Infected System Rootkit..

[Serascel]

Hello, yesterday while i had malware bytes turned off for a few minutes I got infected, dont know how or where.. Iven running scans with Malwarebytes PRO and trying to fix it, but they keep coming back..

Im Ataching the DDS files.

Thanks for Your Help.

DDS.txt

Attach.txt

[Elise]

Hello and

Your computer is indeed infected with a nasty rootkit. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Serascel]

Ill Try to fix this first, since I dont have time this week to be formating my computer :/

Combofix.txt attached

Thanks for the help.

ComboFix.txt

[Elise]

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

[Serascel]

TDSSKILLER

17:04:20.0984 6612 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

17:04:21.0208 6612 ============================================================

17:04:21.0208 6612 Current date / time: 2012/03/10 17:04:21.0208

17:04:21.0208 6612 SystemInfo:

17:04:21.0208 6612

17:04:21.0208 6612 OS Version: 6.1.7601 ServicePack: 1.0

17:04:21.0208 6612 Product type: Workstation

17:04:21.0208 6612 ComputerName: HAF-X

17:04:21.0208 6612 UserName: Javier

17:04:21.0208 6612 Windows directory: C:\Windows

17:04:21.0208 6612 System windows directory: C:\Windows

17:04:21.0208 6612 Running under WOW64

17:04:21.0208 6612 Processor architecture: Intel x64

17:04:21.0209 6612 Number of processors: 8

17:04:21.0209 6612 Page size: 0x1000

17:04:21.0209 6612 Boot type: Normal boot

17:04:21.0209 6612 ============================================================

17:04:21.0476 6612 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:04:21.0487 6612 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:04:21.0493 6612 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:04:27.0723 6612 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:04:31.0414 6612 Drive \Device\Harddisk4\DR4 - Size: 0x746F100000 (465.74 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:04:35.0250 6612 \Device\Harddisk0\DR0:

17:04:35.0250 6612 MBR used

17:04:35.0250 6612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:04:35.0250 6612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800

17:04:35.0250 6612 \Device\Harddisk1\DR1:

17:04:35.0251 6612 MBR used

17:04:35.0251 6612 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:04:35.0251 6612 \Device\Harddisk2\DR2:

17:04:35.0251 6612 MBR used

17:04:35.0251 6612 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000

17:04:35.0251 6612 \Device\Harddisk3\DR3:

17:04:35.0251 6612 MBR used

17:04:35.0251 6612 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830

17:04:35.0251 6612 \Device\Harddisk4\DR4:

17:04:35.0252 6612 MBR used

17:04:35.0252 6612 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A378000

17:04:35.0452 6612 Initialize success

17:04:35.0452 6612 ============================================================

17:04:47.0565 7540 ============================================================

17:04:47.0565 7540 Scan started

17:04:47.0565 7540 Mode: Manual;

17:04:47.0565 7540 ============================================================

17:04:48.0053 7540 1394hub - ok

17:04:48.0075 7540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

17:04:48.0078 7540 1394ohci - ok

17:04:48.0098 7540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:04:48.0103 7540 ACPI - ok

17:04:48.0119 7540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:04:48.0120 7540 AcpiPmi - ok

17:04:48.0147 7540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

17:04:48.0154 7540 adp94xx - ok

17:04:48.0176 7540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

17:04:48.0181 7540 adpahci - ok

17:04:48.0198 7540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

17:04:48.0202 7540 adpu320 - ok

17:04:48.0222 7540 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys

17:04:48.0226 7540 afcdp - ok

17:04:48.0249 7540 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:04:48.0256 7540 AFD - ok

17:04:48.0270 7540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:04:48.0272 7540 agp440 - ok

17:04:48.0285 7540 AiCharger (a41b855edc1f141851e27f984827942c) C:\Windows\system32\DRIVERS\AiCharger.sys

17:04:48.0286 7540 AiCharger - ok

17:04:48.0302 7540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:04:48.0303 7540 aliide - ok

17:04:48.0316 7540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:04:48.0317 7540 amdide - ok

17:04:48.0332 7540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

17:04:48.0333 7540 AmdK8 - ok

17:04:48.0348 7540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

17:04:48.0349 7540 AmdPPM - ok

17:04:48.0364 7540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:04:48.0367 7540 amdsata - ok

17:04:48.0383 7540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

17:04:48.0387 7540 amdsbs - ok

17:04:48.0401 7540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:04:48.0402 7540 amdxata - ok

17:04:48.0416 7540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:04:48.0418 7540 AppID - ok

17:04:48.0440 7540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

17:04:48.0443 7540 arc - ok

17:04:48.0458 7540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

17:04:48.0460 7540 arcsas - ok

17:04:48.0466 7540 AsIO - ok

17:04:48.0475 7540 AsUpIO - ok

17:04:48.0491 7540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:04:48.0492 7540 AsyncMac - ok

17:04:48.0506 7540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:04:48.0507 7540 atapi - ok

17:04:48.0534 7540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

17:04:48.0541 7540 b06bdrv - ok

17:04:48.0559 7540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:04:48.0563 7540 b57nd60a - ok

17:04:48.0583 7540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:04:48.0584 7540 Beep - ok

17:04:48.0601 7540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:04:48.0602 7540 blbdrive - ok

17:04:48.0619 7540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:04:48.0622 7540 bowser - ok

17:04:48.0636 7540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

17:04:48.0636 7540 BrFiltLo - ok

17:04:48.0651 7540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

17:04:48.0651 7540 BrFiltUp - ok

17:04:48.0668 7540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:04:48.0669 7540 BridgeMP - ok

17:04:48.0688 7540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:04:48.0692 7540 Brserid - ok

17:04:48.0706 7540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:04:48.0707 7540 BrSerWdm - ok

17:04:48.0721 7540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:04:48.0722 7540 BrUsbMdm - ok

17:04:48.0735 7540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:04:48.0736 7540 BrUsbSer - ok

17:04:48.0752 7540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

17:04:48.0754 7540 BTHMODEM - ok

17:04:48.0762 7540 catchme - ok

17:04:48.0778 7540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:04:48.0780 7540 cdfs - ok

17:04:48.0795 7540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:04:48.0798 7540 cdrom - ok

17:04:48.0814 7540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

17:04:48.0816 7540 circlass - ok

17:04:48.0833 7540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:04:48.0839 7540 CLFS - ok

17:04:48.0860 7540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

17:04:48.0861 7540 CmBatt - ok

17:04:48.0875 7540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:04:48.0876 7540 cmdide - ok

17:04:48.0896 7540 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:04:48.0902 7540 CNG - ok

17:04:48.0915 7540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

17:04:48.0916 7540 Compbatt - ok

17:04:48.0930 7540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:04:48.0932 7540 CompositeBus - ok

17:04:48.0948 7540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

17:04:48.0949 7540 crcdisk - ok

17:04:48.0976 7540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

17:04:48.0985 7540 CSC - ok

17:04:49.0007 7540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:04:49.0010 7540 DfsC - ok

17:04:49.0026 7540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:04:49.0027 7540 discache - ok

17:04:49.0041 7540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

17:04:49.0043 7540 Disk - ok

17:04:49.0058 7540 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

17:04:49.0060 7540 dmvsc - ok

17:04:49.0079 7540 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

17:04:49.0082 7540 Dot4 - ok

17:04:49.0096 7540 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:04:49.0097 7540 Dot4Print - ok

17:04:49.0111 7540 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

17:04:49.0113 7540 dot4usb - ok

17:04:49.0129 7540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:04:49.0129 7540 drmkaud - ok

17:04:49.0149 7540 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:04:49.0152 7540 dtsoftbus01 - ok

17:04:49.0181 7540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:04:49.0196 7540 DXGKrnl - ok

17:04:49.0215 7540 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys

17:04:49.0219 7540 e1cexpress - ok

17:04:49.0233 7540 EagleX64 - ok

17:04:49.0297 7540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

17:04:49.0338 7540 ebdrv - ok

17:04:49.0368 7540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

17:04:49.0376 7540 elxstor - ok

17:04:49.0390 7540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:04:49.0390 7540 ErrDev - ok

17:04:49.0413 7540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:04:49.0417 7540 exfat - ok

17:04:49.0434 7540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:04:49.0438 7540 fastfat - ok

17:04:49.0454 7540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

17:04:49.0455 7540 fdc - ok

17:04:49.0473 7540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:04:49.0475 7540 FileInfo - ok

17:04:49.0488 7540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:04:49.0489 7540 Filetrace - ok

17:04:49.0503 7540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

17:04:49.0504 7540 flpydisk - ok

17:04:49.0521 7540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:04:49.0525 7540 FltMgr - ok

17:04:49.0543 7540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:04:49.0545 7540 FsDepends - ok

17:04:49.0559 7540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:04:49.0560 7540 Fs_Rec - ok

17:04:49.0578 7540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:04:49.0582 7540 fvevol - ok

17:04:49.0596 7540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

17:04:49.0598 7540 gagp30kx - ok

17:04:49.0612 7540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:04:49.0613 7540 GEARAspiWDM - ok

17:04:49.0630 7540 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

17:04:49.0631 7540 hcmon - ok

17:04:49.0646 7540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:04:49.0647 7540 hcw85cir - ok

17:04:49.0665 7540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:04:49.0669 7540 HdAudAddService - ok

17:04:49.0685 7540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:04:49.0687 7540 HDAudBus - ok

17:04:49.0700 7540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

17:04:49.0701 7540 HidBatt - ok

17:04:49.0716 7540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

17:04:49.0718 7540 HidBth - ok

17:04:49.0731 7540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

17:04:49.0732 7540 HidIr - ok

17:04:49.0749 7540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:04:49.0751 7540 HidUsb - ok

17:04:49.0776 7540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:04:49.0778 7540 HpSAMD - ok

17:04:49.0802 7540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:04:49.0812 7540 HTTP - ok

17:04:49.0825 7540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:04:49.0826 7540 hwpolicy - ok

17:04:49.0842 7540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:04:49.0844 7540 i8042prt - ok

17:04:49.0863 7540 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

17:04:49.0866 7540 iaStor - ok

17:04:49.0889 7540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:04:49.0894 7540 iaStorV - ok

17:04:49.0908 7540 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys

17:04:49.0909 7540 ICCWDT - ok

17:04:49.0926 7540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

17:04:49.0928 7540 iirsp - ok

17:04:49.0982 7540 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys

17:04:50.0015 7540 IntcAzAudAddService - ok

17:04:50.0030 7540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:04:50.0031 7540 intelide - ok

17:04:50.0045 7540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:04:50.0046 7540 intelppm - ok

17:04:50.0065 7540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:04:50.0067 7540 IpFilterDriver - ok

17:04:50.0084 7540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:04:50.0086 7540 IPMIDRV - ok

17:04:50.0101 7540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:04:50.0103 7540 IPNAT - ok

17:04:50.0118 7540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:04:50.0119 7540 IRENUM - ok

17:04:50.0134 7540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:04:50.0135 7540 isapnp - ok

17:04:50.0161 7540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:04:50.0166 7540 iScsiPrt - ok

17:04:50.0189 7540 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys

17:04:50.0191 7540 JRAID - ok

17:04:50.0206 7540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:04:50.0207 7540 kbdclass - ok

17:04:50.0221 7540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

17:04:50.0223 7540 kbdhid - ok

17:04:50.0239 7540 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:04:50.0241 7540 KSecDD - ok

17:04:50.0256 7540 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:04:50.0258 7540 KSecPkg - ok

17:04:50.0272 7540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:04:50.0274 7540 ksthunk - ok

17:04:50.0295 7540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:04:50.0297 7540 lltdio - ok

17:04:50.0314 7540 lmimirr - ok

17:04:50.0334 7540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

17:04:50.0337 7540 LSI_FC - ok

17:04:50.0352 7540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

17:04:50.0354 7540 LSI_SAS - ok

17:04:50.0369 7540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

17:04:50.0371 7540 LSI_SAS2 - ok

17:04:50.0386 7540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

17:04:50.0389 7540 LSI_SCSI - ok

17:04:50.0404 7540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:04:50.0406 7540 luafv - ok

17:04:50.0421 7540 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:04:50.0422 7540 MBAMProtector - ok

17:04:50.0439 7540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

17:04:50.0441 7540 megasas - ok

17:04:50.0460 7540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

17:04:50.0465 7540 MegaSR - ok

17:04:50.0480 7540 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

17:04:50.0481 7540 MEIx64 - ok

17:04:50.0498 7540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:04:50.0499 7540 Modem - ok

17:04:50.0514 7540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:04:50.0515 7540 monitor - ok

17:04:50.0531 7540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:04:50.0533 7540 mouclass - ok

17:04:50.0547 7540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:04:50.0549 7540 mouhid - ok

17:04:50.0566 7540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:04:50.0569 7540 mountmgr - ok

17:04:50.0584 7540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:04:50.0587 7540 mpio - ok

17:04:50.0602 7540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:04:50.0604 7540 mpsdrv - ok

17:04:50.0620 7540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:04:50.0622 7540 MRxDAV - ok

17:04:50.0638 7540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:04:50.0641 7540 mrxsmb - ok

17:04:50.0658 7540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:04:50.0662 7540 mrxsmb10 - ok

17:04:50.0678 7540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:04:50.0681 7540 mrxsmb20 - ok

17:04:50.0696 7540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:04:50.0697 7540 msahci - ok

17:04:50.0714 7540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:04:50.0717 7540 msdsm - ok

17:04:50.0738 7540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:04:50.0739 7540 Msfs - ok

17:04:50.0753 7540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:04:50.0753 7540 mshidkmdf - ok

17:04:50.0757 7540 MSICDSetup - ok

17:04:50.0771 7540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:04:50.0772 7540 msisadrv - ok

17:04:50.0790 7540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:04:50.0791 7540 MSKSSRV - ok

17:04:50.0805 7540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:04:50.0805 7540 MSPCLOCK - ok

17:04:50.0820 7540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:04:50.0820 7540 MSPQM - ok

17:04:50.0841 7540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:04:50.0847 7540 MsRPC - ok

17:04:50.0864 7540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:04:50.0864 7540 mssmbios - ok

17:04:50.0883 7540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:04:50.0884 7540 MSTEE - ok

17:04:50.0899 7540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

17:04:50.0900 7540 MTConfig - ok

17:04:50.0915 7540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:04:50.0916 7540 Mup - ok

17:04:50.0934 7540 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys

17:04:50.0939 7540 mv91xx - ok

17:04:50.0959 7540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:04:50.0964 7540 NativeWifiP - ok

17:04:50.0968 7540 ncvet.dll - ok

17:04:50.0998 7540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:04:51.0011 7540 NDIS - ok

17:04:51.0025 7540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:04:51.0026 7540 NdisCap - ok

17:04:51.0039 7540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:04:51.0041 7540 NdisTapi - ok

17:04:51.0055 7540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:04:51.0056 7540 Ndisuio - ok

17:04:51.0072 7540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:04:51.0074 7540 NdisWan - ok

17:04:51.0088 7540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:04:51.0090 7540 NDProxy - ok

17:04:51.0105 7540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:04:51.0107 7540 NetBIOS - ok

17:04:51.0123 7540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:04:51.0127 7540 NetBT - ok

17:04:51.0155 7540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

17:04:51.0157 7540 nfrd960 - ok

17:04:51.0173 7540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:04:51.0174 7540 Npfs - ok

17:04:51.0187 7540 NPPTNT2 - ok

17:04:51.0205 7540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:04:51.0206 7540 nsiproxy - ok

17:04:51.0242 7540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:04:51.0261 7540 Ntfs - ok

17:04:51.0275 7540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:04:51.0276 7540 Null - ok

17:04:51.0291 7540 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys

17:04:51.0293 7540 nusb3hub - ok

17:04:51.0310 7540 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:04:51.0314 7540 nusb3xhc - ok

17:04:51.0330 7540 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

17:04:51.0333 7540 NVHDA - ok

17:04:51.0509 7540 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:04:51.0654 7540 nvlddmkm - ok

17:04:51.0673 7540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:04:51.0676 7540 nvraid - ok

17:04:51.0693 7540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:04:51.0695 7540 nvstor - ok

17:04:51.0715 7540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:04:51.0718 7540 nv_agp - ok

17:04:51.0733 7540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:04:51.0735 7540 ohci1394 - ok

17:04:51.0758 7540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

17:04:51.0760 7540 Parport - ok

17:04:51.0775 7540 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:04:51.0777 7540 partmgr - ok

17:04:51.0795 7540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:04:51.0798 7540 pci - ok

17:04:51.0815 7540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:04:51.0816 7540 pciide - ok

17:04:51.0833 7540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

17:04:51.0836 7540 pcmcia - ok

17:04:51.0851 7540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:04:51.0852 7540 pcw - ok

17:04:51.0877 7540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:04:51.0887 7540 PEAUTH - ok

17:04:51.0930 7540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:04:51.0932 7540 PptpMiniport - ok

17:04:51.0946 7540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

17:04:51.0948 7540 Processor - ok

17:04:51.0968 7540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:04:51.0971 7540 Psched - ok

17:04:52.0009 7540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

17:04:52.0031 7540 ql2300 - ok

17:04:52.0046 7540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

17:04:52.0048 7540 ql40xx - ok

17:04:52.0065 7540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:04:52.0067 7540 QWAVEdrv - ok

17:04:52.0080 7540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:04:52.0081 7540 RasAcd - ok

17:04:52.0095 7540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:04:52.0097 7540 RasAgileVpn - ok

17:04:52.0115 7540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:04:52.0118 7540 Rasl2tp - ok

17:04:52.0135 7540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:04:52.0137 7540 RasPppoe - ok

17:04:52.0152 7540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:04:52.0154 7540 RasSstp - ok

17:04:52.0173 7540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:04:52.0178 7540 rdbss - ok

17:04:52.0192 7540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:04:52.0193 7540 rdpbus - ok

17:04:52.0207 7540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:04:52.0208 7540 RDPCDD - ok

17:04:52.0227 7540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

17:04:52.0229 7540 RDPDR - ok

17:04:52.0245 7540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:04:52.0246 7540 RDPENCDD - ok

17:04:52.0263 7540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:04:52.0263 7540 RDPREFMP - ok

17:04:52.0280 7540 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

17:04:52.0281 7540 RdpVideoMiniport - ok

17:04:52.0298 7540 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:04:52.0302 7540 RDPWD - ok

17:04:52.0320 7540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:04:52.0325 7540 rdyboost - ok

17:04:52.0348 7540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:04:52.0350 7540 rspndr - ok

17:04:52.0369 7540 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:04:52.0372 7540 RTL8167 - ok

17:04:52.0389 7540 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys

17:04:52.0391 7540 RzSynapse - ok

17:04:52.0406 7540 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

17:04:52.0407 7540 s3cap - ok

17:04:52.0425 7540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:04:52.0427 7540 sbp2port - ok

17:04:52.0445 7540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:04:52.0446 7540 scfilter - ok

17:04:52.0467 7540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:04:52.0468 7540 secdrv - ok

17:04:52.0489 7540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:04:52.0490 7540 Serenum - ok

17:04:52.0505 7540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:04:52.0507 7540 Serial - ok

17:04:52.0520 7540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

17:04:52.0521 7540 sermouse - ok

17:04:52.0543 7540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:04:52.0543 7540 sffdisk - ok

17:04:52.0557 7540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:04:52.0558 7540 sffp_mmc - ok

17:04:52.0572 7540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:04:52.0573 7540 sffp_sd - ok

17:04:52.0587 7540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

17:04:52.0588 7540 sfloppy - ok

17:04:52.0606 7540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

17:04:52.0608 7540 SiSRaid2 - ok

17:04:52.0622 7540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

17:04:52.0624 7540 SiSRaid4 - ok

17:04:52.0639 7540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:04:52.0642 7540 Smb - ok

17:04:52.0663 7540 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys

17:04:52.0668 7540 snapman - ok

17:04:52.0684 7540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:04:52.0685 7540 spldr - ok

17:04:52.0715 7540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:04:52.0721 7540 srv - ok

17:04:52.0742 7540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:04:52.0748 7540 srv2 - ok

17:04:52.0765 7540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:04:52.0768 7540 srvnet - ok

17:04:52.0788 7540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

17:04:52.0790 7540 stexstor - ok

17:04:52.0805 7540 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

17:04:52.0807 7540 storflt - ok

17:04:52.0822 7540 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

17:04:52.0823 7540 storvsc - ok

17:04:52.0836 7540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:04:52.0837 7540 swenum - ok

17:04:52.0855 7540 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys

17:04:52.0858 7540 Synth3dVsc - ok

17:04:52.0876 7540 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys

17:04:52.0877 7540 tap0901 - ok

17:04:52.0892 7540 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys

17:04:52.0893 7540 tap0901t - ok

17:04:52.0935 7540 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:04:52.0957 7540 Tcpip - ok

17:04:52.0995 7540 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:04:53.0009 7540 TCPIP6 - ok

17:04:53.0025 7540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:04:53.0027 7540 tcpipreg - ok

17:04:53.0043 7540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:04:53.0044 7540 TDPIPE - ok

17:04:53.0074 7540 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys

17:04:53.0089 7540 tdrpman273 - ok

17:04:53.0104 7540 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:04:53.0105 7540 TDTCP - ok

17:04:53.0121 7540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:04:53.0125 7540 tdx - ok

17:04:53.0140 7540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

17:04:53.0141 7540 TermDD - ok

17:04:53.0155 7540 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

17:04:53.0157 7540 terminpt - ok

17:04:53.0189 7540 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys

17:04:53.0200 7540 timounter - ok

17:04:53.0220 7540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:04:53.0221 7540 tssecsrv - ok

17:04:53.0236 7540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:04:53.0238 7540 TsUsbFlt - ok

17:04:53.0252 7540 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

17:04:53.0253 7540 TsUsbGD - ok

17:04:53.0269 7540 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

17:04:53.0271 7540 tsusbhub - ok

17:04:53.0286 7540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:04:53.0289 7540 tunnel - ok

17:04:53.0305 7540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

17:04:53.0307 7540 uagp35 - ok

17:04:53.0326 7540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:04:53.0331 7540 udfs - ok

17:04:53.0352 7540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:04:53.0354 7540 uliagpkx - ok

17:04:53.0368 7540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:04:53.0369 7540 umbus - ok

17:04:53.0384 7540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

17:04:53.0385 7540 UmPass - ok

17:04:53.0404 7540 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

17:04:53.0405 7540 USBAAPL64 - ok

17:04:53.0420 7540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:04:53.0423 7540 usbccgp - ok

17:04:53.0439 7540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:04:53.0441 7540 usbcir - ok

17:04:53.0455 7540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

17:04:53.0456 7540 usbehci - ok

17:04:53.0474 7540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:04:53.0479 7540 usbhub - ok

17:04:53.0493 7540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:04:53.0494 7540 usbohci - ok

17:04:53.0508 7540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:04:53.0510 7540 usbprint - ok

17:04:53.0524 7540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:04:53.0526 7540 usbscan - ok

17:04:53.0541 7540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:04:53.0543 7540 USBSTOR - ok

17:04:53.0557 7540 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:04:53.0558 7540 usbuhci - ok

17:04:53.0580 7540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:04:53.0581 7540 vdrvroot - ok

17:04:53.0598 7540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:04:53.0599 7540 vga - ok

17:04:53.0614 7540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:04:53.0615 7540 VgaSave - ok

17:04:53.0629 7540 VGPU - ok

17:04:53.0647 7540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:04:53.0651 7540 vhdmp - ok

17:04:53.0665 7540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:04:53.0665 7540 viaide - ok

17:04:53.0682 7540 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

17:04:53.0685 7540 vmbus - ok

17:04:53.0699 7540 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

17:04:53.0700 7540 VMBusHID - ok

17:04:53.0716 7540 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

17:04:53.0718 7540 vmci - ok

17:04:53.0734 7540 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys

17:04:53.0735 7540 vmkbd - ok

17:04:53.0749 7540 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

17:04:53.0749 7540 VMnetAdapter - ok

17:04:53.0765 7540 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

17:04:53.0766 7540 VMnetBridge - ok

17:04:53.0782 7540 VMnetuserif (6b17d7fad2d61d5a2c2b6d3ea25bdca8) C:\Windows\system32\drivers\vmnetuserif.sys

17:04:53.0783 7540 VMnetuserif - ok

17:04:53.0803 7540 vmx86 (e2a591ecc4525eb0b05c65a9b24cf05e) C:\Windows\system32\drivers\vmx86.sys

17:04:53.0804 7540 vmx86 - ok

17:04:53.0819 7540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:04:53.0820 7540 volmgr - ok

17:04:53.0840 7540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:04:53.0845 7540 volmgrx - ok

17:04:53.0863 7540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:04:53.0868 7540 volsnap - ok

17:04:53.0885 7540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

17:04:53.0887 7540 vsmraid - ok

17:04:53.0892 7540 vstor2-mntapi10-shared - ok

17:04:53.0907 7540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:04:53.0908 7540 vwifibus - ok

17:04:53.0928 7540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

17:04:53.0929 7540 WacomPen - ok

17:04:53.0944 7540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:04:53.0946 7540 WANARP - ok

17:04:53.0949 7540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:04:53.0950 7540 Wanarpv6 - ok

17:04:53.0974 7540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

17:04:53.0975 7540 Wd - ok

17:04:53.0989 7540 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

17:04:53.0990 7540 WDC_SAM - ok

17:04:54.0014 7540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:04:54.0023 7540 Wdf01000 - ok

17:04:54.0049 7540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:04:54.0050 7540 WfpLwf - ok

17:04:54.0066 7540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:04:54.0067 7540 WIMMount - ok

17:04:54.0096 7540 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:04:54.0097 7540 WinUsb - ok

17:04:54.0116 7540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:04:54.0117 7540 WmiAcpi - ok

17:04:54.0141 7540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:04:54.0142 7540 ws2ifsl - ok

17:04:54.0167 7540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:04:54.0169 7540 WudfPf - ok

17:04:54.0187 7540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:04:54.0191 7540 WUDFRd - ok

17:04:54.0207 7540 X6va005 - ok

17:04:54.0223 7540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:04:54.0228 7540 \Device\Harddisk0\DR0 - ok

17:04:54.0231 7540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

17:04:54.0233 7540 \Device\Harddisk1\DR1 - ok

17:04:54.0235 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

17:04:54.0238 7540 \Device\Harddisk2\DR2 - ok

17:04:54.0241 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

17:04:54.0244 7540 \Device\Harddisk3\DR3 - ok

17:04:54.0247 7540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4

17:04:54.0250 7540 \Device\Harddisk4\DR4 - ok

17:04:54.0253 7540 Boot (0x1200) (5d3c312643056a6b1407ac402f39ef92) \Device\Harddisk0\DR0\Partition0

17:04:54.0254 7540 \Device\Harddisk0\DR0\Partition0 - ok

17:04:54.0257 7540 Boot (0x1200) (042760ae955170068bf29a0ecb1dddaf) \Device\Harddisk0\DR0\Partition1

17:04:54.0258 7540 \Device\Harddisk0\DR0\Partition1 - ok

17:04:54.0261 7540 Boot (0x1200) (5882cb11d7cb37824e616cd6270c82b2) \Device\Harddisk1\DR1\Partition0

17:04:54.0262 7540 \Device\Harddisk1\DR1\Partition0 - ok

17:04:54.0265 7540 Boot (0x1200) (ee04abfa7200323e001c23c9775bbf83) \Device\Harddisk2\DR2\Partition0

17:04:54.0267 7540 \Device\Harddisk2\DR2\Partition0 - ok

17:04:54.0270 7540 Boot (0x1200) (e560021e12c8a6f980587a78b2e1fb8d) \Device\Harddisk3\DR3\Partition0

17:04:54.0271 7540 \Device\Harddisk3\DR3\Partition0 - ok

17:04:54.0274 7540 Boot (0x1200) (402173f3703b3dc139b93f18bb235a1c) \Device\Harddisk4\DR4\Partition0

17:04:54.0276 7540 \Device\Harddisk4\DR4\Partition0 - ok

17:04:54.0277 7540 ============================================================

17:04:54.0277 7540 Scan finished

17:04:54.0277 7540 ============================================================

17:04:54.0285 5692 Detected object count: 0

17:04:54.0285 5692 Actual detected object count: 0

FARBAR

Farbar Service Scanner Version: 01-03-2012

Ran by Javier (administrator) on 10-03-2012 at 17:05:56

Running from "E:\Documents"

Microsoft Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Thanks.

[Elise]

Hi again, let me know how everything is running after the following fixes.

Please download: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

Double click on the downloaded file. It should only take a few seconds to run.

When complete, it will say .. "Done! Please check if BFE service is running now"

Next, please download this file: http://download.bleepingcomputer.com/win-services/7/MpsSvc.reg

Double click on it to merge it in the registry (click Yes/OK to confirm).

[Serascel]

Done, and done, everything seems to be running fine like before, nothings running slow or anything...

But the rootkit seems to be still there :/

[Elise]

What makes you think the rootkit is still there? What is detecting it?

[Serascel]

MalwareBytes Pro, both quickscan and full scan detecting the rootkit..

Malware Bytes Quick Scan log:

Protection: Enabled

10/03/2012 19:21:38

mbam-log-2012-03-10 (19-26-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216203

Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|17314 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

c:\users\javier\appdata\local\temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> No action taken.

(end)

[Elise]

These are components, but not active parts of the rootkit. Please delete both items, restart the computer and let me know if they still get detected afterwards.

[Serascel]

Deleted, restarted, but they still show on the scans...

Protection: Enabled

11/03/2012 0:00:34

mbam-log-2012-03-11 (00-02-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215756

Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|17314 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Javier\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.

(end)

[Elise]

How did you delete the objects (MBAM log s hows twice No Action Taken), did you have MBAM delete it?

How is the computer running besides this?

[Serascel]

Ive tryed MBAM deleting them after plenty of scans, but after computer restart and another quickscan, they keep showing....

seems to be running ok, maybe a little slugish..

Thanks.

[Elise]

Can you please rerun DDS and post me the new dds.txt log?

[Serascel]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Javier at 13:25:35 on 2012-03-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.4645 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

E:\Tribes\HiPatchService.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

E:\Tunngle\TnglCtrl.exe

C:\Windows\SysWOW64\UAService7.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe

E:\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe

E:\HP\HP Software Update\hpwuSchd2.exe

E:\Razer\Naga\RazerNagaSysTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

E:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

E:\HP\Digital Imaging\bin\hpqSTE08.exe

E:\HP\Digital Imaging\bin\hpqbam08.exe

E:\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

E:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [FileHippo.com] "E:\FileHippo.com\UpdateChecker.exe" /background

uRun: [Google Update] "C:\Users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mExplorerRun: [17314] C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat

StartupFolder: C:\Users\Javier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Descargar con Mipony - file://E:\MiPony\Browser\IEContext.htm

IE: Free YouTube to iPhone Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm

IE: Free YouTube to MP3 Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 87.216.1.65 87.216.1.66

TCP: Interfaces\{0EF470FC-2CA4-4648-8DEA-426EB57A57B4} : DhcpNameServer = 87.216.1.65 87.216.1.66

TCP: Interfaces\{593690F9-0E56-4C39-BAEA-38D547F2DC69} : DhcpNameServer = 7.254.254.254

TCP: Interfaces\{7748365C-5BD9-45C3-9CD2-56B9B7A2EABC} : DhcpNameServer = 95.141.192.4

TCP: Interfaces\{8AE21A37-27A6-4BB0-9A36-37C62A838C69} : DhcpNameServer = 87.216.1.65 87.216.1.66

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Javier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Javier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-7 3246040]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-6 586880]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-13 210024]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Tribes\HiPatchService.exe [2012-2-17 8704]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-6 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2255464]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

R2 TunngleService;TunngleService;E:\Tunngle\TnglCtrl.exe [2011-8-15 741224]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-10 08:56:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-10 08:56:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-10 08:55:13 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd

2012-03-10 08:54:06 -------- d-sh--w- C:\Users\Javier\AppData\Local\7d1143f4

2012-03-09 16:23:00 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D43C1CFF-7E4F-4AEA-B0CF-08F9E1E01421}\mpengine.dll

2012-03-08 21:02:06 -------- d-----w- C:\Users\Javier\AppData\Local\Red 5 Studios

2012-03-08 14:58:03 -------- d-----w- C:\Program Files\iPod

2012-03-08 14:58:01 -------- d-----w- C:\Program Files\iTunes

2012-03-08 14:58:01 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-08 14:55:31 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-08 13:25:53 -------- d-----w- C:\Users\Javier\AppData\Roaming\kodak

2012-03-06 15:20:11 -------- d-----w- C:\Users\Javier\vm

2012-03-05 12:53:19 -------- d-----w- C:\Users\Javier\AppData\Local\VMware

2012-03-05 12:49:11 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2012-03-05 12:48:48 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2012-03-05 12:48:47 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2012-03-05 12:48:47 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2012-03-05 12:48:46 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2012-03-05 12:48:44 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2012-03-05 12:48:44 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2012-03-05 12:48:27 -------- d-----w- C:\Users\Javier\messages

2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\VMware

2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2012-03-05 12:48:20 -------- d-----w- C:\Program Files\Common Files\VMware

2012-03-05 11:36:22 -------- d-----w- C:\Program Files\Business Objects

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\js

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\images

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\html

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\css

2012-03-05 11:35:32 -------- d-----w- C:\Program Files (x86)\Business Objects

2012-03-05 11:32:08 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2012-03-05 11:30:08 -------- d-----w- C:\Windows\SysWow64\3082

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\CE Remote Tools

2012-03-05 11:18:10 -------- d-----w- C:\Program Files\Microsoft Device Emulator

2012-03-05 11:18:10 -------- d-----w- C:\Program Files (x86)\Microsoft Device Emulator

2012-03-05 11:09:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-03-05 11:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft Web Designer Tools

2012-03-05 11:09:20 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.res.3082.dll

2012-03-05 11:09:20 562688 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.exe

2012-03-05 11:09:14 -------- d-----w- C:\Users\Javier\AppData\Local\Microsoft Help

2012-03-01 21:13:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2012-03-01 17:45:07 1710336 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\3082\ResourceCache.dll

2012-02-29 15:10:12 -------- d-----w- C:\Program Files\Microsoft SQL Server

2012-02-29 15:10:07 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-02-29 15:07:27 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2012-02-29 15:07:25 -------- d-----w- C:\Program Files\IIS

2012-02-29 15:07:25 -------- d-----w- C:\Program Files (x86)\IIS

2012-02-29 15:07:03 1632288 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-02-29 15:01:57 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2012-02-29 15:00:30 -------- d-----w- C:\Windows\PCHEALTH

2012-02-26 12:36:27 48167 ----a-w- C:\Windows\SysWow64\uninst.exe

2012-02-23 15:05:21 -------- d-----w- C:\Users\Javier\AppData\Roaming\FOG Downloader

2012-02-17 15:10:21 -------- d-----w- C:\Users\Javier\AppData\Local\Chromium

2012-02-17 14:16:36 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-02-16 20:38:09 -------- d-----w- C:\ProgramData\EA Logs

2012-02-16 02:00:32 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-15 06:39:15 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 06:39:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 06:39:15 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 06:39:15 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 06:39:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 06:39:15 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 06:39:14 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 06:39:14 634880 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-03-10 10:07:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-08 14:55:27 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-16 21:01:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-02-16 20:57:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

.

============= FINISH: 13:25:57,98 ===============

Thanks.

[Elise]

Can you run Combofix once more and post me the new log?

[Serascel]

Runned Combofix like 5 times now in a row, but no Combofix.txt being created, its not appearing at C:\ or anywhere else, tryed redownloading combofix, but same problem, Comobfix runs fine, but no .txt being created..

[Elise]

Does it finish completely or does it crash somewhere?

[Serascel]

Finishes Completely

[Elise]

In that case post a new dds.txt log so I can see if it did actually do something or if the runs had no result.

[Serascel]

Now its giving me an error, "Error opening file for writing: C:\32788R22FWJFW\License\iexplore.exe Click Abort to stop the installation, Retry to try again, or Ignore to skip this file.

[Serascel]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Javier at 15:01:17 on 2012-03-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.3303 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

E:\Tribes\HiPatchService.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

E:\Tunngle\TnglCtrl.exe

C:\Windows\SysWOW64\UAService7.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

E:\HP\Digital Imaging\bin\hpqtra08.exe

E:\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

E:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

E:\HP\Digital Imaging\bin\hpqSTE08.exe

E:\HP\Digital Imaging\bin\hpqbam08.exe

E:\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

E:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\WUDFHost.exe

E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [FileHippo.com] "E:\FileHippo.com\UpdateChecker.exe" /background

uRun: [Google Update] "C:\Users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Javier\AppData\Local\Akamai\netsession_win.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mExplorerRun: [17314] C:\PROGRA~3\LOCALS~1\Temp\mshovhl.bat

StartupFolder: C:\Users\Javier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Descargar con Mipony - file://E:\MiPony\Browser\IEContext.htm

IE: Free YouTube to iPhone Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm

IE: Free YouTube to MP3 Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 87.216.1.65 87.216.1.66

TCP: Interfaces\{0EF470FC-2CA4-4648-8DEA-426EB57A57B4} : DhcpNameServer = 87.216.1.65 87.216.1.66

TCP: Interfaces\{593690F9-0E56-4C39-BAEA-38D547F2DC69} : DhcpNameServer = 7.254.254.254

TCP: Interfaces\{7748365C-5BD9-45C3-9CD2-56B9B7A2EABC} : DhcpNameServer = 95.141.192.4

TCP: Interfaces\{8AE21A37-27A6-4BB0-9A36-37C62A838C69} : DhcpNameServer = 87.216.1.65 87.216.1.66

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Javier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Javier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-7 3246040]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-6 586880]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-13 210024]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Tribes\HiPatchService.exe [2012-2-17 8704]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-6 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2255464]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

R2 TunngleService;TunngleService;E:\Tunngle\TnglCtrl.exe [2011-8-15 741224]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-10 08:56:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-10 08:56:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-10 08:55:13 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd

2012-03-10 08:54:06 -------- d-sh--w- C:\Users\Javier\AppData\Local\7d1143f4

2012-03-09 16:23:00 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D43C1CFF-7E4F-4AEA-B0CF-08F9E1E01421}\mpengine.dll

2012-03-08 21:02:06 -------- d-----w- C:\Users\Javier\AppData\Local\Red 5 Studios

2012-03-08 14:58:03 -------- d-----w- C:\Program Files\iPod

2012-03-08 14:58:01 -------- d-----w- C:\Program Files\iTunes

2012-03-08 14:58:01 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-08 14:55:31 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-08 13:25:53 -------- d-----w- C:\Users\Javier\AppData\Roaming\kodak

2012-03-06 15:20:11 -------- d-----w- C:\Users\Javier\vm

2012-03-05 12:53:19 -------- d-----w- C:\Users\Javier\AppData\Local\VMware

2012-03-05 12:49:11 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2012-03-05 12:48:48 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2012-03-05 12:48:47 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2012-03-05 12:48:47 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2012-03-05 12:48:46 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2012-03-05 12:48:44 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2012-03-05 12:48:44 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2012-03-05 12:48:27 -------- d-----w- C:\Users\Javier\messages

2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\VMware

2012-03-05 12:48:27 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2012-03-05 12:48:20 -------- d-----w- C:\Program Files\Common Files\VMware

2012-03-05 11:36:22 -------- d-----w- C:\Program Files\Business Objects

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\js

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\images

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\html

2012-03-05 11:35:32 -------- d-----w- C:\Windows\SysWow64\css

2012-03-05 11:35:32 -------- d-----w- C:\Program Files (x86)\Business Objects

2012-03-05 11:32:08 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2012-03-05 11:30:08 -------- d-----w- C:\Windows\SysWow64\3082

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules

2012-03-05 11:29:37 -------- d-----w- C:\Program Files (x86)\CE Remote Tools

2012-03-05 11:18:10 -------- d-----w- C:\Program Files\Microsoft Device Emulator

2012-03-05 11:18:10 -------- d-----w- C:\Program Files (x86)\Microsoft Device Emulator

2012-03-05 11:09:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-03-05 11:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft Web Designer Tools

2012-03-05 11:09:20 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.res.3082.dll

2012-03-05 11:09:20 562688 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - ESN\install.exe

2012-03-05 11:09:14 -------- d-----w- C:\Users\Javier\AppData\Local\Microsoft Help

2012-03-01 21:13:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2012-03-01 17:45:07 1710336 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\3082\ResourceCache.dll

2012-02-29 15:10:12 -------- d-----w- C:\Program Files\Microsoft SQL Server

2012-02-29 15:10:07 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-02-29 15:09:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-02-29 15:09:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-02-29 15:07:27 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2012-02-29 15:07:25 -------- d-----w- C:\Program Files\IIS

2012-02-29 15:07:25 -------- d-----w- C:\Program Files (x86)\IIS

2012-02-29 15:07:03 1632288 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-02-29 15:01:57 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2012-02-29 15:00:30 -------- d-----w- C:\Windows\PCHEALTH

2012-02-26 12:36:27 48167 ----a-w- C:\Windows\SysWow64\uninst.exe

2012-02-23 15:05:21 -------- d-----w- C:\Users\Javier\AppData\Roaming\FOG Downloader

2012-02-17 15:10:21 -------- d-----w- C:\Users\Javier\AppData\Local\Chromium

2012-02-17 14:16:36 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-02-16 20:38:09 -------- d-----w- C:\ProgramData\EA Logs

2012-02-16 02:00:32 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-15 06:39:15 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 06:39:15 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 06:39:15 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 06:39:15 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 06:39:15 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 06:39:15 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 06:39:14 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 06:39:14 634880 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-03-10 10:07:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-08 14:55:27 660368 ----a-w- C:\Windows\System32\deployJava1.dll

2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-16 21:01:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-02-16 21:00:54 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-02-16 20:57:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

.

============= FINISH: 15:01:41,46 ===============

[Elise]

When running Combofix do you get any notificaiton about the ZeroAccess rootkit?

[Serascel]

Not that I can see, it just deletes then extracts, then while extracting it gives the iexplore.exe error.

[Elise]

Press Windows key + R, type combofix /nombr and press enter. Let me know if it finishes that way.