skiguyross
Posts: 11 +0
I have a ridiculous virus on my computer that so far I have been unable to clean. Before finding these forums I ran virus scans on Microsoft Security Essentials, AdAware, Housecall from TrendMicro, and Malwarebytes' Anti-Malware. I ran a good majority of them in safe mode. My computer found problems and said to have cleaned it, but the problems persist. Attached are two Malwarebytes logs: one is the most recent run, the other the latest run where it found problems.
Here are the requested logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8156
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/14/2011 5:12:41 PM
mbam-log-2011-11-14 (17-12-41).txt
Scan type: Quick scan
Objects scanned: 215370
Time elapsed: 8 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is one I ran yesterday that did find malicious software:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8156
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/13/2011 4:17:45 PM
mbam-log-2011-11-13 (16-17-45).txt
Scan type: Quick scan
Objects scanned: 215303
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> 4008 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iXXXqjjUeIBrzNx (Trojan.Dropper) -> Value: iXXXqjjUeIBrzNx -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot.Gen) -> Value: 38B.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uIBBrrzPNyxA8234A (Trojan.FakeAlert.CLGen) -> Value: uIBBrrzPNyxA8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot) -> Value: 38B.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Ross\AppData\Roaming\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1708482083-798194572-1285507946-1000\$R9F8Q2O\av security 2012v121.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Local\Temp\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Ross\local settings\temporary internet files\Content.IE5\SCPH70ES\file[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\firefox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ross\Desktop\av security 2012.lnk (Rogue.AVSecurity2012) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\LP\D014\38B.exe (Backdoor.CycBot) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-14 21:40:37
Windows 6.0.6002 Service Pack 2
Running: gmer.exe
---- Services - GMER 1.0.15 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service system32\DRIVERS\Accelerometer.sys (HP Accelerometer/Hewlett-Packard Company) [MANUAL] Accelerometer
Service system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [BOOT] adp94xx
Service system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [BOOT] adpahci
Service system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (X64)/Adaptec, Inc.) [BOOT] adpu160m
Service system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [BOOT] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation) [AUTO] AESTFilters
Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [BOOT] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] aliide
Service system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [BOOT] amdide
Service system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) AppMgmt
Service system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [BOOT] arc
Service system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [BOOT] arcsas
Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [MANUAL] Autodesk Licensing Service
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [MANUAL] blbdrive
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
Service system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service BTHPORT
Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64
Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [BOOT] cmdide
Service C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) [DISABLED] Com4QLBEx
Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Windows\system32\crypserv.exe (CrypKey License Service/CrypKey (Canada) Ltd.) [AUTO] Crypkey License
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona Local Host/DigitalPersona, Inc.) [AUTO] DpHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service system32\DRIVERS\E1G6032E.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service [DISABLED] eabfiltr
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [BOOT] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service system32\DRIVERS\enecir.sys (ENE CIR Driver for eHome(64)/ENE TECHNOLOGY INC.) [MANUAL] enecir
Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub
Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service C:\Program [AUTO] gupdate1ca51e2abc2f06b
Service C:\Program [MANUAL] gupdatem
Service C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv
Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [DISABLED] HP Health Check Service
Service system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [BOOT] HpCISSs
Service system32\DRIVERS\hpdskflt.sys (HP Disk Filter - SATA/RAID/Hewlett-Packard Company) [BOOT] hpdskflt
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hpqcxs08
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hpqddsvc
Service system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HpqKbFiltr
Service C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [DISABLED] hpqwmiex
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] HPSLPSVC
Service C:\Windows\system32\Hpservice.exe (HpService/Hewlett-Packard Company) [DISABLED] hpsrv
Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [BOOT] i2omp
Service system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON
Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
Service system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [BOOT] iaStorV
Service C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [BOOT] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] intelide
Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
Service system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc.) [MANUAL] iPod Service
Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteatapi
Service system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteraid
Service system32\DRIVERS\jmcr.sys (JMicron JMB38X Flash Media Controller Driver/JMicron Technology Corporation) [MANUAL] JMCR
Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [MANUAL] Lavasoft Ad-Aware Service
Service system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service ldap
Service C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [DISABLED] LightScribeService
Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [BOOT] LSI_FC
Service system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [BOOT] LSI_SAS
Service system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [BOOT] LSI_SCSI
Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x64/LSI Corporation) [BOOT] megasas
Service system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [BOOT] MegaSR
Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [AUTO] MotoConnect Service
Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation) [SYSTEM] MpFilter
Service system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [BOOT] mpio
Service system32\DRIVERS\MpNWMon.sys (Network monitor driver/Microsoft Corporation) [MANUAL] MpNWMon
Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86-64/LSI Logic Corporation) [BOOT] Mraid35x
Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [BOOT] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) [AUTO] MsMpSvc
Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Net Driver HPZ12
Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Here are the requested logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8156
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/14/2011 5:12:41 PM
mbam-log-2011-11-14 (17-12-41).txt
Scan type: Quick scan
Objects scanned: 215370
Time elapsed: 8 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is one I ran yesterday that did find malicious software:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8156
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/13/2011 4:17:45 PM
mbam-log-2011-11-13 (16-17-45).txt
Scan type: Quick scan
Objects scanned: 215303
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> 4008 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iXXXqjjUeIBrzNx (Trojan.Dropper) -> Value: iXXXqjjUeIBrzNx -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot.Gen) -> Value: 38B.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uIBBrrzPNyxA8234A (Trojan.FakeAlert.CLGen) -> Value: uIBBrrzPNyxA8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot) -> Value: 38B.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Ross\AppData\Roaming\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-1708482083-798194572-1285507946-1000\$R9F8Q2O\av security 2012v121.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Local\Temp\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Ross\local settings\temporary internet files\Content.IE5\SCPH70ES\file[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\firefox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ross\Desktop\av security 2012.lnk (Rogue.AVSecurity2012) -> Quarantined and deleted successfully.
