39 replies to this topic

[Serascel]

Hello, yesterday while i had malware bytes turned off for a few minutes I got infected, dont know how or where.. Iven running scans with Malwarebytes PRO and trying to fix it, but they keep coming back..

Im Ataching the DDS files.

Thanks for Your Help.

Attached Files

•  DDS.txt   25.5K   25 downloads
•  Attach.txt   10.02K   17 downloads

[Elise]

Hello and

Your computer is indeed infected with a nasty rootkit. Please read the following information first.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Serascel]

Ill Try to fix this first, since I dont have time this week to be formating my computer :/

Combofix.txt attached

Thanks for the help.

Attached Files

•  ComboFix.txt   23.82K   12 downloads

[Elise]

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.

[Serascel]

TDSSKILLER

17:04:20.0984 6612 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
17:04:21.0208 6612 ============================================================
17:04:21.0208 6612 Current date / time: 2012/03/10 17:04:21.0208
17:04:21.0208 6612 SystemInfo:
17:04:21.0208 6612
17:04:21.0208 6612 OS Version: 6.1.7601 ServicePack: 1.0
17:04:21.0208 6612 Product type: Workstation
17:04:21.0208 6612 ComputerName: HAF-X
17:04:21.0208 6612 UserName: Javier
17:04:21.0208 6612 Windows directory: C:\Windows
17:04:21.0208 6612 System windows directory: C:\Windows
17:04:21.0208 6612 Running under WOW64
17:04:21.0208 6612 Processor architecture: Intel x64
17:04:21.0209 6612 Number of processors: 8
17:04:21.0209 6612 Page size: 0x1000
17:04:21.0209 6612 Boot type: Normal boot
17:04:21.0209 6612 ============================================================
17:04:21.0476 6612 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:04:21.0487 6612 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:04:21.0493 6612 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:04:27.0723 6612 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:04:31.0414 6612 Drive \Device\Harddisk4\DR4 - Size: 0x746F100000 (465.74 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:04:35.0250 6612 \Device\Harddisk0\DR0:
17:04:35.0250 6612 MBR used
17:04:35.0250 6612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:04:35.0250 6612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
17:04:35.0250 6612 \Device\Harddisk1\DR1:
17:04:35.0251 6612 MBR used
17:04:35.0251 6612 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:04:35.0251 6612 \Device\Harddisk2\DR2:
17:04:35.0251 6612 MBR used
17:04:35.0251 6612 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
17:04:35.0251 6612 \Device\Harddisk3\DR3:
17:04:35.0251 6612 MBR used
17:04:35.0251 6612 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830
17:04:35.0251 6612 \Device\Harddisk4\DR4:
17:04:35.0252 6612 MBR used
17:04:35.0252 6612 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A378000
17:04:35.0452 6612 Initialize success
17:04:35.0452 6612 ============================================================
17:04:47.0565 7540 ============================================================
17:04:47.0565 7540 Scan started
17:04:47.0565 7540 Mode: Manual;
17:04:47.0565 7540 ============================================================
17:04:48.0053 7540 1394hub - ok
17:04:48.0075 7540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:04:48.0078 7540 1394ohci - ok
17:04:48.0098 7540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:04:48.0103 7540 ACPI - ok
17:04:48.0119 7540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:04:48.0120 7540 AcpiPmi - ok
17:04:48.0147 7540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:04:48.0154 7540 adp94xx - ok
17:04:48.0176 7540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:04:48.0181 7540 adpahci - ok
17:04:48.0198 7540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:04:48.0202 7540 adpu320 - ok
17:04:48.0222 7540 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
17:04:48.0226 7540 afcdp - ok
17:04:48.0249 7540 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:04:48.0256 7540 AFD - ok
17:04:48.0270 7540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:04:48.0272 7540 agp440 - ok
17:04:48.0285 7540 AiCharger (a41b855edc1f141851e27f984827942c) C:\Windows\system32\DRIVERS\AiCharger.sys
17:04:48.0286 7540 AiCharger - ok
17:04:48.0302 7540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:04:48.0303 7540 aliide - ok
17:04:48.0316 7540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:04:48.0317 7540 amdide - ok
17:04:48.0332 7540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:04:48.0333 7540 AmdK8 - ok
17:04:48.0348 7540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:04:48.0349 7540 AmdPPM - ok
17:04:48.0364 7540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:04:48.0367 7540 amdsata - ok
17:04:48.0383 7540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:04:48.0387 7540 amdsbs - ok
17:04:48.0401 7540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:04:48.0402 7540 amdxata - ok
17:04:48.0416 7540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:04:48.0418 7540 AppID - ok
17:04:48.0440 7540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:04:48.0443 7540 arc - ok
17:04:48.0458 7540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:04:48.0460 7540 arcsas - ok
17:04:48.0466 7540 AsIO - ok
17:04:48.0475 7540 AsUpIO - ok
17:04:48.0491 7540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:48.0492 7540 AsyncMac - ok
17:04:48.0506 7540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:04:48.0507 7540 atapi - ok
