Jump to content


Photo
- - - - -

Trojan.Agent viruses from svchost.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 03 January 2012 - 11:44 AM

I am using Malwarebytes Anti-Malware v1.60.0.1800 and after I run a quick scan, it shows two infections:
Trojan.Agent File C:\Windows\svchost.exe
Trojan.Agent Memory Process C:\Windows\svchost.exe.

When I select remove, it says they will be removed after reboot but after restarting system, they are still present.

Also I keep getting a pop up from Malwarebytes stating:
"Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website:(ip)
Type:outgoing
Port:(numbers are different), Process: scvhost.exe"

Here are the MBAM and DDS logs. I tried running Combofix afterwards but when stage 50 was completed (took about 15 minutes to run), my computer restarted and did not produce a log of it.

Please help anybody, this has been really bugging me and I would so appreciate any advice, thanks.

Attached Files



#2 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 January 2012 - 12:49 AM

bump...please help.

#3 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 January 2012 - 12:06 AM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 27 January 2012 - 12:54 AM

Here are those two logs you requested. Thanks for replying and hoping these viruses get removed.

Attached Files



#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 02 February 2012 - 04:05 PM

Hi,

My apologies for the delay.


In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 03 February 2012 - 12:21 AM

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
JOEMAMA :: MARK [administrator]

Protection: Enabled

2/2/2012 11:13:08 PM
mbam-log-2012-02-02 (23-20-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189480
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3064 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#7 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 03 February 2012 - 12:26 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by JOEMAMA at 23:21:04 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1455 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
-netsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
dRun: [Smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\052416E646A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\27564627F6F666 : DhcpNameServer = 10.1.0.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\64169627669656C6460275966496 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\D41434024416464697 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{FAA42CA5-33E4-4326-AB4A-B34E1C0D0815} : DhcpNameServer = 209.183.35.23 209.183.33.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun-x64: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2012-1-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-24 583640]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-1-17 278528]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-4 121416]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-4 125512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-03 05:10:32 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-02-03 02:56:21 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com
2012-02-03 02:56:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-03 02:56:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-03 02:46:12 691 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\GetValue.vbs
2012-02-03 02:46:12 35 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\SetValue.bat
2012-02-03 02:42:46 3174 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-02-02 23:24:46 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\True Sword
2012-02-02 23:20:10 -------- d-----w- C:\Program Files (x86)\True Sword 5
2012-02-02 22:11:18 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\TestApp
2012-02-02 22:03:07 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\Curiolab
2012-02-02 21:58:24 -------- d-----w- C:\ProgramData\PC Tools
2012-02-02 18:09:00 -------- d-----w- C:\ProgramData\WeCareReminder
2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\MSSOAP
2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-02-02 17:11:35 -------- d-----w- C:\Program Files (x86)\Webroot
2012-01-28 04:56:22 -------- d-----w- C:\Program Files (x86)\facemoods.com
2012-01-28 04:55:40 -------- d-----w- C:\Program Files (x86)\JDownloader
2012-01-27 21:02:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-01-27 21:01:23 -------- d-----w- C:\Program Files\ATI Technologies
2012-01-27 20:56:47 -------- d-----w- C:\Program Files\CCleaner
2012-01-27 05:33:59 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\SanctionedMedia
2012-01-24 23:59:12 -------- d-----w- C:\Program Files (x86)\CRS
2012-01-24 23:32:40 645632 ------w- C:\Windows\System32\stapi64.dll
2012-01-24 23:30:57 505344 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-01-24 23:30:56 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-01-24 23:30:56 1465344 ----a-w- C:\Windows\System32\stapo64.dll
2012-01-24 23:30:45 -------- d-----w- C:\Program Files\IDT
2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-24 00:59:13 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\PunkBuster
2012-01-23 18:58:29 -------- d-----w- C:\Program Files (x86)\Activision
2012-01-22 04:01:26 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\Chromium
2012-01-22 03:59:57 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2012-01-22 03:58:57 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-01-22 03:57:58 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll
2012-01-21 20:35:07 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-01-19 19:40:39 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-13 22:16:42 -------- d-----w- C:\Users\JOEMAMA\.swt
2012-01-12 18:18:04 -------- d-----w- C:\Malwarebytes
2012-01-04 16:04:35 -------- d-sh--w- C:\Windows\SysWow64\%USERPROFILE%
.
==================== Find3M ====================
.
2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-16 04:55:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-03-20 14:25:22 1713152 ----a-w- C:\Program Files (x86)\Xpadder [5.7].exe
2007-06-13 18:21:26 2095132 ----a-w- C:\Program Files (x86)\GLoarbLineClient.exe
.
============= FINISH: 23:24:11.38 ===============

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 05 February 2012 - 07:08 PM

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 February 2012 - 08:06 PM

combofix log:

ComboFix 12-02-05.02 - JOEMAMA 02/05/2012 18:34:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1872 [GMT -6:00]
Running from: c:\users\JOEMAMA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}
c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome.manifest
c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome\xulcache.jar
c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\defaults\preferences\xulcache.js
c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 00:45 . 2012-02-06 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com
2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-03 02:46 . 2012-02-03 02:50 691 ----a-w- c:\users\JOEMAMA\AppData\Roaming\GetValue.vbs
2012-02-03 02:46 . 2012-02-03 02:50 35 ----a-w- c:\users\JOEMAMA\AppData\Roaming\SetValue.bat
2012-02-03 02:42 . 2012-02-03 02:50 3174 ----a-w- c:\windows\SysWow64\tmp.reg
2012-02-03 02:41 . 2009-06-02 17:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe
2012-02-03 02:41 . 2008-12-12 07:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe
2012-02-03 02:41 . 2008-11-30 00:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe
2012-02-03 02:41 . 2008-10-01 21:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe
2012-02-03 02:41 . 2008-09-20 18:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe
2012-02-03 02:41 . 2008-08-18 18:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe
2012-02-03 02:41 . 2008-05-19 03:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe
2012-02-03 02:41 . 2007-09-06 06:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe
2012-02-03 02:41 . 2006-04-27 23:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe
2012-02-03 02:41 . 2004-08-01 00:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe
2012-02-03 02:41 . 2003-06-06 03:13 53248 ----a-w- c:\windows\SysWow64\Process.exe
2012-02-02 23:24 . 2012-02-02 23:24 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\True Sword
2012-02-02 23:20 . 2012-02-02 23:25 -------- d-----w- c:\program files (x86)\True Sword 5
2012-02-02 22:11 . 2012-02-02 22:11 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\TestApp
2012-02-02 22:03 . 2012-02-02 22:03 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\Curiolab
2012-02-02 21:58 . 2012-02-03 01:01 -------- d-----w- c:\programdata\PC Tools
2012-02-02 18:09 . 2012-02-02 18:09 -------- d-----w- c:\programdata\WeCareReminder
2012-02-02 17:11 . 2012-02-02 17:11 -------- d-----w- c:\program files (x86)\MSSOAP
2012-02-02 17:11 . 2012-02-02 17:11 -------- d-----w- c:\program files (x86)\Webroot
2012-01-28 04:55 . 2012-02-03 05:11 -------- d-----w- c:\program files (x86)\JDownloader
2012-01-27 21:05 . 2012-01-27 21:05 -------- d-----w- c:\programdata\ATI
2012-01-27 21:02 . 2012-01-27 21:02 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-01-27 21:01 . 2012-01-27 21:02 -------- d-----w- c:\program files\ATI Technologies
2012-01-27 20:56 . 2012-01-27 20:56 -------- d-----w- c:\program files\CCleaner
2012-01-27 05:33 . 2012-01-27 05:33 -------- d-----w- c:\users\JOEMAMA\AppData\Local\SanctionedMedia
2012-01-24 23:59 . 2012-01-31 21:10 -------- d-----w- c:\program files (x86)\CRS
2012-01-24 23:32 . 2010-03-23 13:53 645632 ------w- c:\windows\system32\stapi64.dll
2012-01-24 23:30 . 2010-03-23 13:53 505344 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-01-24 23:30 . 2010-03-23 13:53 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-01-24 23:30 . 2010-03-23 13:53 1465344 ----a-w- c:\windows\system32\stapo64.dll
2012-01-24 23:30 . 2012-01-24 23:35 -------- d-----w- c:\program files\IDT
2012-01-24 00:59 . 2012-01-24 00:59 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-24 00:59 . 2012-01-24 00:59 -------- d-----w- c:\users\JOEMAMA\AppData\Local\PunkBuster
2012-01-23 18:58 . 2012-01-23 18:58 -------- d-----w- c:\program files (x86)\Activision
2012-01-22 04:01 . 2012-01-22 04:01 -------- d-----w- c:\users\JOEMAMA\AppData\Local\Chromium
2012-01-22 03:59 . 2009-03-16 20:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2012-01-22 03:58 . 2008-07-10 17:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-22 03:57 . 2007-06-21 02:49 409960 ----a-w- c:\windows\system32\xactengine2_8.dll
2012-01-21 20:35 . 2012-01-21 20:35 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-01-19 19:40 . 2012-01-19 19:40 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-13 22:16 . 2012-01-13 22:16 -------- d-----w- c:\users\JOEMAMA\.swt
2012-01-12 18:18 . 2012-01-22 03:24 -------- d-----w- C:\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 00:59 . 2011-06-05 03:36 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-16 04:55 . 2011-12-16 04:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-05-31 02:19 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 14:25 . 2011-04-04 15:31 1713152 ----a-w- c:\program files (x86)\Xpadder [5.7].exe
2007-06-13 18:21 . 2011-01-17 16:00 2095132 ----a-w- c:\program files (x86)\GLoarbLineClient.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-20 22:35 2675296 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-1-17 3272704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Sunbelt Software\VIPRE\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-04 121416]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-04 125512]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\HPCeeScheduleForJOEMAMA.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-02-05 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2010-11-10 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 20:25]
.
2012-02-05 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-10-25 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"combofix"="c:\combofix\CF29646.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-02-05 18:56:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 00:56
.
Pre-Run: 7,677,562,880 bytes free
Post-Run: 8,113,672,192 bytes free
.
- - End Of File - - 091AF9B081B4ABAAEE4535FDDCB591D9

#10 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 05 February 2012 - 08:07 PM

dds log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by JOEMAMA at 18:58:06 on 2012-02-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1668 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\052416E646A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\27564627F6F666 : DhcpNameServer = 10.1.0.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\64169627669656C6460275966496 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\D41434024416464697 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{FAA42CA5-33E4-4326-AB4A-B34E1C0D0815} : DhcpNameServer = 209.183.35.23 209.183.33.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun-x64: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2012-1-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-24 583640]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-1-17 278528]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-4 121416]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-4 125512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-06 00:48:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-03 02:56:21 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com
2012-02-03 02:56:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-03 02:56:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-03 02:46:12 691 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\GetValue.vbs
2012-02-03 02:46:12 35 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\SetValue.bat
2012-02-03 02:42:46 3174 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-02-03 02:41:59 87552 ----a-w- C:\Windows\SysWow64\VACFix.exe
2012-02-03 02:41:59 82944 ----a-w- C:\Windows\SysWow64\IEDFix.exe
2012-02-03 02:41:59 82944 ----a-w- C:\Windows\SysWow64\IEDFix.C.exe
2012-02-03 02:41:59 82432 ----a-w- C:\Windows\SysWow64\404Fix.exe
2012-02-03 02:41:59 80384 ----a-w- C:\Windows\SysWow64\o4Patch.exe
2012-02-03 02:41:59 78336 ----a-w- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
2012-02-03 02:41:59 75776 ----a-w- C:\Windows\SysWow64\WS2Fix.exe
2012-02-03 02:41:59 53248 ----a-w- C:\Windows\SysWow64\Process.exe
2012-02-03 02:41:59 51200 ----a-w- C:\Windows\SysWow64\dumphive.exe
2012-02-03 02:41:59 289144 ----a-w- C:\Windows\SysWow64\VCCLSID.exe
2012-02-03 02:41:59 288417 ----a-w- C:\Windows\SysWow64\SrchSTS.exe
2012-02-02 23:24:46 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\True Sword
2012-02-02 23:20:10 -------- d-----w- C:\Program Files (x86)\True Sword 5
2012-02-02 22:11:18 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\TestApp
2012-02-02 22:03:07 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\Curiolab
2012-02-02 21:58:24 -------- d-----w- C:\ProgramData\PC Tools
2012-02-02 18:09:00 -------- d-----w- C:\ProgramData\WeCareReminder
2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\MSSOAP
2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-02-02 17:11:35 -------- d-----w- C:\Program Files (x86)\Webroot
2012-01-28 04:55:40 -------- d-----w- C:\Program Files (x86)\JDownloader
2012-01-27 21:02:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-01-27 21:01:23 -------- d-----w- C:\Program Files\ATI Technologies
2012-01-27 20:56:47 -------- d-----w- C:\Program Files\CCleaner
2012-01-27 05:33:59 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\SanctionedMedia
2012-01-24 23:59:12 -------- d-----w- C:\Program Files (x86)\CRS
2012-01-24 23:32:40 645632 ------w- C:\Windows\System32\stapi64.dll
2012-01-24 23:30:57 505344 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-01-24 23:30:56 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-01-24 23:30:56 1465344 ----a-w- C:\Windows\System32\stapo64.dll
2012-01-24 23:30:45 -------- d-----w- C:\Program Files\IDT
2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-24 00:59:13 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\PunkBuster
2012-01-23 18:58:29 -------- d-----w- C:\Program Files (x86)\Activision
2012-01-22 04:01:26 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\Chromium
2012-01-22 03:59:57 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2012-01-22 03:58:57 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2012-01-22 03:57:58 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll
2012-01-21 20:35:07 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-01-19 19:40:39 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-13 22:16:42 -------- d-----w- C:\Users\JOEMAMA\.swt
2012-01-12 18:18:04 -------- d-----w- C:\Malwarebytes
.
==================== Find3M ====================
.
2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-16 04:55:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-03-20 14:25:22 1713152 ----a-w- C:\Program Files (x86)\Xpadder [5.7].exe
2007-06-13 18:21:26 2095132 ----a-w- C:\Program Files (x86)\GLoarbLineClient.exe
.
============= FINISH: 18:59:27.42 ===============

#11 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 07 February 2012 - 05:15 PM

I deleted the other user's post.
  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.
By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Open MBAM, click More Tools, click run File ASSASSIN by clicking Run Tool.
Select only this file from this location:
C:\Windows\svchost.exe

Reboot. Update MBAM, run a Quick Scan, and post its log.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 February 2012 - 05:40 PM

tdss killer log:
16:18:40.0157 2512 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
16:18:40.0610 2512 ============================================================
16:18:40.0610 2512 Current date / time: 2012/02/07 16:18:40.0610
16:18:40.0610 2512 SystemInfo:
16:18:40.0610 2512
16:18:40.0610 2512 OS Version: 6.1.7600 ServicePack: 0.0
16:18:40.0610 2512 Product type: Workstation
16:18:40.0610 2512 ComputerName: MARK
16:18:40.0610 2512 UserName: JOEMAMA
16:18:40.0610 2512 Windows directory: C:\Windows
16:18:40.0610 2512 System windows directory: C:\Windows
16:18:40.0610 2512 Running under WOW64
16:18:40.0610 2512 Processor architecture: Intel x64
16:18:40.0610 2512 Number of processors: 2
16:18:40.0610 2512 Page size: 0x1000
16:18:40.0610 2512 Boot type: Normal boot
16:18:40.0610 2512 ============================================================
16:18:43.0964 2512 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:18:43.0995 2512 \Device\Harddisk0\DR0:
16:18:43.0995 2512 MBR used
16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B6F4800
16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B758800, BlocksNum 0x1A39000
16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
16:18:44.0182 2512 Initialize success
16:18:44.0182 2512 ============================================================
16:18:45.0836 3096 ============================================================
16:18:45.0836 3096 Scan started
16:18:45.0836 3096 Mode: Manual;
16:18:45.0836 3096 ============================================================
16:18:49.0767 3096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:18:49.0814 3096 1394ohci - ok
16:18:49.0954 3096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:18:50.0001 3096 ACPI - ok
16:18:50.0141 3096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:18:50.0157 3096 AcpiPmi - ok
16:18:50.0313 3096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:18:50.0407 3096 adp94xx - ok
16:18:50.0563 3096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:18:50.0625 3096 adpahci - ok
16:18:50.0781 3096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:18:50.0812 3096 adpu320 - ok
16:18:50.0999 3096 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
16:18:51.0077 3096 AFD - ok
16:18:51.0280 3096 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
16:18:51.0374 3096 AgereSoftModem - ok
16:18:51.0530 3096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:18:51.0577 3096 agp440 - ok
16:18:51.0733 3096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:18:51.0748 3096 aliide - ok
16:18:51.0904 3096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:18:51.0935 3096 amdide - ok
16:18:52.0076 3096 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:18:52.0123 3096 amdiox64 - ok
16:18:52.0294 3096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:18:52.0325 3096 AmdK8 - ok
16:18:52.0435 3096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:18:52.0466 3096 AmdPPM - ok
16:18:52.0575 3096 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:18:52.0606 3096 amdsata - ok
16:18:52.0731 3096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:18:52.0747 3096 amdsbs - ok
16:18:52.0903 3096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:18:52.0918 3096 amdxata - ok
16:18:53.0074 3096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:18:53.0090 3096 AppID - ok
16:18:53.0261 3096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:18:53.0293 3096 arc - ok
16:18:53.0371 3096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:18:53.0371 3096 arcsas - ok
16:18:53.0480 3096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:18:53.0511 3096 AsyncMac - ok
16:18:53.0605 3096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:18:53.0605 3096 atapi - ok
16:18:53.0776 3096 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
16:18:53.0885 3096 athr - ok
16:18:54.0213 3096 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
16:18:54.0447 3096 atikmdag - ok
16:18:54.0634 3096 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:18:54.0665 3096 AtiPcie - ok
16:18:54.0868 3096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:18:54.0946 3096 b06bdrv - ok
16:18:55.0087 3096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:18:55.0133 3096 b57nd60a - ok
16:18:55.0321 3096 BCMH43XX (912e49ed3c14e00cb9613884a3b957d0) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
16:18:55.0461 3096 BCMH43XX - ok
16:18:55.0633 3096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:18:55.0679 3096 Beep - ok
16:18:56.0069 3096 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
16:18:56.0257 3096 BHDrvx64 - ok
16:18:56.0397 3096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:18:56.0428 3096 blbdrive - ok
16:18:56.0584 3096 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
16:18:56.0615 3096 bowser - ok
16:18:56.0725 3096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:18:56.0740 3096 BrFiltLo - ok
16:18:56.0787 3096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:18:56.0787 3096 BrFiltUp - ok
16:18:56.0896 3096 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:18:56.0927 3096 Bridge - ok
16:18:56.0974 3096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:18:56.0974 3096 BridgeMP - ok
16:18:57.0099 3096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:18:57.0161 3096 Brserid - ok
16:18:57.0302 3096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:18:57.0317 3096 BrSerWdm - ok
16:18:57.0473 3096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:18:57.0489 3096 BrUsbMdm - ok
16:18:57.0629 3096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:18:57.0676 3096 BrUsbSer - ok
16:18:57.0817 3096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:18:57.0848 3096 BTHMODEM - ok
16:18:57.0941 3096 catchme - ok
16:18:58.0082 3096 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
16:18:58.0191 3096 CBDisk - ok
16:18:58.0425 3096 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys
16:18:58.0503 3096 ccHP - ok
16:18:58.0612 3096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:18:58.0628 3096 cdfs - ok
16:18:58.0753 3096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:18:58.0799 3096 cdrom - ok
16:18:58.0940 3096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:18:58.0971 3096 circlass - ok
16:18:59.0096 3096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:18:59.0189 3096 CLFS - ok
16:18:59.0392 3096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:18:59.0408 3096 CmBatt - ok
16:18:59.0501 3096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:18:59.0517 3096 cmdide - ok
16:18:59.0642 3096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:18:59.0689 3096 CNG - ok
16:18:59.0845 3096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:18:59.0860 3096 Compbatt - ok
16:18:59.0985 3096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:19:00.0016 3096 CompositeBus - ok
16:19:00.0157 3096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:19:00.0172 3096 crcdisk - ok
16:19:00.0344 3096 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
16:19:00.0391 3096 DfsC - ok
16:19:00.0531 3096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:19:00.0562 3096 discache - ok
16:19:00.0703 3096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:19:00.0718 3096 Disk - ok
16:19:00.0905 3096 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:19:00.0921 3096 Dot4 - ok
16:19:01.0093 3096 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:19:01.0108 3096 Dot4Print - ok
16:19:01.0202 3096 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:19:01.0217 3096 dot4usb - ok
16:19:01.0295 3096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:19:01.0311 3096 drmkaud - ok
16:19:01.0451 3096 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:19:01.0514 3096 DXGKrnl - ok
16:19:01.0763 3096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:19:01.0951 3096 ebdrv - ok
16:19:02.0107 3096 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:19:02.0169 3096 eeCtrl - ok
16:19:02.0341 3096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:19:02.0403 3096 elxstor - ok
16:19:02.0590 3096 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:19:02.0621 3096 EraserUtilRebootDrv - ok
16:19:02.0746 3096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:19:02.0762 3096 ErrDev - ok
16:19:02.0887 3096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:19:02.0965 3096 exfat - ok
16:19:03.0027 3096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:19:03.0089 3096 fastfat - ok
16:19:03.0214 3096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:19:03.0214 3096 fdc - ok
16:19:03.0323 3096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:19:03.0355 3096 FileInfo - ok
16:19:03.0448 3096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:19:03.0448 3096 Filetrace - ok
16:19:03.0620 3096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:19:03.0651 3096 flpydisk - ok
16:19:03.0729 3096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:19:03.0745 3096 FltMgr - ok
16:19:03.0807 3096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:19:03.0823 3096 FsDepends - ok
16:19:03.0885 3096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:19:03.0947 3096 Fs_Rec - ok
16:19:04.0103 3096 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:19:04.0150 3096 fvevol - ok
16:19:04.0228 3096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:19:04.0306 3096 gagp30kx - ok
16:19:04.0493 3096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:19:04.0525 3096 GEARAspiWDM - ok
16:19:04.0587 3096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:19:04.0618 3096 hcw85cir - ok
16:19:04.0712 3096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:19:04.0743 3096 HdAudAddService - ok
16:19:04.0883 3096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:19:04.0915 3096 HDAudBus - ok
16:19:04.0977 3096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:19:05.0008 3096 HidBatt - ok
16:19:05.0071 3096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:19:05.0086 3096 HidBth - ok
16:19:05.0149 3096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:19:05.0164 3096 HidIr - ok
16:19:05.0320 3096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:19:05.0336 3096 HidUsb - ok
16:19:05.0539 3096 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:19:05.0554 3096 HpqKbFiltr - ok
16:19:05.0695 3096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:19:05.0695 3096 HpSAMD - ok
16:19:05.0788 3096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:19:05.0851 3096 HTTP - ok
16:19:05.0882 3096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:19:05.0913 3096 hwpolicy - ok
16:19:05.0975 3096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:19:06.0022 3096 i8042prt - ok
16:19:06.0178 3096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:19:06.0225 3096 iaStorV - ok
16:19:06.0443 3096 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120207.005\IDSvia64.sys
16:19:06.0443 3096 IDSVia64 - ok
16:19:06.0724 3096 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:19:06.0943 3096 igfx - ok
16:19:07.0052 3096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:19:07.0067 3096 iirsp - ok
16:19:07.0130 3096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:19:07.0145 3096 intelide - ok
16:19:07.0301 3096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:19:07.0301 3096 intelppm - ok
16:19:07.0379 3096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:19:07.0411 3096 IpFilterDriver - ok
16:19:07.0489 3096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:19:07.0504 3096 IPMIDRV - ok
16:19:07.0613 3096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:19:07.0660 3096 IPNAT - ok
16:19:07.0863 3096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:19:07.0879 3096 IRENUM - ok
16:19:07.0988 3096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:19:08.0003 3096 isapnp - ok
16:19:08.0081 3096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:19:08.0097 3096 iScsiPrt - ok
16:19:08.0237 3096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:19:08.0284 3096 kbdclass - ok
16:19:08.0393 3096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:19:08.0425 3096 kbdhid - ok
16:19:08.0487 3096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:19:08.0518 3096 KSecDD - ok
16:19:08.0596 3096 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:19:08.0627 3096 KSecPkg - ok
16:19:08.0752 3096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:19:08.0768 3096 ksthunk - ok
16:19:09.0002 3096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:19:09.0017 3096 lltdio - ok
16:19:09.0189 3096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:19:09.0220 3096 LSI_FC - ok
16:19:09.0298 3096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:19:09.0298 3096 LSI_SAS - ok
16:19:09.0454 3096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:19:09.0470 3096 LSI_SAS2 - ok
16:19:09.0595 3096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:19:09.0595 3096 LSI_SCSI - ok
16:19:09.0735 3096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:19:09.0766 3096 luafv - ok
16:19:10.0031 3096 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:19:10.0094 3096 MBAMProtector - ok
16:19:10.0343 3096 MDFSYSNT (72040607e6e4115c154d730219bafab3) C:\Windows\system32\drivers\MDFSYSNT.sys
16:19:10.0484 3096 MDFSYSNT - ok
16:19:10.0718 3096 MDPMGRNT (f2ef49c3e47bd3fb6ee71371e7eee0af) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
16:19:10.0811 3096 MDPMGRNT - ok
16:19:10.0905 3096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:19:10.0921 3096 megasas - ok
16:19:11.0030 3096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:19:11.0061 3096 MegaSR - ok
16:19:11.0217 3096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:19:11.0233 3096 Modem - ok
16:19:11.0357 3096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:19:11.0357 3096 monitor - ok
16:19:11.0467 3096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:19:11.0482 3096 mouclass - ok
16:19:11.0654 3096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:19:11.0669 3096 mouhid - ok
16:19:11.0794 3096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:19:11.0810 3096 mountmgr - ok
16:19:11.0857 3096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:19:11.0857 3096 mpio - ok
16:19:11.0919 3096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:19:11.0935 3096 mpsdrv - ok
16:19:11.0997 3096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:19:11.0997 3096 MRxDAV - ok
16:19:12.0075 3096 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:19:12.0122 3096 mrxsmb - ok
16:19:12.0169 3096 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:19:12.0184 3096 mrxsmb10 - ok
16:19:12.0231 3096 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:19:12.0247 3096 mrxsmb20 - ok
16:19:12.0293 3096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:19:12.0309 3096 msahci - ok
16:19:12.0356 3096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:19:12.0356 3096 msdsm - ok
16:19:12.0481 3096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:19:12.0543 3096 Msfs - ok
16:19:12.0621 3096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:19:12.0637 3096 mshidkmdf - ok
16:19:12.0699 3096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:19:12.0715 3096 msisadrv - ok
16:19:12.0855 3096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:19:12.0886 3096 MSKSSRV - ok
16:19:12.0949 3096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:19:12.0964 3096 MSPCLOCK - ok
16:19:12.0995 3096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:19:13.0011 3096 MSPQM - ok
16:19:13.0058 3096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:19:13.0151 3096 MsRPC - ok
16:19:13.0261 3096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:19:13.0276 3096 mssmbios - ok
16:19:13.0339 3096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:19:13.0354 3096 MSTEE - ok
16:19:13.0417 3096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:19:13.0417 3096 MTConfig - ok
16:19:13.0479 3096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:19:13.0495 3096 Mup - ok
16:19:13.0651 3096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:19:13.0744 3096 NativeWifiP - ok
16:19:13.0994 3096 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120207.005\ENG64.SYS
16:19:13.0994 3096 NAVENG - ok
16:19:14.0119 3096 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120207.005\EX64.SYS
16:19:14.0197 3096 NAVEX15 - ok
16:19:14.0368 3096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:19:14.0431 3096 NDIS - ok