c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\LP\D014\38B.exe (Backdoor.CycBot) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-14 21:40:37
Windows 6.0.6002 Service Pack 2
Running: gmer.exe
---- Services - GMER 1.0.15 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service system32\DRIVERS\Accelerometer.sys (HP Accelerometer/Hewlett-Packard Company) [MANUAL] Accelerometer
Service system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [BOOT] adp94xx
Service system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [BOOT] adpahci
Service system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (X64)/Adaptec, Inc.) [BOOT] adpu160m
Service system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [BOOT] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation) [AUTO] AESTFilters
Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [BOOT] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] aliide
Service system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [BOOT] amdide
Service system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) AppMgmt
Service system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [BOOT] arc
Service system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [BOOT] arcsas
Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [MANUAL] Autodesk Licensing Service
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [MANUAL] blbdrive
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
Service system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service BTHPORT
Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64
Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [BOOT] cmdide
Service C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) [DISABLED] Com4QLBEx
Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Windows\system32\crypserv.exe (CrypKey License Service/CrypKey (Canada) Ltd.) [AUTO] Crypkey License
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona Local Host/DigitalPersona, Inc.) [AUTO] DpHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service system32\DRIVERS\E1G6032E.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service [DISABLED] eabfiltr
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [BOOT] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service system32\DRIVERS\enecir.sys (ENE CIR Driver for eHome(64)/ENE TECHNOLOGY INC.) [MANUAL] enecir
Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub
Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service C:\Program [AUTO] gupdate1ca51e2abc2f06b
Service C:\Program [MANUAL] gupdatem
Service C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv
Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [DISABLED] HP Health Check Service
Service system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [BOOT] HpCISSs
Service system32\DRIVERS\hpdskflt.sys (HP Disk Filter - SATA/RAID/Hewlett-Packard Company) [BOOT] hpdskflt
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hpqcxs08
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hpqddsvc
Service system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HpqKbFiltr
Service C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [DISABLED] hpqwmiex
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] HPSLPSVC
Service C:\Windows\system32\Hpservice.exe (HpService/Hewlett-Packard Company) [DISABLED] hpsrv
Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [BOOT] i2omp
Service system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON
Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
Service system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [BOOT] iaStorV
Service C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [BOOT] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] intelide
Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
Service system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc.) [MANUAL] iPod Service
Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteatapi
Service system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteraid
Service system32\DRIVERS\jmcr.sys (JMicron JMB38X Flash Media Controller Driver/JMicron Technology Corporation) [MANUAL] JMCR
Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [MANUAL] Lavasoft Ad-Aware Service
Service system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service ldap
Service C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [DISABLED] LightScribeService
Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [BOOT] LSI_FC
Service system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [BOOT] LSI_SAS
Service system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [BOOT] LSI_SCSI
Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x64/LSI Corporation) [BOOT] megasas
Service system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [BOOT] MegaSR
Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [AUTO] MotoConnect Service
Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation) [SYSTEM] MpFilter
Service system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [BOOT] mpio
Service system32\DRIVERS\MpNWMon.sys (Network monitor driver/Microsoft Corporation) [MANUAL] MpNWMon
Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86-64/LSI Logic Corporation) [BOOT] Mraid35x
Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [BOOT] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) [AUTO] MsMpSvc
Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Net Driver HPZ12
Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon