Jump to content

mmezzetta

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. eset log: C:\Norton AntiVirus 2010 v17.0.0.136\Norton TrialReset 2010 v2.9.6 (BOX! - May 2010)\NTR2010-v2.9.6.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0006.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.02.2012_16.18.40\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application deleted - quarantined C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application deleted - quarantined C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application deleted - quarantined C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application deleted - quarantined C:\Users\JOEMAMA\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe Win32/OpenCandy application deleted - quarantined C:\Users\JOEMAMA\Desktop\Stuff\PC Games\Rome Total War\Apps\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined C:\Windows\System32\Process.exe Win32/PrcView application cleaned by deleting - quarantined security check log: Results of screen317's Security Check version 0.99.31 Windows 7 x64 (UAC is disabled!) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Norton AntiVirus McAfee Security Scan Plus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 25 Java version out of date! Adobe Flash Player 10.2.159.1 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (9.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````
  2. It looks like it is gone! I am going to run a full scan and see but omg I am so happy!!! Thanks a ton screen.
  3. mbam log: Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.07.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 JOEMAMA :: MARK [administrator] Protection: Enabled 2/7/2012 4:30:38 PM mbam-log-2012-02-07 (16-30-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196530 Time elapsed: 9 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. tdss killer log: 16:18:40.0157 2512 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46 16:18:40.0610 2512 ============================================================ 16:18:40.0610 2512 Current date / time: 2012/02/07 16:18:40.0610 16:18:40.0610 2512 SystemInfo: 16:18:40.0610 2512 16:18:40.0610 2512 OS Version: 6.1.7600 ServicePack: 0.0 16:18:40.0610 2512 Product type: Workstation 16:18:40.0610 2512 ComputerName: MARK 16:18:40.0610 2512 UserName: JOEMAMA 16:18:40.0610 2512 Windows directory: C:\Windows 16:18:40.0610 2512 System windows directory: C:\Windows 16:18:40.0610 2512 Running under WOW64 16:18:40.0610 2512 Processor architecture: Intel x64 16:18:40.0610 2512 Number of processors: 2 16:18:40.0610 2512 Page size: 0x1000 16:18:40.0610 2512 Boot type: Normal boot 16:18:40.0610 2512 ============================================================ 16:18:43.0964 2512 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:18:43.0995 2512 \Device\Harddisk0\DR0: 16:18:43.0995 2512 MBR used 16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B6F4800 16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B758800, BlocksNum 0x1A39000 16:18:43.0995 2512 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970 16:18:44.0182 2512 Initialize success 16:18:44.0182 2512 ============================================================ 16:18:45.0836 3096 ============================================================ 16:18:45.0836 3096 Scan started 16:18:45.0836 3096 Mode: Manual; 16:18:45.0836 3096 ============================================================ 16:18:49.0767 3096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 16:18:49.0814 3096 1394ohci - ok 16:18:49.0954 3096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 16:18:50.0001 3096 ACPI - ok 16:18:50.0141 3096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 16:18:50.0157 3096 AcpiPmi - ok 16:18:50.0313 3096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:18:50.0407 3096 adp94xx - ok 16:18:50.0563 3096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:18:50.0625 3096 adpahci - ok 16:18:50.0781 3096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:18:50.0812 3096 adpu320 - ok 16:18:50.0999 3096 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 16:18:51.0077 3096 AFD - ok 16:18:51.0280 3096 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys 16:18:51.0374 3096 AgereSoftModem - ok 16:18:51.0530 3096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 16:18:51.0577 3096 agp440 - ok 16:18:51.0733 3096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 16:18:51.0748 3096 aliide - ok 16:18:51.0904 3096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 16:18:51.0935 3096 amdide - ok 16:18:52.0076 3096 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 16:18:52.0123 3096 amdiox64 - ok 16:18:52.0294 3096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:18:52.0325 3096 AmdK8 - ok 16:18:52.0435 3096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:18:52.0466 3096 AmdPPM - ok 16:18:52.0575 3096 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 16:18:52.0606 3096 amdsata - ok 16:18:52.0731 3096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:18:52.0747 3096 amdsbs - ok 16:18:52.0903 3096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 16:18:52.0918 3096 amdxata - ok 16:18:53.0074 3096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 16:18:53.0090 3096 AppID - ok 16:18:53.0261 3096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:18:53.0293 3096 arc - ok 16:18:53.0371 3096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:18:53.0371 3096 arcsas - ok 16:18:53.0480 3096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:18:53.0511 3096 AsyncMac - ok 16:18:53.0605 3096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 16:18:53.0605 3096 atapi - ok 16:18:53.0776 3096 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 16:18:53.0885 3096 athr - ok 16:18:54.0213 3096 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys 16:18:54.0447 3096 atikmdag - ok 16:18:54.0634 3096 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 16:18:54.0665 3096 AtiPcie - ok 16:18:54.0868 3096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:18:54.0946 3096 b06bdrv - ok 16:18:55.0087 3096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:18:55.0133 3096 b57nd60a - ok 16:18:55.0321 3096 BCMH43XX (912e49ed3c14e00cb9613884a3b957d0) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys 16:18:55.0461 3096 BCMH43XX - ok 16:18:55.0633 3096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:18:55.0679 3096 Beep - ok 16:18:56.0069 3096 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120121.002\BHDrvx64.sys 16:18:56.0257 3096 BHDrvx64 - ok 16:18:56.0397 3096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:18:56.0428 3096 blbdrive - ok 16:18:56.0584 3096 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 16:18:56.0615 3096 bowser - ok 16:18:56.0725 3096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:18:56.0740 3096 BrFiltLo - ok 16:18:56.0787 3096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:18:56.0787 3096 BrFiltUp - ok 16:18:56.0896 3096 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 16:18:56.0927 3096 Bridge - ok 16:18:56.0974 3096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 16:18:56.0974 3096 BridgeMP - ok 16:18:57.0099 3096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:18:57.0161 3096 Brserid - ok 16:18:57.0302 3096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:18:57.0317 3096 BrSerWdm - ok 16:18:57.0473 3096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:18:57.0489 3096 BrUsbMdm - ok 16:18:57.0629 3096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:18:57.0676 3096 BrUsbSer - ok 16:18:57.0817 3096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:18:57.0848 3096 BTHMODEM - ok 16:18:57.0941 3096 catchme - ok 16:18:58.0082 3096 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys 16:18:58.0191 3096 CBDisk - ok 16:18:58.0425 3096 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys 16:18:58.0503 3096 ccHP - ok 16:18:58.0612 3096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:18:58.0628 3096 cdfs - ok 16:18:58.0753 3096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 16:18:58.0799 3096 cdrom - ok 16:18:58.0940 3096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:18:58.0971 3096 circlass - ok 16:18:59.0096 3096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:18:59.0189 3096 CLFS - ok 16:18:59.0392 3096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:18:59.0408 3096 CmBatt - ok 16:18:59.0501 3096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 16:18:59.0517 3096 cmdide - ok 16:18:59.0642 3096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 16:18:59.0689 3096 CNG - ok 16:18:59.0845 3096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:18:59.0860 3096 Compbatt - ok 16:18:59.0985 3096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:19:00.0016 3096 CompositeBus - ok 16:19:00.0157 3096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:19:00.0172 3096 crcdisk - ok 16:19:00.0344 3096 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 16:19:00.0391 3096 DfsC - ok 16:19:00.0531 3096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:19:00.0562 3096 discache - ok 16:19:00.0703 3096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:19:00.0718 3096 Disk - ok 16:19:00.0905 3096 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 16:19:00.0921 3096 Dot4 - ok 16:19:01.0093 3096 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:19:01.0108 3096 Dot4Print - ok 16:19:01.0202 3096 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 16:19:01.0217 3096 dot4usb - ok 16:19:01.0295 3096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:19:01.0311 3096 drmkaud - ok 16:19:01.0451 3096 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 16:19:01.0514 3096 DXGKrnl - ok 16:19:01.0763 3096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:19:01.0951 3096 ebdrv - ok 16:19:02.0107 3096 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 16:19:02.0169 3096 eeCtrl - ok 16:19:02.0341 3096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:19:02.0403 3096 elxstor - ok 16:19:02.0590 3096 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 16:19:02.0621 3096 EraserUtilRebootDrv - ok 16:19:02.0746 3096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 16:19:02.0762 3096 ErrDev - ok 16:19:02.0887 3096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:19:02.0965 3096 exfat - ok 16:19:03.0027 3096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:19:03.0089 3096 fastfat - ok 16:19:03.0214 3096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:19:03.0214 3096 fdc - ok 16:19:03.0323 3096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:19:03.0355 3096 FileInfo - ok 16:19:03.0448 3096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:19:03.0448 3096 Filetrace - ok 16:19:03.0620 3096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:19:03.0651 3096 flpydisk - ok 16:19:03.0729 3096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 16:19:03.0745 3096 FltMgr - ok 16:19:03.0807 3096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:19:03.0823 3096 FsDepends - ok 16:19:03.0885 3096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:19:03.0947 3096 Fs_Rec - ok 16:19:04.0103 3096 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:19:04.0150 3096 fvevol - ok 16:19:04.0228 3096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:19:04.0306 3096 gagp30kx - ok 16:19:04.0493 3096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:19:04.0525 3096 GEARAspiWDM - ok 16:19:04.0587 3096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:19:04.0618 3096 hcw85cir - ok 16:19:04.0712 3096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 16:19:04.0743 3096 HdAudAddService - ok 16:19:04.0883 3096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:19:04.0915 3096 HDAudBus - ok 16:19:04.0977 3096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:19:05.0008 3096 HidBatt - ok 16:19:05.0071 3096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:19:05.0086 3096 HidBth - ok 16:19:05.0149 3096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:19:05.0164 3096 HidIr - ok 16:19:05.0320 3096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 16:19:05.0336 3096 HidUsb - ok 16:19:05.0539 3096 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 16:19:05.0554 3096 HpqKbFiltr - ok 16:19:05.0695 3096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 16:19:05.0695 3096 HpSAMD - ok 16:19:05.0788 3096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 16:19:05.0851 3096 HTTP - ok 16:19:05.0882 3096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 16:19:05.0913 3096 hwpolicy - ok 16:19:05.0975 3096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 16:19:06.0022 3096 i8042prt - ok 16:19:06.0178 3096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 16:19:06.0225 3096 iaStorV - ok 16:19:06.0443 3096 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120207.005\IDSvia64.sys 16:19:06.0443 3096 IDSVia64 - ok 16:19:06.0724 3096 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:19:06.0943 3096 igfx - ok 16:19:07.0052 3096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:19:07.0067 3096 iirsp - ok 16:19:07.0130 3096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 16:19:07.0145 3096 intelide - ok 16:19:07.0301 3096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:19:07.0301 3096 intelppm - ok 16:19:07.0379 3096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:19:07.0411 3096 IpFilterDriver - ok 16:19:07.0489 3096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 16:19:07.0504 3096 IPMIDRV - ok 16:19:07.0613 3096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:19:07.0660 3096 IPNAT - ok 16:19:07.0863 3096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:19:07.0879 3096 IRENUM - ok 16:19:07.0988 3096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 16:19:08.0003 3096 isapnp - ok 16:19:08.0081 3096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 16:19:08.0097 3096 iScsiPrt - ok 16:19:08.0237 3096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:19:08.0284 3096 kbdclass - ok 16:19:08.0393 3096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 16:19:08.0425 3096 kbdhid - ok 16:19:08.0487 3096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 16:19:08.0518 3096 KSecDD - ok 16:19:08.0596 3096 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 16:19:08.0627 3096 KSecPkg - ok 16:19:08.0752 3096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:19:08.0768 3096 ksthunk - ok 16:19:09.0002 3096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:19:09.0017 3096 lltdio - ok 16:19:09.0189 3096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:19:09.0220 3096 LSI_FC - ok 16:19:09.0298 3096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:19:09.0298 3096 LSI_SAS - ok 16:19:09.0454 3096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:19:09.0470 3096 LSI_SAS2 - ok 16:19:09.0595 3096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:19:09.0595 3096 LSI_SCSI - ok 16:19:09.0735 3096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:19:09.0766 3096 luafv - ok 16:19:10.0031 3096 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 16:19:10.0094 3096 MBAMProtector - ok 16:19:10.0343 3096 MDFSYSNT (72040607e6e4115c154d730219bafab3) C:\Windows\system32\drivers\MDFSYSNT.sys 16:19:10.0484 3096 MDFSYSNT - ok 16:19:10.0718 3096 MDPMGRNT (f2ef49c3e47bd3fb6ee71371e7eee0af) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS 16:19:10.0811 3096 MDPMGRNT - ok 16:19:10.0905 3096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:19:10.0921 3096 megasas - ok 16:19:11.0030 3096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:19:11.0061 3096 MegaSR - ok 16:19:11.0217 3096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:19:11.0233 3096 Modem - ok 16:19:11.0357 3096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:19:11.0357 3096 monitor - ok 16:19:11.0467 3096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:19:11.0482 3096 mouclass - ok 16:19:11.0654 3096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:19:11.0669 3096 mouhid - ok 16:19:11.0794 3096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 16:19:11.0810 3096 mountmgr - ok 16:19:11.0857 3096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 16:19:11.0857 3096 mpio - ok 16:19:11.0919 3096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:19:11.0935 3096 mpsdrv - ok 16:19:11.0997 3096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 16:19:11.0997 3096 MRxDAV - ok 16:19:12.0075 3096 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:19:12.0122 3096 mrxsmb - ok 16:19:12.0169 3096 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:19:12.0184 3096 mrxsmb10 - ok 16:19:12.0231 3096 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:19:12.0247 3096 mrxsmb20 - ok 16:19:12.0293 3096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 16:19:12.0309 3096 msahci - ok 16:19:12.0356 3096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 16:19:12.0356 3096 msdsm - ok 16:19:12.0481 3096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:19:12.0543 3096 Msfs - ok 16:19:12.0621 3096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:19:12.0637 3096 mshidkmdf - ok 16:19:12.0699 3096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 16:19:12.0715 3096 msisadrv - ok 16:19:12.0855 3096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:19:12.0886 3096 MSKSSRV - ok 16:19:12.0949 3096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:19:12.0964 3096 MSPCLOCK - ok 16:19:12.0995 3096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:19:13.0011 3096 MSPQM - ok 16:19:13.0058 3096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 16:19:13.0151 3096 MsRPC - ok 16:19:13.0261 3096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:19:13.0276 3096 mssmbios - ok 16:19:13.0339 3096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:19:13.0354 3096 MSTEE - ok 16:19:13.0417 3096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:19:13.0417 3096 MTConfig - ok 16:19:13.0479 3096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:19:13.0495 3096 Mup - ok 16:19:13.0651 3096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:19:13.0744 3096 NativeWifiP - ok 16:19:13.0994 3096 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120207.005\ENG64.SYS 16:19:13.0994 3096 NAVENG - ok 16:19:14.0119 3096 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120207.005\EX64.SYS 16:19:14.0197 3096 NAVEX15 - ok 16:19:14.0368 3096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 16:19:14.0431 3096 NDIS - ok 16:19:14.0587 3096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:19:14.0602 3096 NdisCap - ok 16:19:14.0711 3096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:19:14.0711 3096 NdisTapi - ok 16:19:14.0821 3096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 16:19:14.0836 3096 Ndisuio - ok 16:19:14.0899 3096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:19:14.0899 3096 NdisWan - ok 16:19:14.0945 3096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 16:19:15.0023 3096 NDProxy - ok 16:19:15.0164 3096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:19:15.0195 3096 NetBIOS - ok 16:19:15.0289 3096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 16:19:15.0304 3096 NetBT - ok 16:19:15.0632 3096 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 16:19:15.0819 3096 netw5v64 - ok 16:19:15.0897 3096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:19:15.0928 3096 nfrd960 - ok 16:19:16.0053 3096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:19:16.0147 3096 Npfs - ok 16:19:16.0209 3096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:19:16.0225 3096 nsiproxy - ok 16:19:16.0349 3096 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 16:19:16.0443 3096 Ntfs - ok 16:19:16.0521 3096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:19:16.0552 3096 Null - ok 16:19:16.0693 3096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 16:19:16.0724 3096 nvraid - ok 16:19:16.0771 3096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 16:19:16.0771 3096 nvstor - ok 16:19:16.0927 3096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 16:19:16.0942 3096 nv_agp - ok 16:19:17.0020 3096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 16:19:17.0036 3096 ohci1394 - ok 16:19:17.0129 3096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:19:17.0176 3096 Parport - ok 16:19:17.0239 3096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 16:19:17.0270 3096 partmgr - ok 16:19:17.0379 3096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 16:19:17.0395 3096 pci - ok 16:19:17.0441 3096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 16:19:17.0457 3096 pciide - ok 16:19:17.0566 3096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:19:17.0582 3096 pcmcia - ok 16:19:17.0707 3096 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS 16:19:17.0785 3096 PCTINDIS5X64 - ok 16:19:17.0941 3096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:19:17.0972 3096 pcw - ok 16:19:18.0081 3096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:19:18.0128 3096 PEAUTH - ok 16:19:18.0393 3096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 16:19:18.0424 3096 PptpMiniport - ok 16:19:18.0487 3096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:19:18.0487 3096 Processor - ok 16:19:18.0643 3096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 16:19:18.0674 3096 Psched - ok 16:19:18.0892 3096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:19:18.0970 3096 ql2300 - ok 16:19:19.0033 3096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:19:19.0064 3096 ql40xx - ok 16:19:19.0173 3096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:19:19.0189 3096 QWAVEdrv - ok 16:19:19.0251 3096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:19:19.0251 3096 RasAcd - ok 16:19:19.0407 3096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:19:19.0438 3096 RasAgileVpn - ok 16:19:19.0594 3096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:19:19.0610 3096 Rasl2tp - ok 16:19:19.0766 3096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:19:19.0781 3096 RasPppoe - ok 16:19:19.0922 3096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:19:19.0953 3096 RasSstp - ok 16:19:20.0047 3096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 16:19:20.0062 3096 rdbss - ok 16:19:20.0109 3096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:19:20.0140 3096 rdpbus - ok 16:19:20.0234 3096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:19:20.0249 3096 RDPCDD - ok 16:19:20.0390 3096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:19:20.0421 3096 RDPENCDD - ok 16:19:20.0530 3096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:19:20.0561 3096 RDPREFMP - ok 16:19:20.0624 3096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 16:19:20.0686 3096 RDPWD - ok 16:19:20.0842 3096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 16:19:20.0858 3096 rdyboost - ok 16:19:21.0045 3096 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 16:19:21.0076 3096 RimVSerPort - ok 16:19:21.0185 3096 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 16:19:21.0217 3096 ROOTMODEM - ok 16:19:21.0388 3096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:19:21.0419 3096 rspndr - ok 16:19:21.0544 3096 RSUSBSTOR - ok 16:19:21.0653 3096 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 16:19:21.0685 3096 RTL8167 - ok 16:19:21.0809 3096 RtsUIR - ok 16:19:21.0965 3096 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 16:19:22.0059 3096 SASDIFSV - ok 16:19:22.0153 3096 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 16:19:22.0262 3096 SASKUTIL - ok 16:19:22.0355 3096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 16:19:22.0387 3096 sbp2port - ok 16:19:22.0449 3096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 16:19:22.0465 3096 scfilter - ok 16:19:22.0589 3096 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys 16:19:22.0621 3096 SCMNdisP - ok 16:19:22.0777 3096 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 16:19:22.0808 3096 sdbus - ok 16:19:22.0948 3096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:19:22.0995 3096 secdrv - ok 16:19:23.0073 3096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:19:23.0089 3096 Serenum - ok 16:19:23.0198 3096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:19:23.0229 3096 Serial - ok 16:19:23.0323 3096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:19:23.0354 3096 sermouse - ok 16:19:23.0479 3096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 16:19:23.0510 3096 sffdisk - ok 16:19:23.0557 3096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 16:19:23.0572 3096 sffp_mmc - ok 16:19:23.0603 3096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 16:19:23.0619 3096 sffp_sd - ok 16:19:23.0666 3096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:19:23.0666 3096 sfloppy - ok 16:19:23.0837 3096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:19:23.0853 3096 SiSRaid2 - ok 16:19:23.0900 3096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:19:23.0962 3096 SiSRaid4 - ok 16:19:24.0103 3096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:19:24.0134 3096 Smb - ok 16:19:24.0290 3096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:19:24.0368 3096 spldr - ok 16:19:24.0524 3096 sptd - ok 16:19:24.0649 3096 SQTECH905C (48bbd9e78a55efeba0efadc4175026ae) C:\Windows\system32\Drivers\Capt905c.sys 16:19:24.0727 3096 SQTECH905C - ok 16:19:24.0945 3096 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NAVx64\1107000.00C\SRTSP64.SYS 16:19:25.0007 3096 SRTSP - ok 16:19:25.0195 3096 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NAVx64\1108000.005\SRTSPX64.SYS 16:19:25.0226 3096 SRTSPX - ok 16:19:25.0351 3096 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 16:19:25.0413 3096 srv - ok 16:19:25.0507 3096 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 16:19:25.0553 3096 srv2 - ok 16:19:25.0709 3096 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 16:19:25.0756 3096 SrvHsfHDA - ok 16:19:25.0865 3096 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 16:19:25.0975 3096 SrvHsfV92 - ok 16:19:26.0084 3096 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 16:19:26.0146 3096 SrvHsfWinac - ok 16:19:26.0302 3096 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 16:19:26.0349 3096 srvnet - ok 16:19:26.0536 3096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:19:26.0583 3096 stexstor - ok 16:19:26.0755 3096 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys 16:19:26.0801 3096 STHDA - ok 16:19:26.0973 3096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:19:26.0989 3096 swenum - ok 16:19:27.0067 3096 swmsflt (c03779ec476f8f30a9cfcde046ba6b28) C:\Windows\system32\DRIVERS\swmsflt.sys 16:19:27.0098 3096 swmsflt - ok 16:19:27.0238 3096 SWNC8UA3 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8ua3.sys 16:19:27.0254 3096 SWNC8UA3 - ok 16:19:27.0441 3096 SWUMXA3 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumxa3.sys 16:19:27.0457 3096 SWUMXA3 - ok 16:19:27.0691 3096 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS 16:19:27.0738 3096 SymDS - ok 16:19:27.0940 3096 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS 16:19:27.0987 3096 SymEFA - ok 16:19:28.0159 3096 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 16:19:28.0190 3096 SymEvent - ok 16:19:28.0408 3096 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS 16:19:28.0440 3096 SymIRON - ok 16:19:28.0611 3096 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NAVx64\1107000.00C\SYMTDIV.SYS 16:19:28.0674 3096 SYMTDIv - ok 16:19:28.0830 3096 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys 16:19:28.0908 3096 SynTP - ok 16:19:29.0173 3096 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 16:19:29.0282 3096 Tcpip - ok 16:19:29.0500 3096 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 16:19:29.0516 3096 TCPIP6 - ok 16:19:29.0578 3096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 16:19:29.0594 3096 tcpipreg - ok 16:19:29.0703 3096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:19:29.0719 3096 TDPIPE - ok 16:19:29.0781 3096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 16:19:29.0797 3096 TDTCP - ok 16:19:29.0922 3096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 16:19:29.0937 3096 tdx - ok 16:19:30.0000 3096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 16:19:30.0015 3096 TermDD - ok 16:19:30.0109 3096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:19:30.0140 3096 tssecsrv - ok 16:19:30.0280 3096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 16:19:30.0296 3096 tunnel - ok 16:19:30.0358 3096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:19:30.0358 3096 uagp35 - ok 16:19:30.0436 3096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 16:19:30.0468 3096 udfs - ok 16:19:30.0624 3096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 16:19:30.0670 3096 uliagpkx - ok 16:19:30.0826 3096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 16:19:30.0858 3096 umbus - ok 16:19:31.0014 3096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:19:31.0029 3096 UmPass - ok 16:19:31.0185 3096 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 16:19:31.0216 3096 USBAAPL64 - ok 16:19:31.0372 3096 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 16:19:31.0404 3096 usbaudio - ok 16:19:31.0482 3096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 16:19:31.0482 3096 usbccgp - ok 16:19:31.0513 3096 USBCCID - ok 16:19:31.0622 3096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 16:19:31.0638 3096 usbcir - ok 16:19:31.0700 3096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 16:19:31.0716 3096 usbehci - ok 16:19:31.0872 3096 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys 16:19:31.0903 3096 usbfilter - ok 16:19:32.0043 3096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 16:19:32.0074 3096 usbhub - ok 16:19:32.0152 3096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 16:19:32.0184 3096 usbohci - ok 16:19:32.0308 3096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:19:32.0324 3096 usbprint - ok 16:19:32.0449 3096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 16:19:32.0496 3096 usbscan - ok 16:19:32.0605 3096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:19:32.0636 3096 USBSTOR - ok 16:19:32.0698 3096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 16:19:32.0698 3096 usbuhci - ok 16:19:32.0854 3096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 16:19:32.0886 3096 vdrvroot - ok 16:19:33.0010 3096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:19:33.0026 3096 vga - ok 16:19:33.0104 3096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:19:33.0104 3096 VgaSave - ok 16:19:33.0151 3096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 16:19:33.0166 3096 vhdmp - ok 16:19:33.0213 3096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 16:19:33.0244 3096 viaide - ok 16:19:33.0400 3096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 16:19:33.0478 3096 volmgr - ok 16:19:33.0728 3096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 16:19:33.0775 3096 volmgrx - ok 16:19:33.0884 3096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 16:19:33.0915 3096 volsnap - ok 16:19:33.0993 3096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:19:34.0024 3096 vsmraid - ok 16:19:34.0134 3096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:19:34.0134 3096 vwifibus - ok 16:19:34.0243 3096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:19:34.0274 3096 vwififlt - ok 16:19:34.0321 3096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 16:19:34.0352 3096 vwifimp - ok 16:19:34.0524 3096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:19:34.0539 3096 WacomPen - ok 16:19:34.0633 3096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:19:34.0664 3096 WANARP - ok 16:19:34.0680 3096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:19:34.0680 3096 Wanarpv6 - ok 16:19:34.0836 3096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:19:34.0867 3096 Wd - ok 16:19:35.0007 3096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:19:35.0070 3096 Wdf01000 - ok 16:19:35.0226 3096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:19:35.0241 3096 WfpLwf - ok 16:19:35.0350 3096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:19:35.0366 3096 WIMMount - ok 16:19:35.0584 3096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 16:19:35.0631 3096 WinUsb - ok 16:19:35.0740 3096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:19:35.0787 3096 WmiAcpi - ok 16:19:35.0881 3096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:19:35.0912 3096 ws2ifsl - ok 16:19:36.0037 3096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 16:19:36.0068 3096 WudfPf - ok 16:19:36.0193 3096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:19:36.0240 3096 WUDFRd - ok 16:19:36.0411 3096 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys 16:19:36.0458 3096 xusb21 - ok 16:19:36.0614 3096 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 16:19:36.0661 3096 yukonw7 - ok 16:19:36.0739 3096 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0 16:19:36.0786 3096 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 16:19:36.0786 3096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 16:19:36.0848 3096 Boot (0x1200) (02f3967c95fe5422b15dffb611c7b246) \Device\Harddisk0\DR0\Partition0 16:19:36.0848 3096 \Device\Harddisk0\DR0\Partition0 - ok 16:19:36.0864 3096 Boot (0x1200) (c97532cf961d36c1932d952638079a96) \Device\Harddisk0\DR0\Partition1 16:19:36.0864 3096 \Device\Harddisk0\DR0\Partition1 - ok 16:19:36.0895 3096 Boot (0x1200) (9a567292078e67a347c8001618efe52a) \Device\Harddisk0\DR0\Partition2 16:19:36.0910 3096 \Device\Harddisk0\DR0\Partition2 - ok 16:19:36.0926 3096 Boot (0x1200) (c26d0bf731b274e23d80370353a8d471) \Device\Harddisk0\DR0\Partition3 16:19:36.0926 3096 \Device\Harddisk0\DR0\Partition3 - ok 16:19:36.0926 3096 ============================================================ 16:19:36.0926 3096 Scan finished 16:19:36.0926 3096 ============================================================ 16:19:36.0957 4816 Detected object count: 1 16:19:36.0957 4816 Actual detected object count: 1 16:20:14.0320 4816 \Device\Harddisk0\DR0\# - copied to quarantine 16:20:14.0320 4816 \Device\Harddisk0\DR0 - copied to quarantine 16:20:14.0429 4816 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 16:20:14.0445 4816 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 16:20:14.0507 4816 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 16:20:14.0507 4816 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 16:20:14.0539 4816 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 16:20:14.0585 4816 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 16:20:15.0865 4816 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 16:20:15.0927 4816 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 16:20:15.0943 4816 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 16:20:15.0958 4816 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 16:20:16.0052 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 16:20:16.0067 4816 \Device\Harddisk0\DR0 - ok 16:20:16.0301 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 16:20:25.0100 6084 Deinitialize success
  5. dds log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25 Run by JOEMAMA at 18:58:06 on 2012-02-05 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1668 [GMT -6:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\HP\QuickPlay\QPService.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\vds.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\notepad.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.facemoods.com/?a=ddrnw mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" mRun: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\052416E646A4 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\27564627F6F666 : DhcpNameServer = 10.1.0.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\64169627669656C6460275966496 : DhcpNameServer = 10.128.128.128 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\D41434024416464697 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{FAA42CA5-33E4-4326-AB4A-B34E1C0D0815} : DhcpNameServer = 209.183.35.23 209.183.33.23 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" mRun-x64: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302 . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?] R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?] R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?] R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2012-1-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312] R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360] R2 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-24 583640] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-1-17 278528] S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-4 121416] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-4 125512] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-02-06 00:48:40 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-03 02:56:21 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com 2012-02-03 02:56:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-02-03 02:56:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-02-03 02:46:12 691 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\GetValue.vbs 2012-02-03 02:46:12 35 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\SetValue.bat 2012-02-03 02:42:46 3174 ----a-w- C:\Windows\SysWow64\tmp.reg 2012-02-03 02:41:59 87552 ----a-w- C:\Windows\SysWow64\VACFix.exe 2012-02-03 02:41:59 82944 ----a-w- C:\Windows\SysWow64\IEDFix.exe 2012-02-03 02:41:59 82944 ----a-w- C:\Windows\SysWow64\IEDFix.C.exe 2012-02-03 02:41:59 82432 ----a-w- C:\Windows\SysWow64\404Fix.exe 2012-02-03 02:41:59 80384 ----a-w- C:\Windows\SysWow64\o4Patch.exe 2012-02-03 02:41:59 78336 ----a-w- C:\Windows\SysWow64\Agent.OMZ.Fix.exe 2012-02-03 02:41:59 75776 ----a-w- C:\Windows\SysWow64\WS2Fix.exe 2012-02-03 02:41:59 53248 ----a-w- C:\Windows\SysWow64\Process.exe 2012-02-03 02:41:59 51200 ----a-w- C:\Windows\SysWow64\dumphive.exe 2012-02-03 02:41:59 289144 ----a-w- C:\Windows\SysWow64\VCCLSID.exe 2012-02-03 02:41:59 288417 ----a-w- C:\Windows\SysWow64\SrchSTS.exe 2012-02-02 23:24:46 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\True Sword 2012-02-02 23:20:10 -------- d-----w- C:\Program Files (x86)\True Sword 5 2012-02-02 22:11:18 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\TestApp 2012-02-02 22:03:07 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\Curiolab 2012-02-02 21:58:24 -------- d-----w- C:\ProgramData\PC Tools 2012-02-02 18:09:00 -------- d-----w- C:\ProgramData\WeCareReminder 2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\MSSOAP 2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2012-02-02 17:11:35 -------- d-----w- C:\Program Files (x86)\Webroot 2012-01-28 04:55:40 -------- d-----w- C:\Program Files (x86)\JDownloader 2012-01-27 21:02:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-01-27 21:01:23 -------- d-----w- C:\Program Files\ATI Technologies 2012-01-27 20:56:47 -------- d-----w- C:\Program Files\CCleaner 2012-01-27 05:33:59 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\SanctionedMedia 2012-01-24 23:59:12 -------- d-----w- C:\Program Files (x86)\CRS 2012-01-24 23:32:40 645632 ------w- C:\Windows\System32\stapi64.dll 2012-01-24 23:30:57 505344 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2012-01-24 23:30:56 431616 ----a-w- C:\Windows\System32\stcplx64.dll 2012-01-24 23:30:56 1465344 ----a-w- C:\Windows\System32\stapo64.dll 2012-01-24 23:30:45 -------- d-----w- C:\Program Files\IDT 2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-01-24 00:59:13 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\PunkBuster 2012-01-23 18:58:29 -------- d-----w- C:\Program Files (x86)\Activision 2012-01-22 04:01:26 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\Chromium 2012-01-22 03:59:57 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll 2012-01-22 03:58:57 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll 2012-01-22 03:57:58 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll 2012-01-21 20:35:07 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack 2012-01-19 19:40:39 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-01-13 22:16:42 -------- d-----w- C:\Users\JOEMAMA\.swt 2012-01-12 18:18:04 -------- d-----w- C:\Malwarebytes . ==================== Find3M ==================== . 2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-12-16 04:55:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-03-20 14:25:22 1713152 ----a-w- C:\Program Files (x86)\Xpadder [5.7].exe 2007-06-13 18:21:26 2095132 ----a-w- C:\Program Files (x86)\GLoarbLineClient.exe . ============= FINISH: 18:59:27.42 ===============
  6. combofix log: ComboFix 12-02-05.02 - JOEMAMA 02/05/2012 18:34:19.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1872 [GMT -6:00] Running from: c:\users\JOEMAMA\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6} c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome.manifest c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\chrome\xulcache.jar c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\defaults\preferences\xulcache.js c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\extensions\{904af45a-d540-4117-a72a-ea770247aee6}\install.rdf c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 ))))))))))))))))))))))))))))))) . . 2012-02-06 00:45 . 2012-02-06 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com 2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-02-03 02:46 . 2012-02-03 02:50 691 ----a-w- c:\users\JOEMAMA\AppData\Roaming\GetValue.vbs 2012-02-03 02:46 . 2012-02-03 02:50 35 ----a-w- c:\users\JOEMAMA\AppData\Roaming\SetValue.bat 2012-02-03 02:42 . 2012-02-03 02:50 3174 ----a-w- c:\windows\SysWow64\tmp.reg 2012-02-03 02:41 . 2009-06-02 17:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe 2012-02-03 02:41 . 2008-12-12 07:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe 2012-02-03 02:41 . 2008-11-30 00:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe 2012-02-03 02:41 . 2008-10-01 21:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe 2012-02-03 02:41 . 2008-09-20 18:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe 2012-02-03 02:41 . 2008-08-18 18:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe 2012-02-03 02:41 . 2008-05-19 03:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe 2012-02-03 02:41 . 2007-09-06 06:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe 2012-02-03 02:41 . 2006-04-27 23:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe 2012-02-03 02:41 . 2004-08-01 00:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe 2012-02-03 02:41 . 2003-06-06 03:13 53248 ----a-w- c:\windows\SysWow64\Process.exe 2012-02-02 23:24 . 2012-02-02 23:24 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\True Sword 2012-02-02 23:20 . 2012-02-02 23:25 -------- d-----w- c:\program files (x86)\True Sword 5 2012-02-02 22:11 . 2012-02-02 22:11 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\TestApp 2012-02-02 22:03 . 2012-02-02 22:03 -------- d-----w- c:\users\JOEMAMA\AppData\Roaming\Curiolab 2012-02-02 21:58 . 2012-02-03 01:01 -------- d-----w- c:\programdata\PC Tools 2012-02-02 18:09 . 2012-02-02 18:09 -------- d-----w- c:\programdata\WeCareReminder 2012-02-02 17:11 . 2012-02-02 17:11 -------- d-----w- c:\program files (x86)\MSSOAP 2012-02-02 17:11 . 2012-02-02 17:11 -------- d-----w- c:\program files (x86)\Webroot 2012-01-28 04:55 . 2012-02-03 05:11 -------- d-----w- c:\program files (x86)\JDownloader 2012-01-27 21:05 . 2012-01-27 21:05 -------- d-----w- c:\programdata\ATI 2012-01-27 21:02 . 2012-01-27 21:02 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-01-27 21:01 . 2012-01-27 21:02 -------- d-----w- c:\program files\ATI Technologies 2012-01-27 20:56 . 2012-01-27 20:56 -------- d-----w- c:\program files\CCleaner 2012-01-27 05:33 . 2012-01-27 05:33 -------- d-----w- c:\users\JOEMAMA\AppData\Local\SanctionedMedia 2012-01-24 23:59 . 2012-01-31 21:10 -------- d-----w- c:\program files (x86)\CRS 2012-01-24 23:32 . 2010-03-23 13:53 645632 ------w- c:\windows\system32\stapi64.dll 2012-01-24 23:30 . 2010-03-23 13:53 505344 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2012-01-24 23:30 . 2010-03-23 13:53 431616 ----a-w- c:\windows\system32\stcplx64.dll 2012-01-24 23:30 . 2010-03-23 13:53 1465344 ----a-w- c:\windows\system32\stapo64.dll 2012-01-24 23:30 . 2012-01-24 23:35 -------- d-----w- c:\program files\IDT 2012-01-24 00:59 . 2012-01-24 00:59 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-01-24 00:59 . 2012-01-24 00:59 -------- d-----w- c:\users\JOEMAMA\AppData\Local\PunkBuster 2012-01-23 18:58 . 2012-01-23 18:58 -------- d-----w- c:\program files (x86)\Activision 2012-01-22 04:01 . 2012-01-22 04:01 -------- d-----w- c:\users\JOEMAMA\AppData\Local\Chromium 2012-01-22 03:59 . 2009-03-16 20:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll 2012-01-22 03:58 . 2008-07-10 17:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2012-01-22 03:57 . 2007-06-21 02:49 409960 ----a-w- c:\windows\system32\xactengine2_8.dll 2012-01-21 20:35 . 2012-01-21 20:35 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack 2012-01-19 19:40 . 2012-01-19 19:40 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-01-13 22:16 . 2012-01-13 22:16 -------- d-----w- c:\users\JOEMAMA\.swt 2012-01-12 18:18 . 2012-01-22 03:24 -------- d-----w- C:\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-24 00:59 . 2011-06-05 03:36 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-12-16 04:55 . 2011-12-16 04:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 21:24 . 2010-05-31 02:19 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 14:25 . 2011-04-04 15:31 1713152 ----a-w- c:\program files (x86)\Xpadder [5.7].exe 2007-06-13 18:21 . 2011-01-17 16:00 2095132 ----a-w- c:\program files (x86)\GLoarbLineClient.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2010-05-20 22:35 2675296 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-1-17 3272704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Sunbelt Software\VIPRE\Definitions . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R0 sptd;sptd; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-04 121416] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x] R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-04 125512] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x] R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 MDFSYSNT;MacDrive file system driver; [x] S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x] S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312] S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-01-19 c:\windows\Tasks\HPCeeScheduleForJOEMAMA.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . 2012-02-05 c:\windows\Tasks\ParetoLogic Registration.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2010-11-10 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 20:25] . 2012-02-05 c:\windows\Tasks\RMSchedule.job - c:\program files (x86)\Registry Mechanic\RegMech.exe [2010-10-25 13:46] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] "combofix"="c:\combofix\CF29646.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=ddrnw uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 FF - ProfilePath - c:\users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-MacDrive volume icons - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe . ************************************************************************** . Completion time: 2012-02-05 18:56:54 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-06 00:56 . Pre-Run: 7,677,562,880 bytes free Post-Run: 8,113,672,192 bytes free . - - End Of File - - 091AF9B081B4ABAAEE4535FDDCB591D9
  7. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25 Run by JOEMAMA at 23:21:04 on 2012-02-02 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1455 [GMT -6:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe C:\Windows\system32\taskhost.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\vds.exe -netsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\conhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\HP\QuickPlay\QPService.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.facemoods.com/?a=ddrnw uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" mRun: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" mRun: [<NO NAME>] mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I dRun: [smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\052416E646A4 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\27564627F6F666 : DhcpNameServer = 10.1.0.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\64169627669656C6460275966496 : DhcpNameServer = 10.128.128.128 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F94A8885-D8D1-4FFD-B187-B8B23E4F7C0B}\D41434024416464697 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{FAA42CA5-33E4-4326-AB4A-B34E1C0D0815} : DhcpNameServer = 209.183.35.23 209.183.33.23 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll BHO-X64: facemoods Helper - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" mRun-x64: [sSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" mRun-x64: [(Default)] mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Firefox\Profiles\6yhjxolz.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://fbtz.com/forum/forumdisplay.php?f=302 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\Users\JOEMAMA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?] R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?] R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?] R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2012-1-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312] R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360] R2 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-24 583640] R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-1-17 278528] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 227896] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-12-4 121416] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-12-4 125512] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-02-03 05:10:32 709968 ----a-w- C:\Windows\isRS-000.tmp 2012-02-03 02:56:21 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\SUPERAntiSpyware.com 2012-02-03 02:56:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-02-03 02:56:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-02-03 02:46:12 691 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\GetValue.vbs 2012-02-03 02:46:12 35 ----a-w- C:\Users\JOEMAMA\AppData\Roaming\SetValue.bat 2012-02-03 02:42:46 3174 ----a-w- C:\Windows\SysWow64\tmp.reg 2012-02-02 23:24:46 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\True Sword 2012-02-02 23:20:10 -------- d-----w- C:\Program Files (x86)\True Sword 5 2012-02-02 22:11:18 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\TestApp 2012-02-02 22:03:07 -------- d-----w- C:\Users\JOEMAMA\AppData\Roaming\Curiolab 2012-02-02 21:58:24 -------- d-----w- C:\ProgramData\PC Tools 2012-02-02 18:09:00 -------- d-----w- C:\ProgramData\WeCareReminder 2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\MSSOAP 2012-02-02 17:11:49 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2012-02-02 17:11:35 -------- d-----w- C:\Program Files (x86)\Webroot 2012-01-28 04:56:22 -------- d-----w- C:\Program Files (x86)\facemoods.com 2012-01-28 04:55:40 -------- d-----w- C:\Program Files (x86)\JDownloader 2012-01-27 21:02:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-01-27 21:01:23 -------- d-----w- C:\Program Files\ATI Technologies 2012-01-27 20:56:47 -------- d-----w- C:\Program Files\CCleaner 2012-01-27 05:33:59 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\SanctionedMedia 2012-01-24 23:59:12 -------- d-----w- C:\Program Files (x86)\CRS 2012-01-24 23:32:40 645632 ------w- C:\Windows\System32\stapi64.dll 2012-01-24 23:30:57 505344 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2012-01-24 23:30:56 431616 ----a-w- C:\Windows\System32\stcplx64.dll 2012-01-24 23:30:56 1465344 ----a-w- C:\Windows\System32\stapo64.dll 2012-01-24 23:30:45 -------- d-----w- C:\Program Files\IDT 2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-01-24 00:59:13 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\PunkBuster 2012-01-23 18:58:29 -------- d-----w- C:\Program Files (x86)\Activision 2012-01-22 04:01:26 -------- d-----w- C:\Users\JOEMAMA\AppData\Local\Chromium 2012-01-22 03:59:57 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll 2012-01-22 03:58:57 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll 2012-01-22 03:57:58 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll 2012-01-21 20:35:07 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack 2012-01-19 19:40:39 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-01-13 22:16:42 -------- d-----w- C:\Users\JOEMAMA\.swt 2012-01-12 18:18:04 -------- d-----w- C:\Malwarebytes 2012-01-04 16:04:35 -------- d-sh--w- C:\Windows\SysWow64\%USERPROFILE% . ==================== Find3M ==================== . 2012-01-24 00:59:17 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-12-16 04:55:46 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-03-20 14:25:22 1713152 ----a-w- C:\Program Files (x86)\Xpadder [5.7].exe 2007-06-13 18:21:26 2095132 ----a-w- C:\Program Files (x86)\GLoarbLineClient.exe . ============= FINISH: 23:24:11.38 ===============
  8. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.03.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 JOEMAMA :: MARK [administrator] Protection: Enabled 2/2/2012 11:13:08 PM mbam-log-2012-02-02 (23-20-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189480 Time elapsed: 7 minute(s), 19 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3064 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end)
  9. Here are those two logs you requested. Thanks for replying and hoping these viruses get removed. mbam-log-2012-01-26 (23-47-51).txt DDS.txt
  10. I am using Malwarebytes Anti-Malware v1.60.0.1800 and after I run a quick scan, it shows two infections: Trojan.Agent File C:\Windows\svchost.exe Trojan.Agent Memory Process C:\Windows\svchost.exe. When I select remove, it says they will be removed after reboot but after restarting system, they are still present. Also I keep getting a pop up from Malwarebytes stating: "Malwarebytes Anti-Malware Successfully blocked access to a potentially malicious website:(ip) Type:outgoing Port:(numbers are different), Process: scvhost.exe" Here are the MBAM and DDS logs. I tried running Combofix afterwards but when stage 50 was completed (took about 15 minutes to run), my computer restarted and did not produce a log of it. Please help anybody, this has been really bugging me and I would so appreciate any advice, thanks. mbam-log-2012-01-02 (11-40-55).txt DDS.txt
  11. By the way, I ran Combofix after producing those logs and when stage 50 was completed, it just shut down my computer and after restart, there was no Comboxfix log.
  12. I am having a similar problem. I am using Malwarebytes Anti-Malware v1.60.0.1800 and after I run a quick scan, it shows two infections: Trojan.Agent File C:\Windows\svchost.exe and Trojan.Agent Memory Process C:\Windows\svchost.exe. When I select remove, it says they will be removed after reboot but this does not happen. Here are the MBAM and DDS logs. Please help screen317 or any other moderator, I would most appreciate it! DDS.txt mbam-log-2012-01-02 (11-40-55).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.