16:19:14.0587 3096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:19:14.0602 3096 NdisCap - ok
16:19:14.0711 3096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:19:14.0711 3096 NdisTapi - ok
16:19:14.0821 3096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:19:14.0836 3096 Ndisuio - ok
16:19:14.0899 3096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:19:14.0899 3096 NdisWan - ok
16:19:14.0945 3096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:19:15.0023 3096 NDProxy - ok
16:19:15.0164 3096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:19:15.0195 3096 NetBIOS - ok
16:19:15.0289 3096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:19:15.0304 3096 NetBT - ok
16:19:15.0632 3096 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:19:15.0819 3096 netw5v64 - ok
16:19:15.0897 3096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:19:15.0928 3096 nfrd960 - ok
16:19:16.0053 3096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:19:16.0147 3096 Npfs - ok
16:19:16.0209 3096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:19:16.0225 3096 nsiproxy - ok
16:19:16.0349 3096 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:19:16.0443 3096 Ntfs - ok
16:19:16.0521 3096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:19:16.0552 3096 Null - ok
16:19:16.0693 3096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:19:16.0724 3096 nvraid - ok
16:19:16.0771 3096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:19:16.0771 3096 nvstor - ok
16:19:16.0927 3096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:19:16.0942 3096 nv_agp - ok
16:19:17.0020 3096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:19:17.0036 3096 ohci1394 - ok
16:19:17.0129 3096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:19:17.0176 3096 Parport - ok
16:19:17.0239 3096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:19:17.0270 3096 partmgr - ok
16:19:17.0379 3096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:19:17.0395 3096 pci - ok
16:19:17.0441 3096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:19:17.0457 3096 pciide - ok
16:19:17.0566 3096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:19:17.0582 3096 pcmcia - ok
16:19:17.0707 3096 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
16:19:17.0785 3096 PCTINDIS5X64 - ok
16:19:17.0941 3096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:19:17.0972 3096 pcw - ok
16:19:18.0081 3096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:19:18.0128 3096 PEAUTH - ok
16:19:18.0393 3096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:19:18.0424 3096 PptpMiniport - ok
16:19:18.0487 3096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:19:18.0487 3096 Processor - ok
16:19:18.0643 3096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:19:18.0674 3096 Psched - ok
16:19:18.0892 3096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:19:18.0970 3096 ql2300 - ok
16:19:19.0033 3096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:19:19.0064 3096 ql40xx - ok
16:19:19.0173 3096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:19:19.0189 3096 QWAVEdrv - ok
16:19:19.0251 3096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:19:19.0251 3096 RasAcd - ok
16:19:19.0407 3096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:19:19.0438 3096 RasAgileVpn - ok
16:19:19.0594 3096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:19:19.0610 3096 Rasl2tp - ok
16:19:19.0766 3096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:19:19.0781 3096 RasPppoe - ok
16:19:19.0922 3096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:19:19.0953 3096 RasSstp - ok
16:19:20.0047 3096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:19:20.0062 3096 rdbss - ok
16:19:20.0109 3096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:19:20.0140 3096 rdpbus - ok
16:19:20.0234 3096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:19:20.0249 3096 RDPCDD - ok
16:19:20.0390 3096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:19:20.0421 3096 RDPENCDD - ok
16:19:20.0530 3096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:19:20.0561 3096 RDPREFMP - ok
16:19:20.0624 3096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:19:20.0686 3096 RDPWD - ok
16:19:20.0842 3096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:19:20.0858 3096 rdyboost - ok
16:19:21.0045 3096 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:19:21.0076 3096 RimVSerPort - ok
16:19:21.0185 3096 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:19:21.0217 3096 ROOTMODEM - ok
16:19:21.0388 3096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:19:21.0419 3096 rspndr - ok
16:19:21.0544 3096 RSUSBSTOR - ok
16:19:21.0653 3096 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:19:21.0685 3096 RTL8167 - ok
16:19:21.0809 3096 RtsUIR - ok
16:19:21.0965 3096 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:19:22.0059 3096 SASDIFSV - ok
16:19:22.0153 3096 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:19:22.0262 3096 SASKUTIL - ok
16:19:22.0355 3096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:19:22.0387 3096 sbp2port - ok
16:19:22.0449 3096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:19:22.0465 3096 scfilter - ok
16:19:22.0589 3096 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
16:19:22.0621 3096 SCMNdisP - ok
16:19:22.0777 3096 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
16:19:22.0808 3096 sdbus - ok
16:19:22.0948 3096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:19:22.0995 3096 secdrv - ok
16:19:23.0073 3096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:19:23.0089 3096 Serenum - ok
16:19:23.0198 3096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:19:23.0229 3096 Serial - ok
16:19:23.0323 3096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:19:23.0354 3096 sermouse - ok
16:19:23.0479 3096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:19:23.0510 3096 sffdisk - ok
16:19:23.0557 3096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:19:23.0572 3096 sffp_mmc - ok
16:19:23.0603 3096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:19:23.0619 3096 sffp_sd - ok
16:19:23.0666 3096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:19:23.0666 3096 sfloppy - ok
16:19:23.0837 3096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:19:23.0853 3096 SiSRaid2 - ok
16:19:23.0900 3096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:19:23.0962 3096 SiSRaid4 - ok
16:19:24.0103 3096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:19:24.0134 3096 Smb - ok
16:19:24.0290 3096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:19:24.0368 3096 spldr - ok
16:19:24.0524 3096 sptd - ok
16:19:24.0649 3096 SQTECH905C (48bbd9e78a55efeba0efadc4175026ae) C:\Windows\system32\Drivers\Capt905c.sys
16:19:24.0727 3096 SQTECH905C - ok
16:19:24.0945 3096 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NAVx64\1107000.00C\SRTSP64.SYS
16:19:25.0007 3096 SRTSP - ok
16:19:25.0195 3096 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NAVx64\1108000.005\SRTSPX64.SYS
16:19:25.0226 3096 SRTSPX - ok
16:19:25.0351 3096 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
16:19:25.0413 3096 srv - ok
16:19:25.0507 3096 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
16:19:25.0553 3096 srv2 - ok
16:19:25.0709 3096 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:19:25.0756 3096 SrvHsfHDA - ok
16:19:25.0865 3096 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:19:25.0975 3096 SrvHsfV92 - ok
16:19:26.0084 3096 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:19:26.0146 3096 SrvHsfWinac - ok
16:19:26.0302 3096 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
16:19:26.0349 3096 srvnet - ok
16:19:26.0536 3096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:19:26.0583 3096 stexstor - ok
16:19:26.0755 3096 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
16:19:26.0801 3096 STHDA - ok
16:19:26.0973 3096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:19:26.0989 3096 swenum - ok
16:19:27.0067 3096 swmsflt (c03779ec476f8f30a9cfcde046ba6b28) C:\Windows\system32\DRIVERS\swmsflt.sys
16:19:27.0098 3096 swmsflt - ok
16:19:27.0238 3096 SWNC8UA3 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8ua3.sys
16:19:27.0254 3096 SWNC8UA3 - ok
16:19:27.0441 3096 SWUMXA3 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumxa3.sys
16:19:27.0457 3096 SWUMXA3 - ok
16:19:27.0691 3096 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS
16:19:27.0738 3096 SymDS - ok
16:19:27.0940 3096 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS
16:19:27.0987 3096 SymEFA - ok
16:19:28.0159 3096 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:19:28.0190 3096 SymEvent - ok
16:19:28.0408 3096 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS
16:19:28.0440 3096 SymIRON - ok
16:19:28.0611 3096 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NAVx64\1107000.00C\SYMTDIV.SYS
16:19:28.0674 3096 SYMTDIv - ok
16:19:28.0830 3096 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
16:19:28.0908 3096 SynTP - ok
16:19:29.0173 3096 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
16:19:29.0282 3096 Tcpip - ok
16:19:29.0500 3096 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
16:19:29.0516 3096 TCPIP6 - ok
16:19:29.0578 3096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:19:29.0594 3096 tcpipreg - ok
16:19:29.0703 3096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:19:29.0719 3096 TDPIPE - ok
16:19:29.0781 3096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:19:29.0797 3096 TDTCP - ok
16:19:29.0922 3096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:19:29.0937 3096 tdx - ok
16:19:30.0000 3096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:19:30.0015 3096 TermDD - ok
16:19:30.0109 3096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:19:30.0140 3096 tssecsrv - ok
16:19:30.0280 3096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:19:30.0296 3096 tunnel - ok
16:19:30.0358 3096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:19:30.0358 3096 uagp35 - ok
16:19:30.0436 3096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:19:30.0468 3096 udfs - ok
16:19:30.0624 3096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:19:30.0670 3096 uliagpkx - ok
16:19:30.0826 3096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:19:30.0858 3096 umbus - ok
16:19:31.0014 3096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:19:31.0029 3096 UmPass - ok
16:19:31.0185 3096 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
16:19:31.0216 3096 USBAAPL64 - ok
16:19:31.0372 3096 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:19:31.0404 3096 usbaudio - ok
16:19:31.0482 3096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:19:31.0482 3096 usbccgp - ok
16:19:31.0513 3096 USBCCID - ok
16:19:31.0622 3096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:19:31.0638 3096 usbcir - ok
16:19:31.0700 3096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:19:31.0716 3096 usbehci - ok
16:19:31.0872 3096 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
16:19:31.0903 3096 usbfilter - ok
16:19:32.0043 3096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:19:32.0074 3096 usbhub - ok
16:19:32.0152 3096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:19:32.0184 3096 usbohci - ok
16:19:32.0308 3096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:19:32.0324 3096 usbprint - ok
16:19:32.0449 3096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:19:32.0496 3096 usbscan - ok
16:19:32.0605 3096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:19:32.0636 3096 USBSTOR - ok
16:19:32.0698 3096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:19:32.0698 3096 usbuhci - ok
16:19:32.0854 3096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:19:32.0886 3096 vdrvroot - ok
16:19:33.0010 3096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:19:33.0026 3096 vga - ok
16:19:33.0104 3096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:19:33.0104 3096 VgaSave - ok
16:19:33.0151 3096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:19:33.0166 3096 vhdmp - ok
16:19:33.0213 3096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:19:33.0244 3096 viaide - ok
16:19:33.0400 3096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:19:33.0478 3096 volmgr - ok
16:19:33.0728 3096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:19:33.0775 3096 volmgrx - ok
16:19:33.0884 3096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:19:33.0915 3096 volsnap - ok
16:19:33.0993 3096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:19:34.0024 3096 vsmraid - ok
16:19:34.0134 3096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:19:34.0134 3096 vwifibus - ok
16:19:34.0243 3096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:19:34.0274 3096 vwififlt - ok
16:19:34.0321 3096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:19:34.0352 3096 vwifimp - ok
16:19:34.0524 3096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:19:34.0539 3096 WacomPen - ok
16:19:34.0633 3096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:19:34.0664 3096 WANARP - ok
16:19:34.0680 3096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:19:34.0680 3096 Wanarpv6 - ok
16:19:34.0836 3096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:19:34.0867 3096 Wd - ok
16:19:35.0007 3096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:19:35.0070 3096 Wdf01000 - ok
16:19:35.0226 3096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:19:35.0241 3096 WfpLwf - ok
16:19:35.0350 3096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:19:35.0366 3096 WIMMount - ok
16:19:35.0584 3096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:19:35.0631 3096 WinUsb - ok
16:19:35.0740 3096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:19:35.0787 3096 WmiAcpi - ok
16:19:35.0881 3096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:19:35.0912 3096 ws2ifsl - ok
16:19:36.0037 3096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:19:36.0068 3096 WudfPf - ok
16:19:36.0193 3096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:19:36.0240 3096 WUDFRd - ok
16:19:36.0411 3096 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:19:36.0458 3096 xusb21 - ok
16:19:36.0614 3096 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:19:36.0661 3096 yukonw7 - ok
16:19:36.0739 3096 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
16:19:36.0786 3096 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:19:36.0786 3096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:19:36.0848 3096 Boot (0x1200) (02f3967c95fe5422b15dffb611c7b246) \Device\Harddisk0\DR0\Partition0
16:19:36.0848 3096 \Device\Harddisk0\DR0\Partition0 - ok
16:19:36.0864 3096 Boot (0x1200) (c97532cf961d36c1932d952638079a96) \Device\Harddisk0\DR0\Partition1
16:19:36.0864 3096 \Device\Harddisk0\DR0\Partition1 - ok
16:19:36.0895 3096 Boot (0x1200) (9a567292078e67a347c8001618efe52a) \Device\Harddisk0\DR0\Partition2
16:19:36.0910 3096 \Device\Harddisk0\DR0\Partition2 - ok
16:19:36.0926 3096 Boot (0x1200) (c26d0bf731b274e23d80370353a8d471) \Device\Harddisk0\DR0\Partition3
16:19:36.0926 3096 \Device\Harddisk0\DR0\Partition3 - ok
16:19:36.0926 3096 ============================================================
16:19:36.0926 3096 Scan finished
16:19:36.0926 3096 ============================================================
16:19:36.0957 4816 Detected object count: 1
16:19:36.0957 4816 Actual detected object count: 1
16:20:14.0320 4816 \Device\Harddisk0\DR0\# - copied to quarantine
16:20:14.0320 4816 \Device\Harddisk0\DR0 - copied to quarantine
16:20:14.0429 4816 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:20:14.0445 4816 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:20:14.0507 4816 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:20:14.0507 4816 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:20:14.0539 4816 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:20:14.0585 4816 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:20:15.0865 4816 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:20:15.0927 4816 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:20:15.0943 4816 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:20:15.0958 4816 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:20:16.0052 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:20:16.0067 4816 \Device\Harddisk0\DR0 - ok
16:20:16.0301 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:20:25.0100 6084 Deinitialize success

