1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F74A6F30-1D77-4594-9A20-DDD5204675E7}" = dir=in | app=c:\users\kungfu semi-truckerz\appdata\local\microsoft\skydrive\skydrive.exe |
"{FC641978-DAED-4406-B807-74DC8D6AAAD4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD69F68C-C297-4361-A8CA-09FAECFDCDC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{84648359-AF77-4C80-9EB8-D3F2501905B2}C:\windows\syswow64\mpsmc__t.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\mpsmc__t.exe |
"UDP Query User{FEEB4D03-3EBF-4F03-B68D-746C7197003D}C:\windows\syswow64\mpsmc__t.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\mpsmc__t.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{5AFA78B0-D9BE-4EBE-ACE4-358F14A32044}" = Touch Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{9348BA70-11FB-4A78-A929-0980EF2C4DE8}" = Sentrilock Card Utility
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader64) SmartCardReader (11/07/2006 4.35.00.01)
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KONICA MINOLTA magicolor 5430DL" = KONICA MINOLTA magicolor 5430DL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}" = Crown Print Monitor+
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"b65b18215977cee35020d91826b412ae" = KONICA MINOLTA magicolor 5430DL Printer Driver Software
"Google Chrome Frame" = Google Chrome Frame
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"N360" = Norton Security Suite
"Pdf995" = Pdf995
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3633375084-144790654-1307329806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2012 12:52:34 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
Description =

Error - 10/18/2012 1:12:34 PM | Computer Name = KungFuSemi-Truc | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9ac Start
Time: 01cdad50534d08b2 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE
Report
Id:

Error - 10/18/2012 8:40:52 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11719
Description =

Error - 10/19/2012 10:41:33 AM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
Description =

Error - 10/19/2012 10:42:49 AM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11706
Description =

Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11341

Error - 10/19/2012 2:23:43 PM | Computer Name = KungFuSemi-Truc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11341

Error - 10/19/2012 7:39:50 PM | Computer Name = KungFuSemi-Truc | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 648 Start
Time: 01cdae076cbe95ba Termination Time: 0 Application Path: C:\Windows\Explorer.EXE
Report
Id:

Error - 10/19/2012 9:09:49 PM | Computer Name = KungFuSemi-Truc | Source = MsiInstaller | ID = 11719
Description =

[ System Events ]
Error - 8/1/2012 11:17:12 AM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/1/2012 3:13:51 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/1/2012 3:13:51 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/1/2012 3:16:27 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/1/2012 3:16:27 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/2/2012 9:16:54 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 8/2/2012 4:45:43 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/2/2012 4:45:43 PM | Computer Name = KungFuSemi-Truc | Source = DCOM | ID = 10016
Description =

Error - 8/3/2012 9:17:37 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 8/4/2012 9:48:16 AM | Computer Name = KungFuSemi-Truc | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

< End of report >

Broni · Oct 20, 2012

You didn't say:

Any current issues?

*** My help doesn't cost a penny, but if you'd like to

Jackie Treehorn · Oct 20, 2012

Yes, when I right click to rotate a jpg photo, Adaware automatically starts a install when it's already installed. In the C drive, the folder Documents & Settings is locked, I can't open.... That's what notice, kinda weird.

Jackie Treehorn · Oct 20, 2012

Ding, Penny in the jar...

Broni · Oct 20, 2012

In Windows 7 "Documents & Settings" is a hidden system folder so you should hide it and leave it alone.

when I right click to rotate a jpg photo, Adaware automatically starts a install when it's already installed

In what program? It doesn't look like malware related so you may want to ask in different forum.

==================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\S-1-5-21-3633375084-144790654-1307329806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/10/16 21:38:21 | 000,000,000 | ---D | C] -- C:\FRST
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Oct 25, 2012

Still with me?

Inactive [A] C:\Windows\svchost.exe.Trojan.Agent removal help

Posts: 15 +0

Attachments

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads