TechSpot

\\.\PhysicalDrive0 Win7

Solved
By jdiaz1998
Nov 26, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    You need to state your computer issues.

    Then...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  2. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    What logs do I have to put?

    What logs do I have to put?
  3. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please, read the first sentence "in red" from my previous reply and then, re-read my instructions.
  4. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Logs

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5195

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/26/2010 9:50:57 PM
    mbam-log-2010-11-26 (21-50-57).txt

    Scan type: Quick scan
    Objects scanned: 156256
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 4
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowser Service (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85bc0cb7-e967-4e2c-be92-fedd0a5d0a31} (Adware.Tango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{85bc0cb7-e967-4e2c-be92-fedd0a5d0a31} (Adware.Tango) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6} (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences (Adware.QuestBrowser) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\Juan Felipe\Desktop\fff-ea208.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
    C:\Windows\System32\7b78.dll (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\Windows\System32\windpy32.rom (Trojan.Nebuler) -> Quarantined and deleted successfully.
    C:\Windows\System32\winplk32.rom (Trojan.Nebuler) -> Quarantined and deleted successfully.
    C:\Windows\System32\winvus32.rom (Trojan.Nebuler) -> Quarantined and deleted successfully.
    C:\Users\Juan Felipe\downloads\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome.manifest (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\install.rdf (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome\questbrowser.jar (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences\prefs.js (Adware.QuestBrowser) -> Quarantined and deleted successfully.
    C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk (Adware.Trace) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\7b78.dll (Adware.Tango) -> Quarantined and deleted successfully.
  5. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    ----------------gmer scan blank---------------------
  6. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    What is that about my post not being visible?
  7. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    DDS (Ver_10-11-26.01) - NTFS_AMD64
    Run by Juan Felipe at 22:06:41.12 on Fri 11/26/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2617 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Gaming Mouse\hid.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRFrame.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Juan Felipe\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    uSearch Bar = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Tango: {85bc0cb6-e967-4e2c-be92-fedd0a5d0a31} - C:\Windows\SysWow64\7b78.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [AdobeBridge]
    mRun: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
    mRun: [ATKOSD2] "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
    mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
    mRun: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
    mRun: [Gaming Mouse Hid] "C:\Program Files (x86)\Gaming Mouse\hid.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: alteriw.net
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: {EA19388F-6B87-4A96-B7A0-75F74B472515} = 200.13.249.101,200.13.224.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RunDLLEntry] "C:\Windows\system32\RunDLL32.exe" C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    mRun-x64: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
    mRun-x64: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
    mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
    mRun-x64: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 74.208.10.249 gs.apple.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\JUANFE~1\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\
    FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Juan Felipe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Juan Felipe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-22 55280]
    R1 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2009-12-4 93808]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/18 21:08:44];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-4-2 146928]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-12-22 359552]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-22 14904]
    R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-12-4 3505264]
    R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-22 60416]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-22 55808]
    R2 ssfmonm;ssfmonm;C:\Windows\System32\drivers\ssfmonm.sys [2010-9-26 55360]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-17 2002728]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-22 2314240]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe [2010-9-26 3872776]
    R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-8-26 3066528]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-22 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-25 151936]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-28 58368]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-26 155752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 136176]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-22 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-22 79360]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-18 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 GETPADD64;GETPADD64;C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.sys [2007-9-4 13880]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-11-27 02:39:48 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Malwarebytes
    2010-11-27 02:39:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-27 02:39:40 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-27 02:39:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-27 02:39:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-26 14:35:08 -------- d-----w- C:\Program Files\iPod
    2010-11-26 14:35:06 -------- d-----w- C:\Program Files\iTunes
    2010-11-26 14:35:06 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-26 14:27:22 -------- d-----w- C:\Users\Juan Felipe\.shsh
    2010-11-23 20:50:44 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-23 20:50:44 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-22 02:08:58 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-22 02:08:53 588096 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-20 18:15:16 36864 ----a-w- C:\Windows\SysWow64\SDDEVMGR.dll
    2010-11-18 02:29:00 -------- d-----w- C:\JD
    2010-11-18 02:28:00 -------- d-----w- C:\Program Files (x86)\JDownloader
    2010-11-18 02:09:08 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Free Download Manager
    2010-11-18 02:09:01 -------- d-----w- C:\PROGRA~3\FreeDownloadManager.ORG
    2010-11-18 02:09:00 -------- d-----w- C:\Program Files (x86)\Free Download Manager
    2010-11-14 20:16:31 -------- d-----w- C:\Users\JUANFE~1\AppData\Local\bizarre creations
    2010-11-08 22:49:11 -------- d-----w- C:\Program Files (x86)\Nero
    2010-11-08 22:49:03 -------- d-----w- C:\PROGRA~3\Nero
    2010-11-08 02:32:29 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Sports Interactive
    2010-11-08 02:02:41 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\r2 Studios
    2010-11-08 02:02:41 -------- d-----w- C:\PROGRA~3\r2 Studios
    2010-11-08 02:02:05 -------- d-----w- C:\Program Files (x86)\r2 Studios
    2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2010-11-04 21:46:27 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Megaupload
    2010-11-04 21:37:51 -------- d-----w- C:\Program Files (x86)\Megaupload
    2010-11-04 03:17:05 -------- d-----w- C:\Users\JUANFE~1\AppData\Local\ApplicationHistory
    2010-11-04 03:12:16 61440 ----a-r- C:\Users\JUANFE~1\AppData\Roaming\Microsoft\Installer\{6CC56991-D80B-42EB-B2AF-85D6F822D8EA}\NewShortcut2_6CC56991D80B42EBB2AF85D6F822D8EA_5.exe
    2010-11-04 03:12:14 61440 ----a-r- C:\Users\JUANFE~1\AppData\Roaming\Microsoft\Installer\{6CC56991-D80B-42EB-B2AF-85D6F822D8EA}\NewShortcut1_6CC56991D80B42EBB2AF85D6F822D8EA_5.exe
    2010-11-04 03:12:13 -------- d-----w- C:\Program Files (x86)\Bagatrix
    2010-11-04 02:00:58 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2010-11-03 23:38:47 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-11-03 23:38:47 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Adobe Mini Bridge CS5
    2010-11-01 14:22:13 -------- d-----w- C:\Users\JUANFE~1\AppData\Local\LucasArts
    2010-11-01 01:40:18 -------- d-----w- C:\Program Files\Bonjour
    2010-10-29 20:16:17 -------- d-----w- C:\Users\JUANFE~1\AppData\Roaming\Azureus
    2010-10-29 20:15:14 -------- d-----w- C:\Program Files (x86)\Vuze
    2010-10-29 19:53:04 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

    ==================== Find3M ====================

    2010-11-25 11:53:18 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2010-10-29 19:20:34 233960 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-10-29 18:53:21 233960 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-10-16 18:13:46 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
    2010-10-16 18:13:26 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
    2010-10-16 18:13:26 116328 ----a-w- C:\Windows\System32\nvmctray.dll
    2010-10-16 18:13:24 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-10-16 18:13:24 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2010-10-16 18:13:24 302184 ----a-w- C:\Windows\System32\nvhotkey.dll
    2010-10-16 18:13:24 1881704 ----a-w- C:\Windows\System32\nvsvcr.dll
    2010-10-06 21:48:00 2828 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
    2010-10-06 21:45:12 88 --sh--r- C:\PROGRA~3\BCAE6404D7.sys
    2010-10-01 23:01:26 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-09-28 20:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 20:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-09-23 05:36:48 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2010-09-23 05:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-07 20:09:02 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
    2010-09-07 20:08:55 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2010-09-07 20:08:54 1308776 ----a-w- C:\Windows\System32\nvgenco64.dll
    2010-09-04 03:14:23 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-30 22:15:18 3791352 ----a-w- C:\Windows\SysWow64\GameMon.des

    ============= FINISH: 22:07:39.39 ===============
  8. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-26.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/20/2010 6:40:33 AM
    System Uptime: 11/26/2010 9:52:23 PM (1 hours ago)

    Motherboard: PEGATRON CORPORATION | | G60JX
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | Socket 989 | 2267/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 446 GiB total, 30.331 GiB free.
    D: is Removable
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP159: 11/23/2010 4:21:37 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.1 MUI
    Adobe Shockwave Player 11.5
    Algebra Solved!
    Apple Application Support
    Apple Software Update
    Ares 2.1.5
    Assassin's Creed
    Assassin's Creed II
    ASUS AI Recovery
    ASUS AP Bank
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS_ScreenSaver_GSeries
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    Audacity 1.3.12 (Unicode)
    AviSynth 2.5
    Best Buy Software Installer
    calibre
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    CamStudio
    Canon Digital Camera USB WIA Driver
    CCleaner
    Clone Wars
    CloneDVD2
    Compatibility Pack for the 2007 Office system
    ControlDeck
    Creative MediaSource 5
    CyberLink PowerDVD 10
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    erLT
    Express Gate
    FileASSASSIN
    Football Manager 2010 Demo
    Fraps (remove only)
    Free Download Manager 3.0
    Game Booster
    Gaming Mouse
    Google Chrome
    Google Earth
    Google Earth Pro
    Google Update Helper
    ImgBurn
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Driver
    InterActual Player
    James Bond 007(TM) - Blood Stone
    Java Auto Updater
    Java(TM) 6 Update 22
    JDownloader
    Junk Mail filter update
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Mega Manager
    MemTurbo 4
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.10)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Pando Media Booster
    PDF Settings CS5
    PFPortChecker 1.0.36
    Portforward Static IP Address 1.0.44
    Prism Video File Converter
    PunkBuster Services
    QuickTime
    Rapid Tools 2.2.7.0
    REACTOR
    Realtek High Definition Audio Driver
    RICOH R5U230 Media Driver ver.2.05.02.02
    Roxio Burn
    Roxio Roxio Burn
    Roxio Update Manager
    Safari
    SDFormatter
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Ship Simulator Extremes Demo
    Skype Toolbars
    Skype™ 5.0
    Soldier Front
    Sound Blaster Audigy HD
    Speccy
    SPORE™
    Stanza
    Star Wars - Jedi Knight II: Jedi Outcast
    Star Wars Battlefront II
    Star Wars Battlefront II PC Server
    Star Wars Empire at War
    Star Wars Empire at War Forces of Corruption
    Star Wars: The Force Unleashed 2
    Startup Delayer v2.5 (build 138)
    Steam
    Switch Sound File Converter
    System Requirements Lab
    System Requirements Lab CYRI
    Tango
    TeamViewer 5
    The Sims 2 Family Fun Stuff
    The Sims 2 Glamour Life Stuff
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims 2 Seasons
    The Sims 2 University
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 Celebration! Stuff
    The Sims™ 2 Deluxe
    The Sims™ 2 FreeTime
    The Sims™ 2 H&M® Fashion Stuff
    The Sims™ 2 IKEA® Home Stuff
    The Sims™ 2 Kitchen & Bath Interior Design Stuff
    The Sims™ 2 Mansion and Garden Stuff
    The Sims™ 2 Teen Style Stuff
    The Sims™ 3
    The Sims™ 3 Ambitions
    Ubisoft Game Launcher
    Unity Web Player
    Videora iPod touch Converter 6
    VLC media player 1.0.3
    Vuze
    Webroot Software
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    Xfire (remove only)

    ==== Event Viewer Messages From Past Week ========

    11/26/2010 9:54:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/26/2010 9:52:39 PM, Error: volmgr [46] - Crash dump initialization failed!
    11/26/2010 9:34:12 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    11/26/2010 9:33:12 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/26/2010 9:32:44 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/26/2010 3:18:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    11/26/2010 3:18:14 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/26/2010 11:20:52 AM, Error: Service Control Manager [7000] - The NPPTNT2 service failed to start due to the following error: The system cannot find the file specified.
    11/26/2010 11:20:47 AM, Error: Application Popup [1060] - \??\C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/23/2010 8:13:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARCELA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EA19388F-6B87-4A96-B7A0-75F74B472515}. The master browser is stopping or an election is being forced.
    11/22/2010 5:23:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
    11/22/2010 5:23:06 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/19/2010 9:13:19 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    ==== End Of File ===========================
  9. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Did I do everything?
  10. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Why cant I post my Malware Bytes log?
     
  11. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Also, cannot access internet in infected computer.
  12. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Just happened?

    Since you're a new member, some of your logs have to be approved. That's why you didn't see them being posted. You should be fine now.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  13. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Internet fixed.
  14. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    2010/11/26 23:19:35.0995 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
    2010/11/26 23:19:35.0995 ================================================================================
    2010/11/26 23:19:35.0996 SystemInfo:
    2010/11/26 23:19:35.0996
    2010/11/26 23:19:35.0996 OS Version: 6.1.7600 ServicePack: 0.0
    2010/11/26 23:19:35.0996 Product type: Workstation
    2010/11/26 23:19:35.0996 ComputerName: GAMING1-PC
    2010/11/26 23:19:35.0997 UserName: Juan Felipe
    2010/11/26 23:19:35.0997 Windows directory: C:\Windows
    2010/11/26 23:19:35.0997 System windows directory: C:\Windows
    2010/11/26 23:19:35.0997 Running under WOW64
    2010/11/26 23:19:35.0997 Processor architecture: Intel x64
    2010/11/26 23:19:35.0997 Number of processors: 4
    2010/11/26 23:19:35.0997 Page size: 0x1000
    2010/11/26 23:19:35.0997 Boot type: Normal boot
    2010/11/26 23:19:35.0997 ================================================================================
    2010/11/26 23:19:35.0997 Utility is running under WOW64
    2010/11/26 23:19:38.0145 Initialize success
    2010/11/26 23:19:41.0906 ================================================================================
    2010/11/26 23:19:41.0906 Scan started
    2010/11/26 23:19:41.0906 Mode: Manual;
    2010/11/26 23:19:41.0906 ================================================================================
    2010/11/26 23:19:45.0811 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/11/26 23:19:45.0865 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/11/26 23:19:45.0919 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/11/26 23:19:46.0008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/11/26 23:19:46.0173 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/11/26 23:19:46.0260 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/11/26 23:19:46.0349 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/11/26 23:19:46.0429 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2010/11/26 23:19:46.0541 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2010/11/26 23:19:46.0607 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2010/11/26 23:19:46.0691 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/11/26 23:19:46.0810 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/11/26 23:19:46.0898 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/11/26 23:19:46.0992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/11/26 23:19:47.0053 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/11/26 23:19:47.0141 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/11/26 23:19:47.0252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2010/11/26 23:19:47.0315 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/11/26 23:19:47.0378 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
    2010/11/26 23:19:47.0487 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
    2010/11/26 23:19:47.0647 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/26 23:19:47.0695 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/11/26 23:19:47.0761 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
    2010/11/26 23:19:47.0912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2010/11/26 23:19:48.0009 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/11/26 23:19:48.0117 bckd (401bac15b0ee62a49df411b7d0eabf1f) C:\Windows\system32\drivers\bckd.sys
    2010/11/26 23:19:48.0171 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/11/26 23:19:48.0229 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/11/26 23:19:48.0299 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/26 23:19:48.0351 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/11/26 23:19:48.0414 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/11/26 23:19:48.0480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/11/26 23:19:48.0543 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/11/26 23:19:48.0659 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/11/26 23:19:48.0750 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/11/26 23:19:48.0830 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/11/26 23:19:48.0915 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/26 23:19:48.0989 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/26 23:19:49.0059 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2010/11/26 23:19:49.0136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/11/26 23:19:49.0206 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/26 23:19:49.0256 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/11/26 23:19:49.0310 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/11/26 23:19:49.0351 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/26 23:19:49.0403 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/11/26 23:19:49.0464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/11/26 23:19:49.0598 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
    2010/11/26 23:19:49.0651 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/26 23:19:49.0692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/11/26 23:19:49.0746 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/11/26 23:19:49.0825 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/26 23:19:49.0996 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/26 23:19:50.0255 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2010/11/26 23:19:50.0415 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/11/26 23:19:50.0501 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/11/26 23:19:50.0590 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2010/11/26 23:19:50.0796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/11/26 23:19:50.0846 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/11/26 23:19:50.0900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/26 23:19:50.0961 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/26 23:19:50.0993 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/11/26 23:19:51.0039 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/26 23:19:51.0131 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/26 23:19:51.0177 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/11/26 23:19:51.0260 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2010/11/26 23:19:51.0373 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/26 23:19:51.0484 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/11/26 23:19:51.0554 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/11/26 23:19:51.0640 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/26 23:19:51.0752 GETPADD64 (94279bd1723eb6c8dd452717331f652b) C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.SYS
    2010/11/26 23:19:51.0908 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    2010/11/26 23:19:51.0975 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/11/26 23:19:52.0066 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/26 23:19:52.0129 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/26 23:19:52.0174 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    2010/11/26 23:19:52.0226 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/11/26 23:19:52.0294 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/11/26 23:19:52.0357 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2010/11/26 23:19:52.0421 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/26 23:19:52.0486 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/11/26 23:19:52.0595 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/11/26 23:19:52.0687 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/11/26 23:19:52.0733 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/26 23:19:52.0805 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/26 23:19:52.0864 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/11/26 23:19:52.0936 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/11/26 23:19:53.0002 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
    2010/11/26 23:19:53.0108 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
    2010/11/26 23:19:53.0169 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/11/26 23:19:53.0247 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/26 23:19:53.0315 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/26 23:19:53.0391 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/11/26 23:19:53.0476 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/11/26 23:19:53.0597 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/11/26 23:19:53.0646 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/11/26 23:19:53.0738 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/26 23:19:53.0807 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/26 23:19:53.0858 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/26 23:19:53.0923 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
    2010/11/26 23:19:53.0959 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/26 23:19:54.0008 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/11/26 23:19:54.0049 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/11/26 23:19:54.0100 L1C (01c711667abedf8148998f3ac91991db) C:\Windows\system32\DRIVERS\L1C62x64.sys
    2010/11/26 23:19:54.0204 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2010/11/26 23:19:54.0254 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/26 23:19:54.0291 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2010/11/26 23:19:54.0357 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/11/26 23:19:54.0420 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/11/26 23:19:54.0476 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/11/26 23:19:54.0556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/11/26 23:19:54.0636 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/11/26 23:19:54.0690 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2010/11/26 23:19:54.0793 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2010/11/26 23:19:54.0857 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/11/26 23:19:54.0936 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/11/26 23:19:54.0991 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/26 23:19:55.0029 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/26 23:19:55.0089 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/26 23:19:55.0115 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/26 23:19:55.0165 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2010/11/26 23:19:55.0217 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/26 23:19:55.0271 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/26 23:19:55.0324 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/26 23:19:55.0364 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/26 23:19:55.0405 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/26 23:19:55.0443 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2010/11/26 23:19:55.0490 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/11/26 23:19:55.0558 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/11/26 23:19:55.0620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/11/26 23:19:55.0656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/11/26 23:19:55.0714 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/26 23:19:55.0822 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/26 23:19:55.0872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/26 23:19:55.0912 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/26 23:19:55.0946 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/26 23:19:55.0980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/26 23:19:56.0012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/11/26 23:19:56.0063 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
    2010/11/26 23:19:56.0093 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/11/26 23:19:56.0136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/26 23:19:56.0187 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2010/11/26 23:19:56.0251 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/11/26 23:19:56.0303 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/26 23:19:56.0334 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/26 23:19:56.0365 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/26 23:19:56.0402 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/26 23:19:56.0428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/26 23:19:56.0459 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/26 23:19:56.0554 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/11/26 23:19:56.0621 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/11/26 23:19:56.0738 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/26 23:19:56.0796 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/26 23:19:56.0864 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2010/11/26 23:19:56.0886 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/11/26 23:19:56.0952 NVHDA (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys
    2010/11/26 23:19:57.0238 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/11/26 23:19:57.0355 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/11/26 23:19:57.0395 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/11/26 23:19:57.0461 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/11/26 23:19:57.0510 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/11/26 23:19:57.0615 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2010/11/26 23:19:57.0674 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/11/26 23:19:57.0755 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2010/11/26 23:19:57.0781 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2010/11/26 23:19:57.0828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/11/26 23:19:57.0871 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/11/26 23:19:57.0944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/11/26 23:19:58.0095 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/26 23:19:58.0133 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2010/11/26 23:19:58.0188 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/26 23:19:58.0225 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2010/11/26 23:19:58.0319 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/11/26 23:19:58.0379 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/11/26 23:19:58.0429 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/26 23:19:58.0468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/26 23:19:58.0535 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/11/26 23:19:58.0574 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/26 23:19:58.0611 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/26 23:19:58.0665 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/26 23:19:58.0705 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/26 23:19:58.0751 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/11/26 23:19:58.0782 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/26 23:19:58.0827 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/26 23:19:58.0873 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/11/26 23:19:58.0909 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/26 23:19:58.0946 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/11/26 23:19:58.0994 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
    2010/11/26 23:19:59.0032 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
    2010/11/26 23:19:59.0085 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/26 23:19:59.0132 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/11/26 23:19:59.0161 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/11/26 23:19:59.0211 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/11/26 23:19:59.0255 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/11/26 23:19:59.0304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/11/26 23:19:59.0365 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/26 23:19:59.0398 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/11/26 23:19:59.0500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/11/26 23:19:59.0564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/11/26 23:19:59.0617 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/11/26 23:19:59.0676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/11/26 23:19:59.0745 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
    2010/11/26 23:19:59.0802 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/11/26 23:19:59.0859 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/11/26 23:19:59.0938 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
    2010/11/26 23:19:59.0977 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/26 23:20:00.0073 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2010/11/26 23:20:00.0116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/11/26 23:20:00.0210 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2010/11/26 23:20:00.0211 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2010/11/26 23:20:00.0217 sptd - detected Locked file (1)
    2010/11/26 23:20:00.0266 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/26 23:20:00.0314 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/26 23:20:00.0349 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/26 23:20:00.0421 ssfmonm (2c8842ac3fb749423311d934a3746fe2) C:\Windows\system32\DRIVERS\ssfmonm.sys
    2010/11/26 23:20:00.0450 ssidrv (4a69c76bba285745a45045c4672f89c7) C:\Windows\system32\DRIVERS\ssidrv.sys
    2010/11/26 23:20:00.0526 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/11/26 23:20:00.0588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/26 23:20:00.0646 SynTP (0faa1933fbcf916c301ff94acc623031) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/11/26 23:20:00.0736 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2010/11/26 23:20:00.0828 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/26 23:20:00.0874 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/26 23:20:00.0921 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/26 23:20:00.0980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/26 23:20:01.0035 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/26 23:20:01.0095 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/26 23:20:01.0173 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/26 23:20:01.0218 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/26 23:20:01.0262 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/11/26 23:20:01.0300 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/26 23:20:01.0364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/11/26 23:20:01.0414 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/26 23:20:01.0487 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2010/11/26 23:20:01.0610 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2010/11/26 23:20:01.0690 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2010/11/26 23:20:01.0758 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/26 23:20:01.0805 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/11/26 23:20:01.0842 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/26 23:20:01.0884 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/26 23:20:01.0923 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/11/26 23:20:02.0017 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/26 23:20:02.0142 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/11/26 23:20:02.0171 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/26 23:20:02.0204 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/26 23:20:02.0269 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    2010/11/26 23:20:02.0322 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/11/26 23:20:02.0378 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/26 23:20:02.0416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/11/26 23:20:02.0461 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/11/26 23:20:02.0492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2010/11/26 23:20:02.0530 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/11/26 23:20:02.0565 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/26 23:20:02.0598 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/11/26 23:20:02.0650 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/11/26 23:20:02.0701 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2010/11/26 23:20:02.0729 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2010/11/26 23:20:02.0756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/11/26 23:20:02.0790 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/26 23:20:02.0805 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/26 23:20:02.0878 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2010/11/26 23:20:02.0930 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/26 23:20:03.0028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/11/26 23:20:03.0077 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
    2010/11/26 23:20:03.0104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/11/26 23:20:03.0194 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2010/11/26 23:20:03.0258 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/26 23:20:03.0335 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/26 23:20:03.0391 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/11/26 23:20:03.0453 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/26 23:20:03.0535 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
    2010/11/26 23:20:03.0615 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/11/26 23:20:03.0619 ================================================================================
    2010/11/26 23:20:03.0619 Scan finished
    2010/11/26 23:20:03.0619 ================================================================================
    2010/11/26 23:20:03.0631 Detected object count: 2
    2010/11/26 23:20:17.0884 Locked file(sptd) - User select action: Skip
    2010/11/26 23:20:17.0917 \HardDisk0 - will be cured after reboot
    2010/11/26 23:20:17.0918 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/11/26 23:20:25.0901 Deinitialize success
  15. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    For the antivirus scan I have Webroot with Spysweeper. I "deleted" the virus, re-scanned and the virus is there again!
  16. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    We're far from being done...

    Does your Webroot have antivirus part?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
  17. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    It is called Webroot Antivirus with Spysweeper.
  18. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: G60JX
    Logical Drives Mask: 0x00000074

    Kernel Drivers (total 172):
    0x0340E000 \SystemRoot\system32\ntoskrnl.exe
    0x039EA000 \SystemRoot\system32\hal.dll
    0x00BA7000 \SystemRoot\system32\kdcom.dll
    0x00C2D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C71000 \SystemRoot\system32\PSHED.dll
    0x00C85000 \SystemRoot\system32\CLFS.SYS
    0x00CE3000 \SystemRoot\system32\CI.dll
    0x00E7D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F21000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01083000 \SystemRoot\System32\Drivers\spoh.sys
    0x011A9000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x011B2000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F30000 \SystemRoot\system32\DRIVERS\pci.sys
    0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F63000 \SystemRoot\system32\DRIVERS\ssidrv.sys
    0x011E1000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x011EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F89000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F9E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x011F6000 \SystemRoot\system32\drivers\pciide.sys
    0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01282000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0148A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01493000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x014BD000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x014C8000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x014D3000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0151F000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01533000 \SystemRoot\System32\Drivers\AsDsm.sys
    0x01540000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01655000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0154C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x0161A000 \SystemRoot\System32\drivers\pcw.sys
    0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x018AC000 \SystemRoot\system32\drivers\ndis.sys
    0x0199E000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
    0x0182B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x015AA000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01875000 \SystemRoot\System32\Drivers\spldr.sys
    0x0187D000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x00E2A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0189A000 \SystemRoot\System32\Drivers\mup.sys
    0x01635000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00DA3000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0163E000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01CBF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01CFD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01D27000 \SystemRoot\System32\Drivers\Null.SYS
    0x01D30000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01D37000 \SystemRoot\System32\drivers\vga.sys
    0x01D45000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01D6A000 \SystemRoot\System32\drivers\watchdog.sys
    0x01D7A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01D83000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01D8C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01D95000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01DA0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01DB1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01DCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01DDC000 \SystemRoot\system32\drivers\bckd.sys
    0x01C00000 \SystemRoot\system32\drivers\afd.sys
    0x03031000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03076000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0307F000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x030A5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x030BB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x030CA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x030E5000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x030F9000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0314A000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03156000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03161000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x0316C000 \SystemRoot\System32\drivers\discache.sys
    0x0317B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03199000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x031AA000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04C0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x057E7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x04266000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0435A000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x043A0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x043C4000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x043D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04469000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x045E6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04400000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x04420000 \SystemRoot\system32\DRIVERS\rimspe64.sys
    0x0466E000 \SystemRoot\system32\DRIVERS\rixdpe64.sys
    0x046C4000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x04702000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x04715000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x04733000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x0477F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04781000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04790000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x04798000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x047A7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x047B4000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04600000 \SystemRoot\System32\Drivers\az6urhlo.SYS
    0x04645000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0464A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04660000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x047DA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x047EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04439000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0445D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x031D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01C8A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x043E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04668000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05A3B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05A7E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05A90000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05AEA000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05AFF000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x05B28000 \SystemRoot\system32\drivers\portcls.sys
    0x05B65000 \SystemRoot\system32\drivers\drmk.sys
    0x05B87000 \SystemRoot\system32\drivers\ksthunk.sys
    0x06404000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05B8D000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05BAA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0681F000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x069D7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x069E8000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x00090000 \SystemRoot\System32\win32k.sys
    0x069F1000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06800000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0x06810000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05BC7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x065F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05BE0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x05BF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x05A22000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00590000 \SystemRoot\System32\TSDDD.dll
    0x00770000 \SystemRoot\System32\cdd.dll
    0x00860000 \SystemRoot\System32\ATMFD.DLL
    0x00DDD000 \SystemRoot\system32\drivers\luafv.sys
    0x04256000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
    0x00C00000 \SystemRoot\system32\drivers\WudfPf.sys
    0x057E9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03CB1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x03D04000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x03D17000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03D2F000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
    0x03D36000 \SystemRoot\system32\drivers\HTTP.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03C1E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03C36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03C63000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06C26000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06C49000 \SystemRoot\system32\drivers\peauth.sys
    0x06CEF000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06CFA000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06D27000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06D39000 \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
    0x06D64000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x092E1000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09377000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77240000 \Windows\System32\ntdll.dll
    0x48170000 \Windows\System32\smss.exe
    0xFF560000 \Windows\System32\apisetschema.dll

    Processes (total 96):
    0 System Idle Process
    4 System
    336 C:\Windows\System32\smss.exe
    516 csrss.exe
    580 C:\Windows\System32\wininit.exe
    600 csrss.exe
    648 C:\Windows\System32\services.exe
    672 C:\Windows\System32\winlogon.exe
    684 C:\Windows\System32\lsass.exe
    692 C:\Windows\System32\lsm.exe
    796 C:\Windows\System32\svchost.exe
    860 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    904 C:\Windows\System32\nvvsvc.exe
    948 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    592 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1520 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1532 C:\Windows\System32\nvvsvc.exe
    1648 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1668 C:\Windows\System32\FBAgent.exe
    1688 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    1716 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1860 C:\Windows\System32\spoolsv.exe
    1888 C:\Windows\System32\svchost.exe
    1996 C:\Windows\SysWOW64\svchost.exe
    2016 C:\Windows\System32\svchost.exe
    2040 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1932 C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2084 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2120 C:\Windows\System32\lxdncoms.exe
    2144 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    2444 C:\Windows\System32\taskhost.exe
    2544 C:\Windows\System32\dwm.exe
    2568 C:\Windows\explorer.exe
    2712 C:\Windows\System32\taskeng.exe
    2752 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2776 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    2784 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    2792 C:\Program Files\P4G\BatteryLife.exe
    2800 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    2808 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2864 C:\Windows\SysWOW64\ACEngSvr.exe
    2884 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    2928 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    2936 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    2944 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    2264 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2276 C:\Windows\System32\rundll32.exe
    2288 C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
    2308 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2500 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3184 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    3192 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    3204 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    3216 C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    3268 C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    3276 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    3292 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    3300 C:\Program Files (x86)\Gaming Mouse\hid.exe
    3348 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    3440 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3472 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3564 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    3612 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    3176 C:\Windows\SysWOW64\PnkBstrA.exe
    3096 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3820 C:\Windows\System32\taskeng.exe
    4000 C:\Program Files\Windows Sidebar\sidebar.exe
    3764 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    3804 C:\Windows\System32\svchost.exe
    3368 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    3996 C:\Windows\System32\svchost.exe
    3980 C:\Program Files (x86)\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe
    4540 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    4668 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    4332 C:\Windows\System32\svchost.exe
    4432 C:\Program Files\iPod\bin\iPodService.exe
    4988 C:\Windows\System32\svchost.exe
    5480 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5540 SSU.exe
    6012 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4532 C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
    3000 C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
    5032 C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
    344 C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
    4188 C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
    1868 C:\Windows\System32\audiodg.exe
    784 dllhost.exe
    1584 dllhost.exe
    6004 C:\Users\Juan Felipe\Desktop\MBRCheck.exe
    5188 C:\Windows\System32\conhost.exe
    5880 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)

    PhysicalDrive0 Model Number: ST9500420AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Go on..........
  20. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Sorry Broni I fell asleep doing the scan. Posting it in about 5 minutes.
  21. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    have to go , will post it in 3 h and a half.
  22. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    OK :)..............
  23. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Back, posting it now.
  24. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/27/2010 at 10:02 AM

    Application Version : 4.46.1000

    Core Rules Database Version : 5919
    Trace Rules Database Version: 3731

    Scan type : Complete Scan
    Total Scan Time : 01:50:04

    Memory items scanned : 364
    Memory threats detected : 0
    Registry items scanned : 14705
    Registry threats detected : 0
    File items scanned : 278748
    File threats detected : 2

    Trojan.Agent/Gen-TDSS
    C:\PROGRAM FILES (X86)\QUESTBROWSER\QUESTBROWSER.DLL

    Trojan.Agent/Gen-FakeAlert
    C:\USERS\JUAN FELIPE\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\SYSWOW64\WINDFH32.ROM
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.