#13 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 February 2012 - 05:42 PM

mbam log:
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
JOEMAMA :: MARK [administrator]

Protection: Enabled

2/7/2012 4:30:38 PM
mbam-log-2012-02-07 (16-30-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196530
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 February 2012 - 05:43 PM

It looks like it is gone! I am going to run a full scan and see but omg I am so happy!!! Thanks a ton screen.

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 14 February 2012 - 04:21 PM

Hi,

My apologies for the delay.

Great news!

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Next, download my Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 mmezzetta

mmezzetta

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 February 2012 - 11:29 PM

eset log:

C:\Norton AntiVirus 2010 v17.0.0.136\Norton TrialReset 2010 v2.9.6 (BOX! - May 2010)\NTR2010-v2.9.6.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0006.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\JOEMAMA\Desktop\Stuff\PC Games\Rome Total War\Apps\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined
C:\Windows\System32\Process.exe Win32/PrcView application cleaned by deleting - quarantined





security check log:

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 25
Java version out of date!
Adobe Flash Player 10.2.159.1 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#17 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 16 February 2012 - 05:14 PM

Hi,

Are you using a Norton crack?? There are excellent free security programs. There is absolutely no reason to need to used a cracked and potentially dangerous version of one.

Please see:

HijackThis Forum Policy


We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as FrostWire or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.



It's likely why your issue began in the first place.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 23 February 2012 - 04:46 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 March 2012 - 03:55 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users