17:04:48.0534 7540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:04:48.0541 7540 b06bdrv - ok
17:04:48.0559 7540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:04:48.0563 7540 b57nd60a - ok
17:04:48.0583 7540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:04:48.0584 7540 Beep - ok
17:04:48.0601 7540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:04:48.0602 7540 blbdrive - ok
17:04:48.0619 7540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:04:48.0622 7540 bowser - ok
17:04:48.0636 7540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:04:48.0636 7540 BrFiltLo - ok
17:04:48.0651 7540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:04:48.0651 7540 BrFiltUp - ok
17:04:48.0668 7540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:04:48.0669 7540 BridgeMP - ok
17:04:48.0688 7540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:04:48.0692 7540 Brserid - ok
17:04:48.0706 7540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:04:48.0707 7540 BrSerWdm - ok
17:04:48.0721 7540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:04:48.0722 7540 BrUsbMdm - ok
17:04:48.0735 7540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:04:48.0736 7540 BrUsbSer - ok
17:04:48.0752 7540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:04:48.0754 7540 BTHMODEM - ok
17:04:48.0762 7540 catchme - ok
17:04:48.0778 7540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:04:48.0780 7540 cdfs - ok
17:04:48.0795 7540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:04:48.0798 7540 cdrom - ok
17:04:48.0814 7540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:04:48.0816 7540 circlass - ok
17:04:48.0833 7540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:04:48.0839 7540 CLFS - ok
17:04:48.0860 7540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:04:48.0861 7540 CmBatt - ok
17:04:48.0875 7540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:04:48.0876 7540 cmdide - ok
17:04:48.0896 7540 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:04:48.0902 7540 CNG - ok
17:04:48.0915 7540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:04:48.0916 7540 Compbatt - ok
17:04:48.0930 7540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:04:48.0932 7540 CompositeBus - ok
17:04:48.0948 7540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:04:48.0949 7540 crcdisk - ok
17:04:48.0976 7540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:04:48.0985 7540 CSC - ok
17:04:49.0007 7540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:04:49.0010 7540 DfsC - ok
17:04:49.0026 7540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:04:49.0027 7540 discache - ok
17:04:49.0041 7540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:04:49.0043 7540 Disk - ok
17:04:49.0058 7540 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:04:49.0060 7540 dmvsc - ok
17:04:49.0079 7540 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:04:49.0082 7540 Dot4 - ok
17:04:49.0096 7540 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:04:49.0097 7540 Dot4Print - ok
17:04:49.0111 7540 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:04:49.0113 7540 dot4usb - ok
17:04:49.0129 7540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:04:49.0129 7540 drmkaud - ok
17:04:49.0149 7540 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:04:49.0152 7540 dtsoftbus01 - ok
17:04:49.0181 7540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:04:49.0196 7540 DXGKrnl - ok
17:04:49.0215 7540 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
17:04:49.0219 7540 e1cexpress - ok
17:04:49.0233 7540 EagleX64 - ok
17:04:49.0297 7540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:04:49.0338 7540 ebdrv - ok
17:04:49.0368 7540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:04:49.0376 7540 elxstor - ok
17:04:49.0390 7540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:04:49.0390 7540 ErrDev - ok
17:04:49.0413 7540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:04:49.0417 7540 exfat - ok
17:04:49.0434 7540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:04:49.0438 7540 fastfat - ok
17:04:49.0454 7540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:04:49.0455 7540 fdc - ok
17:04:49.0473 7540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:04:49.0475 7540 FileInfo - ok
17:04:49.0488 7540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:04:49.0489 7540 Filetrace - ok
17:04:49.0503 7540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:04:49.0504 7540 flpydisk - ok
17:04:49.0521 7540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:04:49.0525 7540 FltMgr - ok
17:04:49.0543 7540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:04:49.0545 7540 FsDepends - ok
17:04:49.0559 7540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:04:49.0560 7540 Fs_Rec - ok
17:04:49.0578 7540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:04:49.0582 7540 fvevol - ok
17:04:49.0596 7540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:04:49.0598 7540 gagp30kx - ok
17:04:49.0612 7540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:04:49.0613 7540 GEARAspiWDM - ok
17:04:49.0630 7540 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
17:04:49.0631 7540 hcmon - ok
17:04:49.0646 7540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:04:49.0647 7540 hcw85cir - ok
17:04:49.0665 7540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:04:49.0669 7540 HdAudAddService - ok
17:04:49.0685 7540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:04:49.0687 7540 HDAudBus - ok
17:04:49.0700 7540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:04:49.0701 7540 HidBatt - ok
17:04:49.0716 7540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:04:49.0718 7540 HidBth - ok
17:04:49.0731 7540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:04:49.0732 7540 HidIr - ok
17:04:49.0749 7540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:04:49.0751 7540 HidUsb - ok
17:04:49.0776 7540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:04:49.0778 7540 HpSAMD - ok
17:04:49.0802 7540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:04:49.0812 7540 HTTP - ok
17:04:49.0825 7540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:04:49.0826 7540 hwpolicy - ok
17:04:49.0842 7540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:04:49.0844 7540 i8042prt - ok
17:04:49.0863 7540 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
17:04:49.0866 7540 iaStor - ok
17:04:49.0889 7540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:04:49.0894 7540 iaStorV - ok
17:04:49.0908 7540 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
17:04:49.0909 7540 ICCWDT - ok
17:04:49.0926 7540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:04:49.0928 7540 iirsp - ok
17:04:49.0982 7540 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
17:04:50.0015 7540 IntcAzAudAddService - ok
17:04:50.0030 7540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:04:50.0031 7540 intelide - ok
17:04:50.0045 7540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:04:50.0046 7540 intelppm - ok
17:04:50.0065 7540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:04:50.0067 7540 IpFilterDriver - ok
17:04:50.0084 7540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:04:50.0086 7540 IPMIDRV - ok
17:04:50.0101 7540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:04:50.0103 7540 IPNAT - ok
17:04:50.0118 7540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:04:50.0119 7540 IRENUM - ok
17:04:50.0134 7540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:04:50.0135 7540 isapnp - ok
17:04:50.0161 7540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:04:50.0166 7540 iScsiPrt - ok
17:04:50.0189 7540 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
17:04:50.0191 7540 JRAID - ok
17:04:50.0206 7540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:04:50.0207 7540 kbdclass - ok
17:04:50.0221 7540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:04:50.0223 7540 kbdhid - ok
17:04:50.0239 7540 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:04:50.0241 7540 KSecDD - ok
17:04:50.0256 7540 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:04:50.0258 7540 KSecPkg - ok
17:04:50.0272 7540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:04:50.0274 7540 ksthunk - ok
17:04:50.0295 7540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:04:50.0297 7540 lltdio - ok
17:04:50.0314 7540 lmimirr - ok
17:04:50.0334 7540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:04:50.0337 7540 LSI_FC - ok
17:04:50.0352 7540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:04:50.0354 7540 LSI_SAS - ok
17:04:50.0369 7540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:04:50.0371 7540 LSI_SAS2 - ok
17:04:50.0386 7540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:04:50.0389 7540 LSI_SCSI - ok
17:04:50.0404 7540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:04:50.0406 7540 luafv - ok
17:04:50.0421 7540 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:04:50.0422 7540 MBAMProtector - ok
17:04:50.0439 7540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:04:50.0441 7540 megasas - ok
17:04:50.0460 7540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:04:50.0465 7540 MegaSR - ok
17:04:50.0480 7540 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:04:50.0481 7540 MEIx64 - ok
17:04:50.0498 7540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:04:50.0499 7540 Modem - ok
17:04:50.0514 7540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:04:50.0515 7540 monitor - ok
17:04:50.0531 7540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:04:50.0533 7540 mouclass - ok
17:04:50.0547 7540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:04:50.0549 7540 mouhid - ok
17:04:50.0566 7540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:04:50.0569 7540 mountmgr - ok
17:04:50.0584 7540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:04:50.0587 7540 mpio - ok
17:04:50.0602 7540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:04:50.0604 7540 mpsdrv - ok
17:04:50.0620 7540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:04:50.0622 7540 MRxDAV - ok
17:04:50.0638 7540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:04:50.0641 7540 mrxsmb - ok
17:04:50.0658 7540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:04:50.0662 7540 mrxsmb10 - ok
17:04:50.0678 7540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:04:50.0681 7540 mrxsmb20 - ok
17:04:50.0696 7540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:04:50.0697 7540 msahci - ok
17:04:50.0714 7540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:04:50.0717 7540 msdsm - ok
17:04:50.0738 7540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:04:50.0739 7540 Msfs - ok
17:04:50.0753 7540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:04:50.0753 7540 mshidkmdf - ok
17:04:50.0757 7540 MSICDSetup - ok
17:04:50.0771 7540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:04:50.0772 7540 msisadrv - ok
17:04:50.0790 7540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:04:50.0791 7540 MSKSSRV - ok
17:04:50.0805 7540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:04:50.0805 7540 MSPCLOCK - ok
17:04:50.0820 7540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:04:50.0820 7540 MSPQM - ok
17:04:50.0841 7540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:04:50.0847 7540 MsRPC - ok
17:04:50.0864 7540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:04:50.0864 7540 mssmbios - ok
17:04:50.0883 7540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:04:50.0884 7540 MSTEE - ok
17:04:50.0899 7540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:04:50.0900 7540 MTConfig - ok
17:04:50.0915 7540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:04:50.0916 7540 Mup - ok
17:04:50.0934 7540 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
17:04:50.0939 7540 mv91xx - ok
17:04:50.0959 7540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:04:50.0964 7540 NativeWifiP - ok
17:04:50.0968 7540 ncvet.dll - ok
17:04:50.0998 7540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:04:51.0011 7540 NDIS - ok
17:04:51.0025 7540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:04:51.0026 7540 NdisCap - ok
17:04:51.0039 7540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:04:51.0041 7540 NdisTapi - ok
17:04:51.0055 7540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:04:51.0056 7540 Ndisuio - ok
17:04:51.0072 7540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:04:51.0074 7540 NdisWan - ok
17:04:51.0088 7540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:04:51.0090 7540 NDProxy - ok
17:04:51.0105 7540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:04:51.0107 7540 NetBIOS - ok
17:04:51.0123 7540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:04:51.0127 7540 NetBT - ok
17:04:51.0155 7540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:04:51.0157 7540 nfrd960 - ok
17:04:51.0173 7540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:04:51.0174 7540 Npfs - ok
17:04:51.0187 7540 NPPTNT2 - ok
17:04:51.0205 7540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:04:51.0206 7540 nsiproxy - ok
17:04:51.0242 7540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:04:51.0261 7540 Ntfs - ok
17:04:51.0275 7540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:04:51.0276 7540 Null - ok
17:04:51.0291 7540 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:04:51.0293 7540 nusb3hub - ok
17:04:51.0310 7540 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:04:51.0314 7540 nusb3xhc - ok
17:04:51.0330 7540 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
17:04:51.0333 7540 NVHDA - ok
17:04:51.0509 7540 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:04:51.0654 7540 nvlddmkm - ok
17:04:51.0673 7540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:04:51.0676 7540 nvraid - ok
17:04:51.0693 7540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:04:51.0695 7540 nvstor - ok
17:04:51.0715 7540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:04:51.0718 7540 nv_agp - ok
17:04:51.0733 7540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:04:51.0735 7540 ohci1394 - ok
17:04:51.0758 7540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:04:51.0760 7540 Parport - ok
17:04:51.0775 7540 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:04:51.0777 7540 partmgr - ok
17:04:51.0795 7540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:04:51.0798 7540 pci - ok
17:04:51.0815 7540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:04:51.0816 7540 pciide - ok
17:04:51.0833 7540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:04:51.0836 7540 pcmcia - ok
17:04:51.0851 7540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:04:51.0852 7540 pcw - ok
17:04:51.0877 7540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:04:51.0887 7540 PEAUTH - ok
17:04:51.0930 7540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:04:51.0932 7540 PptpMiniport - ok
17:04:51.0946 7540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:04:51.0948 7540 Processor - ok
17:04:51.0968 7540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:04:51.0971 7540 Psched - ok
17:04:52.0009 7540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:04:52.0031 7540 ql2300 - ok
17:04:52.0046 7540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:04:52.0048 7540 ql40xx - ok
17:04:52.0065 7540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:04:52.0067 7540 QWAVEdrv - ok
17:04:52.0080 7540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:04:52.0081 7540 RasAcd - ok
17:04:52.0095 7540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:04:52.0097 7540 RasAgileVpn - ok
17:04:52.0115 7540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:04:52.0118 7540 Rasl2tp - ok
17:04:52.0135 7540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:04:52.0137 7540 RasPppoe - ok
17:04:52.0152 7540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:04:52.0154 7540 RasSstp - ok
17:04:52.0173 7540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:04:52.0178 7540 rdbss - ok
17:04:52.0192 7540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:04:52.0193 7540 rdpbus - ok
17:04:52.0207 7540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:04:52.0208 7540 RDPCDD - ok
17:04:52.0227 7540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:04:52.0229 7540 RDPDR - ok
17:04:52.0245 7540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:04:52.0246 7540 RDPENCDD - ok
17:04:52.0263 7540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:04:52.0263 7540 RDPREFMP - ok
17:04:52.0280 7540 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:04:52.0281 7540 RdpVideoMiniport - ok
17:04:52.0298 7540 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:04:52.0302 7540 RDPWD - ok
17:04:52.0320 7540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:04:52.0325 7540 rdyboost - ok
17:04:52.0348 7540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:04:52.0350 7540 rspndr - ok
17:04:52.0369 7540 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:04:52.0372 7540 RTL8167 - ok
17:04:52.0389 7540 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
17:04:52.0391 7540 RzSynapse - ok
17:04:52.0406 7540 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:04:52.0407 7540 s3cap - ok
17:04:52.0425 7540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:04:52.0427 7540 sbp2port - ok
17:04:52.0445 7540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:04:52.0446 7540 scfilter - ok
17:04:52.0467 7540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:04:52.0468 7540 secdrv - ok
17:04:52.0489 7540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:04:52.0490 7540 Serenum - ok
17:04:52.0505 7540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:04:52.0507 7540 Serial - ok
17:04:52.0520 7540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:04:52.0521 7540 sermouse - ok
17:04:52.0543 7540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:04:52.0543 7540 sffdisk - ok
17:04:52.0557 7540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:04:52.0558 7540 sffp_mmc - ok
17:04:52.0572 7540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:04:52.0573 7540 sffp_sd - ok
17:04:52.0587 7540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:04:52.0588 7540 sfloppy - ok
17:04:52.0606 7540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:04:52.0608 7540 SiSRaid2 - ok
17:04:52.0622 7540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:04:52.0624 7540 SiSRaid4 - ok
17:04:52.0639 7540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:04:52.0642 7540 Smb - ok
17:04:52.0663 7540 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
17:04:52.0668 7540 snapman - ok
17:04:52.0684 7540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:04:52.0685 7540 spldr - ok
17:04:52.0715 7540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:04:52.0721 7540 srv - ok
17:04:52.0742 7540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:04:52.0748 7540 srv2 - ok
17:04:52.0765 7540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:04:52.0768 7540 srvnet - ok
17:04:52.0788 7540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:04:52.0790 7540 stexstor - ok
17:04:52.0805 7540 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:04:52.0807 7540 storflt - ok
17:04:52.0822 7540 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:04:52.0823 7540 storvsc - ok
17:04:52.0836 7540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:04:52.0837 7540 swenum - ok
17:04:52.0855 7540 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
17:04:52.0858 7540 Synth3dVsc - ok
17:04:52.0876 7540 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
17:04:52.0877 7540 tap0901 - ok
17:04:52.0892 7540 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
17:04:52.0893 7540 tap0901t - ok
17:04:52.0935 7540 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:04:52.0957 7540 Tcpip - ok
17:04:52.0995 7540 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:04:53.0009 7540 TCPIP6 - ok
17:04:53.0025 7540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:04:53.0027 7540 tcpipreg - ok
17:04:53.0043 7540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:04:53.0044 7540 TDPIPE - ok
17:04:53.0074 7540 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
17:04:53.0089 7540 tdrpman273 - ok
17:04:53.0104 7540 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:04:53.0105 7540 TDTCP - ok
17:04:53.0121 7540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:04:53.0125 7540 tdx - ok
17:04:53.0140 7540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:04:53.0141 7540 TermDD - ok
17:04:53.0155 7540 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
17:04:53.0157 7540 terminpt - ok
17:04:53.0189 7540 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
17:04:53.0200 7540 timounter - ok
17:04:53.0220 7540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:04:53.0221 7540 tssecsrv - ok
17:04:53.0236 7540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:04:53.0238 7540 TsUsbFlt - ok
17:04:53.0252 7540 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:04:53.0253 7540 TsUsbGD - ok
17:04:53.0269 7540 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
17:04:53.0271 7540 tsusbhub - ok
17:04:53.0286 7540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:04:53.0289 7540 tunnel - ok
17:04:53.0305 7540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:04:53.0307 7540 uagp35 - ok
17:04:53.0326 7540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:04:53.0331 7540 udfs - ok
17:04:53.0352 7540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:04:53.0354 7540 uliagpkx - ok
17:04:53.0368 7540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:04:53.0369 7540 umbus - ok
17:04:53.0384 7540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:04:53.0385 7540 UmPass - ok
17:04:53.0404 7540 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:04:53.0405 7540 USBAAPL64 - ok
17:04:53.0420 7540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:04:53.0423 7540 usbccgp - ok
17:04:53.0439 7540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:04:53.0441 7540 usbcir - ok
17:04:53.0455 7540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:04:53.0456 7540 usbehci - ok
17:04:53.0474 7540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:04:53.0479 7540 usbhub - ok
17:04:53.0493 7540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:04:53.0494 7540 usbohci - ok
17:04:53.0508 7540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:04:53.0510 7540 usbprint - ok
17:04:53.0524 7540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:04:53.0526 7540 usbscan - ok
17:04:53.0541 7540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:04:53.0543 7540 USBSTOR - ok
17:04:53.0557 7540 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:04:53.0558 7540 usbuhci - ok
17:04:53.0580 7540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:04:53.0581 7540 vdrvroot - ok
17:04:53.0598 7540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:04:53.0599 7540 vga - ok
17:04:53.0614 7540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:04:53.0615 7540 VgaSave - ok
17:04:53.0629 7540 VGPU - ok
17:04:53.0647 7540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:04:53.0651 7540 vhdmp - ok
17:04:53.0665 7540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:04:53.0665 7540 viaide - ok
17:04:53.0682 7540 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:04:53.0685 7540 vmbus - ok
17:04:53.0699 7540 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:04:53.0700 7540 VMBusHID - ok
17:04:53.0716 7540 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
17:04:53.0718 7540 vmci - ok
17:04:53.0734 7540 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys
17:04:53.0735 7540 vmkbd - ok
17:04:53.0749 7540 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:04:53.0749 7540 VMnetAdapter - ok
17:04:53.0765 7540 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:04:53.0766 7540 VMnetBridge - ok
17:04:53.0782 7540 VMnetuserif (6b17d7fad2d61d5a2c2b6d3ea25bdca8) C:\Windows\system32\drivers\vmnetuserif.sys
17:04:53.0783 7540 VMnetuserif - ok
17:04:53.0803 7540 vmx86 (e2a591ecc4525eb0b05c65a9b24cf05e) C:\Windows\system32\drivers\vmx86.sys
17:04:53.0804 7540 vmx86 - ok
17:04:53.0819 7540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:04:53.0820 7540 volmgr - ok
17:04:53.0840 7540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:04:53.0845 7540 volmgrx - ok
17:04:53.0863 7540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:04:53.0868 7540 volsnap - ok
17:04:53.0885 7540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:04:53.0887 7540 vsmraid - ok
17:04:53.0892 7540 vstor2-mntapi10-shared - ok
17:04:53.0907 7540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:04:53.0908 7540 vwifibus - ok
17:04:53.0928 7540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:04:53.0929 7540 WacomPen - ok
17:04:53.0944 7540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:04:53.0946 7540 WANARP - ok
17:04:53.0949 7540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:04:53.0950 7540 Wanarpv6 - ok
17:04:53.0974 7540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:04:53.0975 7540 Wd - ok
17:04:53.0989 7540 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:04:53.0990 7540 WDC_SAM - ok
17:04:54.0014 7540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:04:54.0023 7540 Wdf01000 - ok
17:04:54.0049 7540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:04:54.0050 7540 WfpLwf - ok
17:04:54.0066 7540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:04:54.0067 7540 WIMMount - ok
17:04:54.0096 7540 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:04:54.0097 7540 WinUsb - ok
17:04:54.0116 7540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:04:54.0117 7540 WmiAcpi - ok
17:04:54.0141 7540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:04:54.0142 7540 ws2ifsl - ok
17:04:54.0167 7540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:04:54.0169 7540 WudfPf - ok
17:04:54.0187 7540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:04:54.0191 7540 WUDFRd - ok
17:04:54.0207 7540 X6va005 - ok
17:04:54.0223 7540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:04:54.0228 7540 \Device\Harddisk0\DR0 - ok
17:04:54.0231 7540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:04:54.0233 7540 \Device\Harddisk1\DR1 - ok
17:04:54.0235 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:04:54.0238 7540 \Device\Harddisk2\DR2 - ok
17:04:54.0241 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
17:04:54.0244 7540 \Device\Harddisk3\DR3 - ok
17:04:54.0247 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
17:04:54.0250 7540 \Device\Harddisk4\DR4 - ok
17:04:54.0253 7540 Boot (0x1200) (5d3c312643056a6b1407ac402f39ef92) \Device\Harddisk0\DR0\Partition0
17:04:54.0254 7540 \Device\Harddisk0\DR0\Partition0 - ok
17:04:54.0257 7540 Boot (0x1200) (042760ae955170068bf29a0ecb1dddaf) \Device\Harddisk0\DR0\Partition1
17:04:54.0258 7540 \Device\Harddisk0\DR0\Partition1 - ok
17:04:54.0261 7540 Boot (0x1200) (5882cb11d7cb37824e616cd6270c82b2) \Device\Harddisk1\DR1\Partition0
17:04:54.0262 7540 \Device\Harddisk1\DR1\Partition0 - ok
17:04:54.0265 7540 Boot (0x1200) (ee04abfa7200323e001c23c9775bbf83) \Device\Harddisk2\DR2\Partition0
17:04:54.0267 7540 \Device\Harddisk2\DR2\Partition0 - ok
17:04:54.0270 7540 Boot (0x1200) (e560021e12c8a6f980587a78b2e1fb8d) \Device\Harddisk3\DR3\Partition0
17:04:54.0271 7540 \Device\Harddisk3\DR3\Partition0 - ok
17:04:54.0274 7540 Boot (0x1200) (402173f3703b3dc139b93f18bb235a1c) \Device\Harddisk4\DR4\Partition0
17:04:54.0276 7540 \Device\Harddisk4\DR4\Partition0 - ok
17:04:54.0277 7540 ============================================================
17:04:54.0277 7540 Scan finished
17:04:54.0277 7540 ============================================================
17:04:54.0285 5692 Detected object count: 0
17:04:54.0285 5692 Actual detected object count: 0


FARBAR

Farbar Service Scanner Version: 01-03-2012
Ran by Javier (administrator) on 10-03-2012 at 17:05:56
Running from "E:\Documents"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Thanks.

[Elise]

Hi again, let me know how everything is running after the following fixes.


Please download: http://download.blee.../RestoreBFE.exe
Double click on the downloaded file. It should only take a few seconds to run.
When complete, it will say .. "Done! Please check if BFE service is running now"


Next, please download this file: http://download.blee...es/7/MpsSvc.reg
Double click on it to merge it in the registry (click Yes/OK to confirm).

[Serascel]

Done, and done, everything seems to be running fine like before, nothings running slow or anything...

But the rootkit seems to be still there :/

[Elise]

What makes you think the rootkit is still there? What is detecting it?

[Serascel]

MalwareBytes Pro, both quickscan and full scan detecting the rootkit..


Malware Bytes Quick Scan log:

Protection: Enabled

10/03/2012 19:21:38
mbam-log-2012-03-10 (19-26-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216203
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|17314 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\users\javier\appdata\local\temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> No action taken.

(end)

[Elise]

These are components, but not active parts of the rootkit. Please delete both items, restart the computer and let me know if they still get detected afterwards.

[Serascel]

Deleted, restarted, but they still show on the scans...

Protection: Enabled

11/03/2012 0:00:34
mbam-log-2012-03-11 (00-02-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215756
Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|17314 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Javier\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.

(end)

[Elise]

How did you delete the objects (MBAM log s hows twice No Action Taken), did you have MBAM delete it?

How is the computer running besides this?

[Serascel]

Ive tryed MBAM deleting them after plenty of scans, but after computer restart and another quickscan, they keep showing....

seems to be running ok, maybe a little slugish..


Thanks.

[Elise]

Can you please rerun DDS and post me the new dds.txt log?

