svchost.exe/CATCHME.sys amongst other things

[ShatteredFoX]

This malware has been running me up the wall. Malwarebytes keeps blasting off warnings and everytime it removes it, it simply replace itself.

There is also a google redirect virus, I'm not sure where it's coming from but it is blocking me from anything google related including captchas.

Attach.txt

DDS.txt

[ShatteredFoX]

I don't know your policies on bumping your own thread, but I haven't had a reply in over 60+ hours and getting close to page 4. If I was not supposed to bump I apologize.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by ShatteredFoX at 8:19:18 on 2012-03-04

Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.4095.1837 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\lg_fwupdate\fwupdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

C:\ProgramData\confighst.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [confighst] C:\ProgramData\confighst.exe

uRun: [cschar] C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

mRun: [confighst] C:\ProgramData\confighst.exe

mRun: [cschar] C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

dRun: [confighst] C:\ProgramData\confighst.exe

dRun: [cschar] C:\Windows\system32\config\systemprofile\AppData\Roaming\cschar.exe

StartupFolder: C:\Users\SHATTE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{670B7918-13C2-47C3-B891-39BAAB0048C8} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

mRun-x64: [confighst] C:\ProgramData\confighst.exe

mRun-x64: [cschar] C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ShatteredFoX\AppData\Roaming\Mozilla\Firefox\Profiles\992wb1ws.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\ShatteredFoX\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\ShatteredFoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-5 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-9 652360]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-03-04 12:47:43 72248 ----a-w- C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe

2012-03-04 10:50:27 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-03-04 10:23:46 -------- d-----w- C:\Users\ShatteredFoX\AppData\Roaming\ParetoLogic

2012-03-04 10:23:46 -------- d-----w- C:\Users\ShatteredFoX\AppData\Roaming\DriverCure

2012-03-04 10:23:20 -------- d-----w- C:\ProgramData\ParetoLogic

2012-03-04 10:23:20 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2012-03-04 10:23:20 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic

2012-03-04 10:12:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8ED4EE0-4715-41F5-A4CB-FE09A414B730}\offreg.dll

2012-03-04 08:55:28 -------- d-----w- C:\Users\ShatteredFoX\D2LOD-1.12A-enUS

2012-03-04 07:09:47 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-03-02 10:11:52 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8ED4EE0-4715-41F5-A4CB-FE09A414B730}\mpengine.dll

2012-03-01 16:48:01 72248 ----a-w- C:\ProgramData\confighst.exe

2012-03-01 14:29:30 20480 ----a-w- C:\Windows\svchost.exe

2012-03-01 12:23:27 -------- d-----w- C:\Program Files\CCleaner

2012-03-01 11:17:54 -------- d-----w- C:\Users\ShatteredFoX\AppData\Local\Vidalia

2012-03-01 11:11:01 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-01 10:58:12 98816 ----a-w- C:\Windows\sed.exe

2012-03-01 10:58:12 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-01 10:58:12 256000 ----a-w- C:\Windows\PEV.exe

2012-03-01 10:58:12 208896 ----a-w- C:\Windows\MBR.exe

2012-02-29 08:09:59 766976 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2012-02-28 06:59:14 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-28 06:59:14 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-28 06:59:13 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-28 06:59:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-28 06:59:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-28 06:59:10 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-28 06:57:51 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-28 06:57:51 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-12 16:09:18 -------- d-----w- C:\ProgramData\RegAce

2012-02-12 16:09:15 -------- d-----w- C:\Windows\RegAce

2012-02-12 16:08:20 -------- d-----w- C:\Program Files (x86)\RegAce System Suite

2012-02-12 00:52:05 -------- d-----w- C:\Program Files (x86)\Cockatrice

2012-02-10 16:36:59 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-02-10 16:36:58 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2012-02-10 16:36:26 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2012-02-10 16:36:17 -------- d-----w- C:\Program Files (x86)\Unlocker

2012-02-10 02:14:07 -------- d-----w- C:\Users\ShatteredFoX\AppData\Roaming\EnMasse

2012-02-09 14:03:51 -------- d-----w- C:\ProgramData\TERA

2012-02-07 17:28:12 -------- d-----w- C:\Users\ShatteredFoX\AppData\Local\Chromium

2012-02-06 01:36:34 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-02-06 01:36:15 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2012-02-04 23:41:45 -------- d-----w- C:\ProgramData\ASign

2012-02-04 18:40:24 -------- d-----w- C:\Down

2012-02-04 18:40:14 -------- d-----w- C:\Perfect World Entertainment

2012-02-04 04:07:59 28168 ----a-w- C:\Windows\System32\X3DAudio1_4.dll

.

==================== Find3M ====================

.

2012-02-29 08:09:59 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll

2012-01-29 22:02:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-01-29 22:02:56 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-01-29 22:02:56 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-01-29 22:02:56 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 8:19:58.32 ===============

[LDTate]

We look for post with 0 replies so it wouldn't matter what page your topic is on, but when people reply to their own topic it appears they are being helped already.

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[ShatteredFoX]

I can't use google or any google services it will simply stall, not load(in the case of recaptcha or maps), or redirect me to another website. Google chrome even has a habit of crashing at any moment especially if I do a search via the address bar rather then a search engine.

Malwarebytes will also every every couple of minutes to sometimes more frequently will notify me that it blocked something trying to access my internet. The name varies every couple of days and will change depending on what browser I try to use.

The MBAM logs

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ShatteredFoX :: FOX [administrator]

Protection: Enabled

3/11/2012 11:09:01 PM

mbam-log-2012-03-11 (23-09-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207979

Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Detected: 2

C:\ProgramData\confighst.exe (Trojan.Downloader) -> 3308 -> Delete on reboot.

C:\Windows\svchost.exe (Trojan.Agent) -> 7712 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 7

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|confighst (Trojan.Downloader) -> Data: C:\ProgramData\confighst.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|confighst (Trojan.Downloader) -> Data: C:\ProgramData\confighst.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|confighst (Trojan.Downloader) -> Data: C:\ProgramData\confighst.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cschar (Trojan.Downloader) -> Data: C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cschar (Trojan.Downloader) -> Data: C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cschar (Trojan.Downloader) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\cschar.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\ProgramData\confighst.exe (Trojan.Downloader) -> Delete on reboot.

C:\Users\ShatteredFoX\AppData\Roaming\cschar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Roaming\cschar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\ShatteredFoX\AppData\Local\Temp\isomore.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

[LDTate]

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[ShatteredFoX]

22:40:41.0557 5212 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

22:40:41.0832 5212 ============================================================

22:40:41.0832 5212 Current date / time: 2012/03/12 22:40:41.0832

22:40:41.0832 5212 SystemInfo:

22:40:41.0832 5212

22:40:41.0832 5212 OS Version: 6.1.7601 ServicePack: 1.0

22:40:41.0832 5212 Product type: Workstation

22:40:41.0832 5212 ComputerName: FOX

22:40:41.0832 5212 UserName: ShatteredFoX

22:40:41.0833 5212 Windows directory: C:\Windows

22:40:41.0833 5212 System windows directory: C:\Windows

22:40:41.0833 5212 Running under WOW64

22:40:41.0833 5212 Processor architecture: Intel x64

22:40:41.0833 5212 Number of processors: 2

22:40:41.0833 5212 Page size: 0x1000

22:40:41.0833 5212 Boot type: Normal boot

22:40:41.0833 5212 ============================================================

22:40:43.0535 5212 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040

22:40:43.0538 5212 \Device\Harddisk0\DR0:

22:40:43.0538 5212 MBR used

22:40:43.0538 5212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:40:43.0538 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

22:40:43.0559 5212 Initialize success

22:40:43.0559 5212 ============================================================

22:41:07.0337 5772 ============================================================

22:41:07.0337 5772 Scan started

22:41:07.0337 5772 Mode: Manual;

22:41:07.0337 5772 ============================================================

22:41:07.0908 5772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:41:07.0911 5772 1394ohci - ok

22:41:07.0957 5772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:41:07.0961 5772 ACPI - ok

22:41:08.0021 5772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:41:08.0022 5772 AcpiPmi - ok

22:41:08.0079 5772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

22:41:08.0085 5772 adp94xx - ok

22:41:08.0159 5772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

22:41:08.0163 5772 adpahci - ok

22:41:08.0205 5772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

22:41:08.0208 5772 adpu320 - ok

22:41:08.0295 5772 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:41:08.0302 5772 AFD - ok

22:41:08.0386 5772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:41:08.0387 5772 agp440 - ok

22:41:08.0498 5772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:41:08.0500 5772 aliide - ok

22:41:08.0548 5772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:41:08.0549 5772 amdide - ok

22:41:08.0604 5772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

22:41:08.0605 5772 AmdK8 - ok

22:41:08.0783 5772 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys

22:41:08.0900 5772 amdkmdag - ok

22:41:08.0980 5772 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys

22:41:08.0983 5772 amdkmdap - ok

22:41:09.0010 5772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:41:09.0011 5772 AmdPPM - ok

22:41:09.0098 5772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:41:09.0101 5772 amdsata - ok

22:41:09.0132 5772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

22:41:09.0135 5772 amdsbs - ok

22:41:09.0222 5772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:41:09.0224 5772 amdxata - ok

22:41:09.0311 5772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:41:09.0313 5772 AppID - ok

22:41:09.0421 5772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

22:41:09.0424 5772 arc - ok

22:41:09.0440 5772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

22:41:09.0442 5772 arcsas - ok

22:41:09.0538 5772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:41:09.0539 5772 AsyncMac - ok

22:41:09.0563 5772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:41:09.0564 5772 atapi - ok

22:41:09.0672 5772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

22:41:09.0677 5772 b06bdrv - ok

22:41:09.0704 5772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:41:09.0707 5772 b57nd60a - ok

22:41:09.0809 5772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:41:09.0810 5772 Beep - ok

22:41:09.0911 5772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:41:09.0913 5772 blbdrive - ok

22:41:09.0944 5772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:41:09.0947 5772 bowser - ok

22:41:10.0022 5772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

22:41:10.0023 5772 BrFiltLo - ok

22:41:10.0030 5772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

22:41:10.0031 5772 BrFiltUp - ok

22:41:10.0136 5772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

22:41:10.0139 5772 BridgeMP - ok

22:41:10.0171 5772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:41:10.0175 5772 Brserid - ok

22:41:10.0183 5772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:41:10.0184 5772 BrSerWdm - ok

22:41:10.0271 5772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:41:10.0272 5772 BrUsbMdm - ok

22:41:10.0290 5772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:41:10.0292 5772 BrUsbSer - ok

22:41:10.0316 5772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

22:41:10.0318 5772 BTHMODEM - ok

22:41:10.0349 5772 catchme - ok

22:41:10.0429 5772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:41:10.0431 5772 cdfs - ok

22:41:10.0473 5772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:41:10.0477 5772 cdrom - ok

22:41:10.0577 5772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

22:41:10.0579 5772 circlass - ok

22:41:10.0610 5772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:41:10.0614 5772 CLFS - ok

22:41:10.0790 5772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

22:41:10.0792 5772 CmBatt - ok

22:41:10.0848 5772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:41:10.0850 5772 cmdide - ok

22:41:10.0914 5772 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:41:10.0932 5772 CNG - ok

22:41:10.0994 5772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

22:41:10.0995 5772 Compbatt - ok

22:41:11.0034 5772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:41:11.0035 5772 CompositeBus - ok

22:41:11.0108 5772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

22:41:11.0110 5772 crcdisk - ok

22:41:11.0203 5772 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

22:41:11.0210 5772 CSC - ok

22:41:11.0381 5772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:41:11.0383 5772 DfsC - ok

22:41:11.0406 5772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:41:11.0407 5772 discache - ok

22:41:11.0462 5772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

22:41:11.0464 5772 Disk - ok

22:41:11.0518 5772 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

22:41:11.0520 5772 dmvsc - ok

22:41:11.0586 5772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:41:11.0587 5772 drmkaud - ok

22:41:11.0640 5772 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

22:41:11.0643 5772 dtsoftbus01 - ok

22:41:11.0723 5772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:41:11.0743 5772 DXGKrnl - ok

22:41:11.0774 5772 EagleX64 - ok

22:41:11.0876 5772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

22:41:11.0904 5772 ebdrv - ok

22:41:11.0977 5772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

22:41:11.0982 5772 elxstor - ok

22:41:12.0023 5772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:41:12.0024 5772 ErrDev - ok

22:41:12.0064 5772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:41:12.0066 5772 exfat - ok

22:41:12.0108 5772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:41:12.0111 5772 fastfat - ok

22:41:12.0147 5772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

22:41:12.0148 5772 fdc - ok

22:41:12.0170 5772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:41:12.0171 5772 FileInfo - ok

22:41:12.0212 5772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:41:12.0214 5772 Filetrace - ok

22:41:12.0248 5772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

22:41:12.0249 5772 flpydisk - ok

22:41:12.0288 5772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:41:12.0291 5772 FltMgr - ok

22:41:12.0337 5772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:41:12.0338 5772 FsDepends - ok

22:41:12.0379 5772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:41:12.0380 5772 Fs_Rec - ok

22:41:12.0407 5772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:41:12.0410 5772 fvevol - ok

22:41:12.0440 5772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

22:41:12.0441 5772 gagp30kx - ok

22:41:12.0515 5772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:41:12.0517 5772 hcw85cir - ok

22:41:12.0559 5772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:41:12.0562 5772 HdAudAddService - ok

22:41:12.0646 5772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:41:12.0648 5772 HDAudBus - ok

22:41:12.0676 5772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

22:41:12.0677 5772 HidBatt - ok

22:41:12.0739 5772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

22:41:12.0741 5772 HidBth - ok

22:41:12.0762 5772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

22:41:12.0770 5772 HidIr - ok

22:41:12.0903 5772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:41:12.0905 5772 HidUsb - ok

22:41:12.0995 5772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:41:13.0000 5772 HpSAMD - ok

22:41:13.0159 5772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:41:13.0166 5772 HTTP - ok

22:41:13.0206 5772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:41:13.0207 5772 hwpolicy - ok

22:41:13.0259 5772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

22:41:13.0260 5772 i8042prt - ok

22:41:13.0321 5772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:41:13.0325 5772 iaStorV - ok

22:41:13.0373 5772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

22:41:13.0374 5772 iirsp - ok

22:41:13.0418 5772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:41:13.0419 5772 intelide - ok

22:41:13.0471 5772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

22:41:13.0472 5772 intelppm - ok

22:41:13.0500 5772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:41:13.0501 5772 IpFilterDriver - ok

22:41:13.0523 5772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:41:13.0524 5772 IPMIDRV - ok

22:41:13.0531 5772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:41:13.0534 5772 IPNAT - ok

22:41:13.0579 5772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:41:13.0580 5772 IRENUM - ok

22:41:13.0618 5772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:41:13.0619 5772 isapnp - ok

22:41:13.0636 5772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:41:13.0638 5772 iScsiPrt - ok

22:41:13.0689 5772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:41:13.0690 5772 kbdclass - ok

22:41:13.0730 5772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

22:41:13.0731 5772 kbdhid - ok

22:41:13.0759 5772 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:41:13.0761 5772 KSecDD - ok

22:41:13.0791 5772 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:41:13.0792 5772 KSecPkg - ok

22:41:13.0865 5772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:41:13.0866 5772 ksthunk - ok

22:41:13.0926 5772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:41:13.0927 5772 lltdio - ok

22:41:13.0985 5772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

22:41:13.0987 5772 LSI_FC - ok

22:41:14.0029 5772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

22:41:14.0030 5772 LSI_SAS - ok

22:41:14.0073 5772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

22:41:14.0074 5772 LSI_SAS2 - ok

22:41:14.0114 5772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

22:41:14.0115 5772 LSI_SCSI - ok

22:41:14.0164 5772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:41:14.0165 5772 luafv - ok

22:41:14.0228 5772 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

22:41:14.0229 5772 MBAMProtector - ok

22:41:14.0302 5772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

22:41:14.0303 5772 megasas - ok

22:41:14.0345 5772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

22:41:14.0349 5772 MegaSR - ok

22:41:14.0406 5772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:41:14.0407 5772 Modem - ok

22:41:14.0452 5772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:41:14.0453 5772 monitor - ok

22:41:14.0510 5772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:41:14.0512 5772 mouclass - ok

22:41:14.0564 5772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:41:14.0568 5772 mouhid - ok

22:41:14.0615 5772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:41:14.0617 5772 mountmgr - ok

22:41:14.0661 5772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:41:14.0663 5772 mpio - ok

22:41:14.0718 5772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:41:14.0719 5772 mpsdrv - ok

22:41:14.0763 5772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:41:14.0765 5772 MRxDAV - ok

22:41:14.0811 5772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:41:14.0814 5772 mrxsmb - ok

22:41:14.0858 5772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:41:14.0862 5772 mrxsmb10 - ok

22:41:14.0917 5772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:41:14.0919 5772 mrxsmb20 - ok

22:41:14.0967 5772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:41:14.0968 5772 msahci - ok

22:41:15.0010 5772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:41:15.0012 5772 msdsm - ok

22:41:15.0072 5772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:41:15.0073 5772 Msfs - ok

22:41:15.0108 5772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:41:15.0109 5772 mshidkmdf - ok

22:41:15.0131 5772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:41:15.0132 5772 msisadrv - ok

22:41:15.0218 5772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:41:15.0219 5772 MSKSSRV - ok

22:41:15.0228 5772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:41:15.0228 5772 MSPCLOCK - ok

22:41:15.0247 5772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:41:15.0247 5772 MSPQM - ok

22:41:15.0272 5772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:41:15.0275 5772 MsRPC - ok

22:41:15.0349 5772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:41:15.0350 5772 mssmbios - ok

22:41:15.0382 5772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:41:15.0383 5772 MSTEE - ok

22:41:15.0449 5772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

22:41:15.0451 5772 MTConfig - ok

22:41:15.0505 5772 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

22:41:15.0505 5772 MTsensor - ok

22:41:15.0572 5772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:41:15.0574 5772 Mup - ok

22:41:15.0671 5772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:41:15.0675 5772 NativeWifiP - ok

22:41:15.0710 5772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:41:15.0719 5772 NDIS - ok

22:41:15.0792 5772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:41:15.0794 5772 NdisCap - ok

22:41:15.0822 5772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:41:15.0824 5772 NdisTapi - ok

22:41:15.0926 5772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:41:15.0927 5772 Ndisuio - ok

22:41:15.0943 5772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:41:15.0945 5772 NdisWan - ok

22:41:15.0960 5772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:41:15.0961 5772 NDProxy - ok

22:41:16.0031 5772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:41:16.0032 5772 NetBIOS - ok

22:41:16.0051 5772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:41:16.0054 5772 NetBT - ok

22:41:16.0163 5772 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys

22:41:16.0173 5772 netr28ux - ok

22:41:16.0207 5772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

22:41:16.0208 5772 nfrd960 - ok

22:41:16.0283 5772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:41:16.0284 5772 Npfs - ok

22:41:16.0308 5772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:41:16.0309 5772 nsiproxy - ok