[Serascel]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Javier at 13:25:35 on 2012-03-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.4645 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
E:\Tribes\HiPatchService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Tunngle\TnglCtrl.exe
C:\Windows\SysWOW64\UAService7.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe
E:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\HP\HP Software Update\hpwuSchd2.exe
E:\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
E:\HP\Digital Imaging\bin\hpqSTE08.exe
E:\HP\Digital Imaging\bin\hpqbam08.exe
E:\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
E:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [FileHippo.com] "E:\FileHippo.com\UpdateChecker.exe" /background
uRun: [Google Update] "C:\Users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mExplorerRun: [17314] C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat
StartupFolder: C:\Users\Javier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Descargar con Mipony - file://E:\MiPony\Browser\IEContext.htm
IE: Free YouTube to iPhone Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
TCP: Interfaces\{0EF470FC-2CA4-4648-8DEA-426EB57A57B4} : DhcpNameServer = 87.216.1.65 87.216.1.66
TCP: Interfaces\{593690F9-0E56-4C39-BAEA-38D547F2DC69} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{7748365C-5BD9-45C3-9CD2-56B9B7A2EABC} : DhcpNameServer = 95.141.192.4
TCP: Interfaces\{8AE21A37-27A6-4BB0-9A36-37C62A838C69} : DhcpNameServer = 87.216.1.65 87.216.1.66
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Javier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Javier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-7 3246040]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-6 586880]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-13 210024]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Tribes\HiPatchService.exe [2012-2-17 8704]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-6 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 TunngleService;TunngleService;E:\Tunngle\TnglCtrl.exe [2011-8-15 741224]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-10 08:56:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-10 08:56:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-10 08:55:13 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-03-10 08:54:06 -------- d-sh--w- C:\Users\Javier\AppData\Local\7d1143f4
2012-03-09 16:23:00 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D43C1CFF-7E4F-4AEA-B0CF-08F9E1E01421}\mpengine.dll
2012-03-08 21:02:06 -------- d-----w- C:\Users\Javier\AppData\Local\Red 5 Studios
2012-03-08 14:58:03 -------- d-----w- C:\Program Files\iPod
2012-03-08 14:58:01 -------- d-----w- C:\Program Files\iTunes
2012-03-08 14:58:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-08 14:55:31 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-08 13:25:53 -------- d-----w- C:\Users\Javier\AppData\Roaming\kodak
2012-03-06 15:20:11 -------- d-----w- C:\Users\Javier\vm
2012-03-05 12:53:19 -------- d-----w- C:\Users\Javier\AppData\Local\VMware
2012-03-05 12:49:11 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-03-05 12:48:48 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-03-05 12:48:47 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-03-05 12:48:47 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-03-05 12:48:46 942192 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-03-05 12:48:44 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-03-05 12:48:44 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2012-03-05 12:48:27 -------- d-----w- C:\Users\Javier\messages
2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\VMware
2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-03-05 12:48:20 -------- d-----w- C:\Program Files\Common Files\VMware
2012-03-05 11:36:22 -------- d-----w- C:\Program Files\Business Objects
2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\js
2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\images
2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\html
2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\css
2012-03-05 11:35:32 -------- d-----w- C:\Program Files (x86)\Business Objects
2012-03-05 11:32:08 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-03-05 11:30:08 -------- d-----w- C:\Windows\SysWow64\3082
2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\CE Remote Tools
2012-03-05 11:18:10 -------- d-----w- C:\Program Files\Microsoft Device Emulator
2012-03-05 11:18:10 -------- d-----w- C:\Program Files (x86)\Microsoft Device Emulator
2012-03-05 11:09:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-05 11:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft Web Designer Tools
2012-03-05 11:09:20 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.res.3082.dll
2012-03-05 11:09:20 562688 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.exe
2012-03-05 11:09:14 -------- d-----w- C:\Users\Javier\AppData\Local\Microsoft Help
2012-03-01 21:13:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-03-01 17:45:07 1710336 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\3082\ResourceCache.dll
2012-02-29 15:10:12 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-02-29 15:10:07 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-02-29 15:07:27 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-02-29 15:07:25 -------- d-----w- C:\Program Files\IIS
2012-02-29 15:07:25 -------- d-----w- C:\Program Files (x86)\IIS
2012-02-29 15:07:03 1632288 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-29 15:01:57 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-02-29 15:00:30 -------- d-----w- C:\Windows\PCHEALTH
2012-02-26 12:36:27 48167 ----a-w- C:\Windows\SysWow64\uninst.exe
2012-02-23 15:05:21 -------- d-----w- C:\Users\Javier\AppData\Roaming\FOG Downloader
2012-02-17 15:10:21 -------- d-----w- C:\Users\Javier\AppData\Local\Chromium
2012-02-17 14:16:36 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-02-16 20:38:09 -------- d-----w- C:\ProgramData\EA Logs
2012-02-16 02:00:32 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 06:39:15 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 06:39:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 06:39:15 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 06:39:15 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 06:39:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 06:39:15 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 06:39:14 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 06:39:14 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-10 10:07:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 14:55:27 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 21:01:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-16 20:57:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
.
============= FINISH: 13:25:57,98 ===============


Thanks.

[Elise]

Can you run Combofix once more and post me the new log?

[Serascel]

Runned Combofix like 5 times now in a row, but no Combofix.txt being created, its not appearing at C:\ or anywhere else, tryed redownloading combofix, but same problem, Comobfix runs fine, but no .txt being created..

[Elise]

Does it finish completely or does it crash somewhere?

[Serascel]

Finishes Completely

[Elise]

In that case post a new dds.txt log so I can see if it did actually do something or if the runs had no result.