22:41:16.0398 5772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:41:16.0416 5772 Ntfs - ok

22:41:16.0462 5772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:41:16.0464 5772 Null - ok

22:41:16.0535 5772 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

22:41:16.0545 5772 NVENETFD - ok

22:41:16.0619 5772 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys

22:41:16.0624 5772 NVNET - ok

22:41:16.0675 5772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:41:16.0677 5772 nvraid - ok

22:41:16.0723 5772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:41:16.0724 5772 nvstor - ok

22:41:16.0769 5772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:41:16.0771 5772 nv_agp - ok

22:41:16.0814 5772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:41:16.0815 5772 ohci1394 - ok

22:41:16.0914 5772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:41:16.0922 5772 Parport - ok

22:41:16.0958 5772 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:41:16.0966 5772 partmgr - ok

22:41:17.0124 5772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:41:17.0128 5772 pci - ok

22:41:17.0160 5772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:41:17.0161 5772 pciide - ok

22:41:17.0192 5772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

22:41:17.0195 5772 pcmcia - ok

22:41:17.0230 5772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:41:17.0231 5772 pcw - ok

22:41:17.0409 5772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:41:17.0417 5772 PEAUTH - ok

22:41:17.0544 5772 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

22:41:17.0545 5772 Point64 - ok

22:41:17.0592 5772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:41:17.0594 5772 PptpMiniport - ok

22:41:17.0660 5772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

22:41:17.0661 5772 Processor - ok

22:41:17.0705 5772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:41:17.0707 5772 Psched - ok

22:41:17.0802 5772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

22:41:17.0821 5772 ql2300 - ok

22:41:17.0848 5772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

22:41:17.0850 5772 ql40xx - ok

22:41:17.0956 5772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:41:17.0956 5772 QWAVEdrv - ok

22:41:17.0990 5772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:41:17.0991 5772 RasAcd - ok

22:41:18.0043 5772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:41:18.0044 5772 RasAgileVpn - ok

22:41:18.0077 5772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:41:18.0078 5772 Rasl2tp - ok

22:41:18.0133 5772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:41:18.0135 5772 RasPppoe - ok

22:41:18.0167 5772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:41:18.0169 5772 RasSstp - ok

22:41:18.0205 5772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:41:18.0209 5772 rdbss - ok

22:41:18.0258 5772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:41:18.0260 5772 rdpbus - ok

22:41:18.0305 5772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:41:18.0306 5772 RDPCDD - ok

22:41:18.0360 5772 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

22:41:18.0362 5772 RDPDR - ok

22:41:18.0412 5772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:41:18.0413 5772 RDPENCDD - ok

22:41:18.0454 5772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:41:18.0455 5772 RDPREFMP - ok

22:41:18.0505 5772 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

22:41:18.0506 5772 RdpVideoMiniport - ok

22:41:18.0569 5772 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

22:41:18.0571 5772 RDPWD - ok

22:41:18.0612 5772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:41:18.0615 5772 rdyboost - ok

22:41:18.0713 5772 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

22:41:18.0720 5772 RsFx0103 - ok

22:41:18.0805 5772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:41:18.0807 5772 rspndr - ok

22:41:18.0834 5772 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

22:41:18.0835 5772 s3cap - ok

22:41:18.0932 5772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:41:18.0934 5772 sbp2port - ok

22:41:18.0956 5772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:41:18.0957 5772 scfilter - ok

22:41:19.0069 5772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:41:19.0070 5772 secdrv - ok

22:41:19.0103 5772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:41:19.0104 5772 Serenum - ok

22:41:19.0175 5772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:41:19.0177 5772 Serial - ok

22:41:19.0197 5772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

22:41:19.0198 5772 sermouse - ok

22:41:19.0224 5772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:41:19.0225 5772 sffdisk - ok

22:41:19.0238 5772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:41:19.0239 5772 sffp_mmc - ok

22:41:19.0245 5772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:41:19.0246 5772 sffp_sd - ok

22:41:19.0258 5772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

22:41:19.0258 5772 sfloppy - ok

22:41:19.0336 5772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

22:41:19.0337 5772 SiSRaid2 - ok

22:41:19.0409 5772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

22:41:19.0410 5772 SiSRaid4 - ok

22:41:19.0531 5772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:41:19.0535 5772 Smb - ok

22:41:19.0628 5772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:41:19.0629 5772 spldr - ok

22:41:19.0739 5772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:41:19.0745 5772 srv - ok

22:41:19.0766 5772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:41:19.0771 5772 srv2 - ok

22:41:19.0848 5772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:41:19.0850 5772 srvnet - ok

22:41:20.0033 5772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

22:41:20.0033 5772 stexstor - ok

22:41:20.0084 5772 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

22:41:20.0085 5772 storflt - ok

22:41:20.0138 5772 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

22:41:20.0140 5772 storvsc - ok

22:41:20.0162 5772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:41:20.0163 5772 swenum - ok

22:41:20.0246 5772 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys

22:41:20.0249 5772 Synth3dVsc - ok

22:41:20.0308 5772 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

22:41:20.0325 5772 Tcpip - ok

22:41:20.0445 5772 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

22:41:20.0458 5772 TCPIP6 - ok

22:41:20.0477 5772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:41:20.0478 5772 tcpipreg - ok

22:41:20.0538 5772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:41:20.0539 5772 TDPIPE - ok

22:41:20.0553 5772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:41:20.0553 5772 TDTCP - ok

22:41:20.0586 5772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:41:20.0588 5772 tdx - ok

22:41:20.0653 5772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

22:41:20.0656 5772 TermDD - ok

22:41:20.0689 5772 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

22:41:20.0690 5772 terminpt - ok

22:41:20.0790 5772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:41:20.0792 5772 tssecsrv - ok

22:41:20.0818 5772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:41:20.0819 5772 TsUsbFlt - ok

22:41:20.0896 5772 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

22:41:20.0904 5772 TsUsbGD - ok

22:41:20.0927 5772 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

22:41:20.0929 5772 tsusbhub - ok

22:41:21.0007 5772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:41:21.0011 5772 tunnel - ok

22:41:21.0099 5772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

22:41:21.0102 5772 uagp35 - ok

22:41:21.0127 5772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:41:21.0132 5772 udfs - ok

22:41:21.0211 5772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:41:21.0214 5772 uliagpkx - ok

22:41:21.0238 5772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

22:41:21.0239 5772 umbus - ok

22:41:21.0309 5772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

22:41:21.0311 5772 UmPass - ok

22:41:21.0349 5772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:41:21.0350 5772 usbccgp - ok

22:41:21.0436 5772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:41:21.0438 5772 usbcir - ok

22:41:21.0467 5772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

22:41:21.0468 5772 usbehci - ok

22:41:21.0539 5772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:41:21.0547 5772 usbhub - ok

22:41:21.0565 5772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

22:41:21.0566 5772 usbohci - ok

22:41:21.0636 5772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:41:21.0638 5772 usbprint - ok

22:41:21.0679 5772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:41:21.0680 5772 usbscan - ok

22:41:21.0754 5772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:41:21.0755 5772 USBSTOR - ok

22:41:21.0770 5772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:41:21.0772 5772 usbuhci - ok

22:41:21.0861 5772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:41:21.0863 5772 vdrvroot - ok

22:41:21.0898 5772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:41:21.0899 5772 vga - ok

22:41:21.0935 5772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:41:21.0937 5772 VgaSave - ok

22:41:21.0991 5772 VGPU - ok

22:41:22.0027 5772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:41:22.0030 5772 vhdmp - ok

22:41:22.0067 5772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:41:22.0068 5772 viaide - ok

22:41:22.0114 5772 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

22:41:22.0126 5772 vmbus - ok

22:41:22.0151 5772 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

22:41:22.0152 5772 VMBusHID - ok

22:41:22.0201 5772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:41:22.0202 5772 volmgr - ok

22:41:22.0238 5772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:41:22.0242 5772 volmgrx - ok

22:41:22.0296 5772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:41:22.0303 5772 volsnap - ok

22:41:22.0349 5772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

22:41:22.0351 5772 vsmraid - ok

22:41:22.0435 5772 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

22:41:22.0441 5772 VSPerfDrv100 - ok

22:41:22.0523 5772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

22:41:22.0525 5772 vwifibus - ok

22:41:22.0551 5772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:41:22.0552 5772 vwififlt - ok

22:41:22.0579 5772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

22:41:22.0579 5772 WacomPen - ok

22:41:22.0659 5772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:41:22.0663 5772 WANARP - ok

22:41:22.0670 5772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:41:22.0671 5772 Wanarpv6 - ok

22:41:22.0708 5772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

22:41:22.0709 5772 Wd - ok

22:41:22.0729 5772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:41:22.0735 5772 Wdf01000 - ok

22:41:22.0827 5772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:41:22.0828 5772 WfpLwf - ok

22:41:22.0841 5772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:41:22.0843 5772 WIMMount - ok

22:41:22.0992 5772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:41:22.0993 5772 WmiAcpi - ok

22:41:23.0090 5772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:41:23.0091 5772 ws2ifsl - ok

22:41:23.0358 5772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:41:23.0367 5772 WudfPf - ok

22:41:23.0737 5772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:41:23.0740 5772 WUDFRd - ok

22:41:23.0827 5772 X6va005 - ok

22:41:23.0871 5772 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

22:41:23.0916 5772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

22:41:23.0916 5772 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

22:41:23.0929 5772 Boot (0x1200) (193dec06f97004a93c9c5c3bdc955b96) \Device\Harddisk0\DR0\Partition0

22:41:23.0931 5772 \Device\Harddisk0\DR0\Partition0 - ok

22:41:23.0983 5772 Boot (0x1200) (4498922d6e484a7ea65d8ac5cb92e9b9) \Device\Harddisk0\DR0\Partition1

22:41:23.0985 5772 \Device\Harddisk0\DR0\Partition1 - ok

22:41:23.0986 5772 ============================================================

22:41:23.0986 5772 Scan finished

22:41:23.0986 5772 ============================================================

22:41:24.0003 0148 Detected object count: 1

22:41:24.0003 0148 Actual detected object count: 1

22:42:34.0368 0148 \Device\Harddisk0\DR0\# - copied to quarantine

22:42:34.0368 0148 \Device\Harddisk0\DR0 - copied to quarantine

22:42:34.0415 0148 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

22:42:34.0417 0148 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

22:42:34.0422 0148 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

22:42:34.0435 0148 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

22:42:34.0443 0148 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

22:42:34.0443 0148 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

22:42:34.0444 0148 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

22:42:34.0445 0148 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

22:42:34.0447 0148 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

22:42:34.0450 0148 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

22:42:34.0451 0148 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

22:42:34.0498 0148 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

22:42:34.0537 0148 \Device\Harddisk0\DR0 - ok

22:42:34.0564 0148 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

22:42:40.0781 4132 Deinitialize success

[LDTate]

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[ShatteredFoX]

l don't appear to have any issues and I am able to use google with no issues.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ShatteredFoX :: FOX [administrator]

Protection: Enabled

3/13/2012 8:37:48 AM

mbam-log-2012-03-13 (08-37-48).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 395082

Time elapsed: 49 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[LDTate]

Good job

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
• Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
  •Free browser plug-in for Internet Explorer and Firefox
  •Real-time safety ratings
  •Ideal for Facebook, Twitter and LinkedIn
  
• JAVA Click this link and click on the Free JAVA Download
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
  
• Malware Execution Prevention
  

Save yourself the hassle and get protected.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.